Ceph

Got some partial logs on this from another user (zendesk 254). The osd has secret ids 1001-1003, and the expirations are valid. It looks like the kernel client is just sending a malformed authorizer with a zeroed secred_id, and/or the mon is feeding it bad info inducing that behavior.

My best guess right now is that either this is a kclient bug with startup (we send an osd req before we have a valid ticket), but the log doesn't quite support htat theory..

or, the mon is sending bad tickets when the client goes to renew. 'debug auth = 30' and 'debug ms = 1' on the mon would help narrow that down.

I hit this on a test cluster a little while ago, but wasn't able to reproduce once I turned on logging and restarted the osd. It happened to an osd, so I suspect it's the monitor sending bad tickets.

Hi,

I got the same issue with a 6 node ceph cluster (giant 0.87.2) when booting servers via rbd from it.
The servers are Gentoo installations with a 3.18.11 Kernel and an initramfs created with dracut.

The server boots with an ip address set with kernel boot ip-option. Within the initramfs the root
partition is succesfully mapped with rbd map $rbd_name --pool $rbd_pool --id kvm.

The server then runs perfect for 2 hours before logging

May 29 09:46:56 al44 kernel: libceph: osd12 2.1.1.92:6813 socket error on read
May 29 09:46:56 al44 kernel: libceph: osd10 2.1.1.140:6800 socket error on read
May 29 09:46:56 al44 kernel: libceph: osd16 2.1.1.93:6812 socket error on read
May 29 09:47:40 al44 kernel: libceph: osd13 2.1.1.92:6809 socket error on read
May 29 09:47:40 al44 kernel: libceph: osd20 2.1.1.95:6813 socket error on read
May 29 09:47:40 al44 kernel: libceph: osd19 2.1.1.93:6800 socket error on read
May 29 09:47:40 al44 kernel: libceph: osd3 2.1.1.138:6804 socket error on read

The osd's are logging things like:

2015-05-29 09:57:56.999740 7fba74a22700 10 cephx: verify_authorizer decrypted service osd secret_id=7549
2015-05-29 09:57:56.999750 7fba74a22700 0 auth: could not find secret_id=7549
2015-05-29 09:57:56.999752 7fba74a22700 10 auth: dump_rotating:
2015-05-29 09:57:56.999754 7fba74a22700 10 auth: id 7550 AQAl/WdVMBqhABAATuA0Z15XyaIXPTXLl9KXRw== expires 2015-05-29 09:46:13.010551
2015-05-29 09:57:56.999766 7fba74a22700 10 auth: id 7551 AQA0C2hV0FwjHhAATnhAslYWR7gOVU8otRaVJw== expires 2015-05-29 10:46:13.010551
2015-05-29 09:57:56.999774 7fba74a22700 10 auth: id 7552 AQBHGWhViL7IDhAA+ecCsxXj3vSiek+5qx7b9A== expires 2015-05-29 11:46:15.248024
2015-05-29 09:57:56.999781 7fba74a22700 0 cephx: verify_authorizer could not get service secret for service osd secret_id=7549
2015-05-29 09:57:56.999784 7fba74a22700 0 -- 2.1.1.139:6805/8062 >> 2.1.1.252:0/3530212140 pipe(0x2f027440 sd=352 :6805 s=0 pgs=0 cs=0 l=1 c=0x22ed9080).accept: got bad authorizer
2015-05-29 09:57:56.999998 7fba74a22700 10 cephx: verify_authorizer decrypted service osd secret_id=7549
2015-05-29 09:57:57.000008 7fba74a22700 0 auth: could not find secret_id=7549

Looks like the ceph client request connection with an old invalid key.

This runs for an hour and then the server reconnects succesfully:

2015-05-29 11:53:18.256425 7fbaa4c46700 10 cephx: verify_authorizer decrypted service osd secret_id=7553
2015-05-29 11:53:18.256514 7fbaa4c46700 10 cephx: verify_authorizer global_id=1685042
2015-05-29 11:53:18.256578 7fbaa4c46700 10 cephx: verify_authorizer ok nonce 643c986966334873 reply_bl.length()=36
2015-05-29 11:53:18.256640 7fbaa4c46700 10 In get_auth_session_handler for protocol 2

This also happens independent from rbd disk based qemu-kvm (version 2.2.0) instances running on that server or not. When running VM's
these are further up, running and accessible while the server is in trouble.

The behavior is reproducable.

If you like I can provide download links for the full logs. The log level is more verbose only for a minute.

Regards

Steffen