Bug #22836
closedceph-volume doesn't add OSD's auth to Monitors when creating new BlueStore OSD
0%
Description
When add new BlueStore OSD with ceph-volume command, the new OSD daemon fails to start with log
_get_class not permitted to load kvs
_get_class not permitted to load lua
_get_class not permitted to load sdk
...
log_to_monitors {default=true}
init authentication failed: (1) Operation not permitted
After checking the ceph-volume command log, it turns out that it doesn't contain "ceph auth add osd.{osd-num} osd 'allow *' mon 'allow rwx' -i /var/lib/ceph/osd/osd.id/keyring".
If we use "ceph auth add ..." manually, the new OSD daemon will start correctly.
Files
Updated by Alfredo Deza about 6 years ago
- Status changed from New to Need More Info
We can't replicate this issue when deploying OSDs. Do you have some configuration that requires these permissions? Without them, in our tests, the OSD starts up without problems.
You are right that ceph-volume will not add an 'allow rwx' to the keyring.
Updated by Andrew Schoen about 6 years ago
I believe this bug is because of the use of --osd-id. This PR fixes the issue where auth is not created for an OSD if --osd-id is used: https://github.com/ceph/ceph/pull/20203
Updated by Ken Dreyer about 6 years ago
- Status changed from Need More Info to Pending Backport
- Assignee set to Andrew Schoen
- Backport set to luminous
Updated by Ken Dreyer about 6 years ago
- Copied to Backport #22924: luminous: ceph-volume doesn't add OSD's auth to Monitors when creating new BlueStore OSD added
Updated by Andrew Schoen about 6 years ago
- Status changed from Pending Backport to Resolved