Project

General

Profile

Bug #24433

caps doesn't support mix of "profile rbd" and "allow rw"

Added by Fabien Brachere almost 6 years ago. Updated over 5 years ago.

Status:
Rejected
Priority:
Normal
Assignee:
-
Target version:
-
% Done:

0%

Source:
Tags:
caps
Backport:
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Pull request ID:
Crash signature (v1):
Crash signature (v2):

Description

I try to create an user who has capabilites to access to differents rbd pools and a cephfs pool.
I put the caps like this:

client.data
    key: AQxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx==
    caps: [mds] allow r,allow rw path=/
    caps: [mon] allow r,profile rbd
    caps: [mgr] allow r 
    caps: [osd] profile rbd pool=data-containers,profile rbd pool=data,allow rw tag cephfs data=cephfs_data

It didn't work, I lost access to the two pools (cephfs and rbd).
When I put:
client.data
    key: AQxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx==
    caps: [mon] profile rbd
    caps: [mgr] allow r 
    caps: [osd] profile rbd pool=data-containers,profile rbd pool=data

Access to the rbd pools is OK.
And with:
client.data
    key: AQxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx==
    caps: [mds] allow r,allow rw path=/
    caps: [mon] allow r
    caps: [mgr] allow r 
    caps: [osd] allow rw tag cephfs data=cephfs_data

Access to cephfs is OK.

I didn't see that you can't mix the caps in the documentation.
I'm missing something or it is a bug ?

History

#1 Updated by John Spray almost 6 years ago

The lists of caps are supposed to be additive, so it's a bug if this wasn't working.

#2 Updated by Jason Dillaman almost 6 years ago

Note that pool tag-based caps are not supported in Luminous (added in Mimic). I tested your caps under the master branch and didn't see any immediate issue.

#3 Updated by John Spray over 5 years ago

Fabien: please can you confirm which version you were testing with?

#4 Updated by Patrick Donnelly over 5 years ago

  • Project changed from Ceph to rbd
  • Category deleted (cephx)

#5 Updated by Jason Dillaman over 5 years ago

  • Status changed from New to Rejected

As noted a month ago, CephFS pool tag-based caps are not supported in Luminous. Please feel free to re-open if you have an issue w/ Mimic.

Also available in: Atom PDF