Bug #3536
closedlibrados: client.glance authentication error (1) Operation not permitted
0%
Description
Hi all,
I want to integrate ceph and glance, and enable RBD as glance storage backend. Request commited by defaulf user 'admin' is OK, and I follow the blog [http://www.sebastien-han.fr/blog/2012/06/10/introducing-ceph-to-openstack/] to add new user 'glance' to commit request, it don't work(e.g # glance add ...). My ceph auth list is:mds.1
key: AQBzEK9QiDEwDBAAgFFrWVOWSde5E7mTL3xmmA==
caps: [mds] allow
caps: [mon] allow rwx
caps: [osd] allow *
osd.2
key: AQBxEK9QQGmqLhAASbjPqHvUBlptI5+NRWefhw==
caps: [mon] allow rwx
caps: [osd] allow *
osd.3
key: AQBzEK9QkGn5BxAAP6uIeuZs1kAOJDkYAPoCvw==
caps: [mon] allow rwx
caps: [osd] allow *
client.admin
key: AQBzEK9QMKNLDhAAKMV6iJI8BcDmuCjCQTzHRw==
caps: [mds] allow
caps: [mon] allow *
caps: [osd] allow *
client.glance
key: AQAwNbRQMF3wLBAAAMKQVZBwzM+uTpa239juPA==
caps: [mon] allow r
caps: [osd] allow rwx pool=images
BTW, My test pool named 'images'.
I then go to debug by calling rbd command '# rbd -n client.glance -p images ls', it report: 2012-11-27 13:51:32.911207 7fcc414a1780 1 -- :/0 messenger.start
2012-11-27 13:51:32.911984 7fcc414a1780 1 -- :/1016472 --> 10.239.80.150:6789/0 -- auth(proto 0 31 bytes epoch 0) v1 -- ?+0 0x2cdd990 con 0x2cdd630
2012-11-27 13:51:32.912259 7fcc4149d700 1 -- 10.239.80.150:0/1016472 learned my addr 10.239.80.150:0/1016472
2012-11-27 13:51:32.913187 7fcc3cab5700 1 -- 10.239.80.150:0/1016472 <== mon.0 10.239.80.150:6789/0 1 ==== mon_map v1 ==== 191+0+0 (4172960987 0 0) 0x7fcc30000ac0 con 0x2cdd630
2012-11-27 13:51:32.913366 7fcc3cab5700 1 -- 10.239.80.150:0/1016472 <== mon.0 10.239.80.150:6789/0 2 ==== auth_reply(proto 2 0 Success) v1 ==== 33+0+0 (2903922942 0 0) 0x7fcc30000f60 con 0x2cdd630
2012-11-27 13:51:32.913508 7fcc3cab5700 1 -- 10.239.80.150:0/1016472 --> 10.239.80.150:6789/0 -- auth(proto 2 32 bytes epoch 0) v1 -- ?+0 0x7fcc24000f80 con 0x2cdd630
2012-11-27 13:51:32.914205 7fcc3cab5700 1 -- 10.239.80.150:0/1016472 <== mon.0 10.239.80.150:6789/0 3 ==== auth_reply(proto 2 -1 Operation not permitted) v1 ==== 24+0+0 (977562268 0 0) 0x7fcc30000f60 con 0x2cdd630
2012-11-27 13:51:32.914350 7fcc414a1780 0 librados: client.glance authentication error (1) Operation not permitted
2012-11-27 13:51:32.914577 7fcc414a1780 1 -- 10.239.80.150:0/1016472 mark_down_all
error: couldn't connect to the cluster!
2012-11-27 13:51:32.914869 7fcc414a1780 1 -- 10.239.80.150:0/1016472 shutdown complete.
I also checked the mon's log, the error is just like below:cephx server client.glance: unexpected key: req.key=f4e0b6ab42d5d38f expected_key=7f2a426218e7788f
Attachement is my glance-api.conf.
If you anyone have met this issue or can give me some suggestion, I will feel grateful!
Files
Updated by ye yuan over 11 years ago
I found the solution to solve this issue:
Edit the ceoh.conf file and create a new tag [client.glance]:
[global]
auth supported = cephx
keyring = /etc/ceph/keyring.admin
[client.glance]
keyring = /etc/glance/rbd.keyring
......
Updated by Josh Durgin over 11 years ago
- Status changed from New to Resolved
- Source changed from Development to Community (user)