Bug #2532
closedrbd command allows passing in -K </path/to/secret>, but long version of (--secret) does not work
0%
Description
While rolling back a snapshot I succeed when I pass in `-K with location of key file, but it looks like I fail when I attempt to use `--secret /path/to/secret` or `--secret=/path/to/secret`.
# rbd --name=client.admin -K ./secret.key --pool lab8_pool_a snap rollback --snap=lab8-001-20120607-001 lab8-001 Rolling back to snapshot: 100% complete...done. # rbd --name=client.admin --secret ./secret.key --pool lab8_pool_a snap rollback --snap=lab8-001-20120607-001 lab8-001 2012-06-08 05:37:54.073360 7ff75be00780 -1 auth: failed to open keyring from /etc/ceph/ceph.client.admin.keyring 2012-06-08 05:37:54.073382 7ff75be00780 -1 monclient(hunting): failed to open keyring: (2) No such file or directory 2012-06-08 05:37:54.073418 7ff75be00780 0 librados: client.admin initialization error (2) No such file or directory error: couldn't connect to the cluster! # rbd --name=client.admin --secret=./secret.key --pool lab8_pool_a snap rollback --snap=lab8-001-20120607-001 lab8-001 2012-06-08 05:38:01.521293 7fb9a85fa780 -1 auth: failed to open keyring from /etc/ceph/ceph.client.admin.keyring 2012-06-08 05:38:01.521326 7fb9a85fa780 -1 monclient(hunting): failed to open keyring: (2) No such file or directory 2012-06-08 05:38:01.521359 7fb9a85fa780 0 librados: client.admin initialization error (2) No such file or directory error: couldn't connect to the cluster!
It appears that the map operation is the other way around, where `--secret` does work, while the `-K` does not.
rbd --name=client.admin --pool lab8_pool_a --snap=lab8-001-20120607-001 -K ./secret.key map lab8-001; echo $? add failed: (22) Invalid argument 1 rbd --name=client.admin --pool lab8_pool_a --snap=lab8-001-20120607-001 --secret ./secret.key map lab8-001; echo $? 0 # rbd --name=client.admin --pool lab8_pool_a --snap=lab8-001-20120607-001 --secret=./secret.key map lab8-001; echo $? 0
Updated by Sage Weil almost 12 years ago
the option is --keyfile <file>... where did you see --secret <file> documented?
Updated by Sam Zaydel almost 12 years ago
This is part of the rbd cmd helper message. It seems that for the map command one uses --secret.
For the map command: --user <username> rados user to authenticate as --secret <path> file containing secret key for use with cephx
Updated by Sam Zaydel almost 12 years ago
When I try to use --keyfile=<file> with map, it seemingly fails, but using --secret=<file> succeeds.
# sudo rbd --id client.admin --pool lab8_pool_a --keyfile=./secret.key map lab8-001; echo $? add failed: (22) Invalid argument 1 # sudo rbd --id client.admin --pool lab8_pool_a --secret=./secret.key map lab8-001; echo $? 0
Updated by Sage Weil almost 12 years ago
Oh, i see.
I think the right fix is to make '--secret' and synonym for '--keyfile', and fix up rbd to use the config-parsed value. There are already users of --secret and (possibly) --keyfile both.
Updated by Sam Zaydel almost 12 years ago
That's probably best. It is always easier though when all subcommands under the main command, rbd in this case used one argument name. I think consistency between cli tools is also key, so perhaps that should drive whether or not one or both of these options are used as synonyms of each other.