Project

General

Profile

Bug #41390

mgr/crash: crash module requires admin keyring

Added by Abhishek Lekshmanan over 4 years ago. Updated over 4 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
-
Target version:
-
% Done:

0%

Source:
Tags:
Backport:
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Pull request ID:
Crash signature (v1):
Crash signature (v2):

Description

the crash module on nodes without admin keyring seems to fail posting the crash with `error failing to connect to cluster`
Overrideable keyring arguments as well as a specific keyring without the need for the full cluster admin access would be useful to have instead of deploying an admin keyring on all the nodes for ceph-crash to work

History

#1 Updated by Sebastian Wagner over 4 years ago

  • Assignee set to Dan Mick

Dan, this is just fyi.

#2 Updated by Dan Mick over 4 years ago

So, this isn't the crash mgr module, but the ceph-crash service, right? Agreed that it certainly assumes it has the ability to run ceph crash, and that may or may not be true for all nodes where it's installed.

#3 Updated by Abhishek Lekshmanan over 4 years ago

Dan Mick wrote:

So, this isn't the crash mgr module, but the ceph-crash service, right? Agreed that it certainly assumes it has the ability to run ceph crash, and that may or may not be true for all nodes where it's installed.

right, atm I'd say having an overrideable keyring argument so that default admin keys aren't used and passing that as an argument when starting the service should help set the ball rolling. If we agree for eg. that the name of service unit would be the name of ceph key to use, then just starting ceph-crash@crashkey for eg. with mgr read/write permissions only should be more contained than the need to expose admin keyring to every node to just run the service

#4 Updated by Sage Weil over 4 years ago

  • Status changed from New to Resolved
  • Pull request ID set to 30734

Also available in: Atom PDF