Bug #42381
cephfs: metadata pool cephx cap does not have permissions
% Done:
0%
Source:
Development
Tags:
Backport:
nautilus
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Component(FS):
Labels (FS):
Pull request ID:
Crash signature (v1):
Crash signature (v2):
Description
$ ceph auth get-or-create client.csi-cephfs-provisioner mon 'allow r' mgr 'allow rw' osd 'allow rw tag cephfs meta=*' >> keyring $ rados --name client.csi-cephfs-provisioner -p cephfs.a.meta ls rados_nobjects_list_next: Operation not permitted
Changing it to a normal MDS cap:
$ ceph auth get-or-create client.csi-cephfs-provisioner2 mon 'allow r' mgr 'allow rw' osd 'allow rw tag cephfs *=*' >> keyring $ rados --name client.csi-cephfs-provisioner2 -p cephfs.a.meta ls 601.00000000 602.00000000 600.00000000 603.00000000 1.00000000.inode 200.00000000 200.00000001 606.00000000 607.00000000 mds0_openfiles.0 608.00000000 604.00000000 500.00000000 mds_snaptable 605.00000000 mds0_inotable 100.00000000 mds0_sessionmap 609.00000000 400.00000000 100.00000000.inode 1.00000000
Found by Rook testing: https://github.com/rook/rook/pull/4086#issuecomment-543859860
History
#1 Updated by Patrick Donnelly over 4 years ago
- Status changed from New to Rejected
We had the syntax wrong:
pdonnell@senta02 ~/ceph/build$ bin/ceph auth get-or-create client.csi-cephfs-provisioner3 mon 'allow r' mgr 'allow rw' osd 'allow rw tag cephfs metadata=*' >> keyring pdonnell@senta02 ~/ceph/build$ bin/rados --name client.csi-cephfs-provisioner3 -p cephfs.a.meta ls 601.00000000 602.00000000 600.00000000 603.00000000 1.00000000.inode 200.00000000 200.00000001 606.00000000 607.00000000 mds0_openfiles.0 608.00000000 604.00000000 500.00000000 mds_snaptable 605.00000000 mds0_inotable 100.00000000 mds0_sessionmap 609.00000000 400.00000000 100.00000000.inode 1.00000000