Project

General

Profile

Actions
Copy link

Feature #47264

closed

"fs authorize" subcommand should work for multiple FSs too

Added by Rishabh Dave over 3 years ago. Updated 5 months ago.

Status:
Resolved
Priority:
Normal
Assignee:
Rishabh Dave
Category:
-
Target version:
-
% Done:

0%

Source:
Development
Tags:
Backport:
Reviewed:
Affected Versions:
Component(FS):
Common/Protocol, MDSMonitor
Labels (FS):
Pull request ID:
41779

Description

Currently assigning caps for a second FS to an already existing client (which holds caps for a different FS already) using "ceph fs authorize" subcommand is not possible -

$ ./bin/ceph fs ls
name: a, metadata pool: cephfs.a.meta, data pools: [cephfs.a.data ]
name: cephfs2, metadata pool: cephfs2_meta, data pools: [cephfs2_data ]
$ ./bin/ceph fs authorize a client.someuser / rw
[client.someuser]
    key = AQAjeUNfcvezHhAAzFTLqmpzZRqgEV5bRReChw==
$ ./bin/ceph fs authorize cephfs2 client.someuser / rw
Error EINVAL: client.someuser already has fs capabilities that differ from those supplied. To generate a new auth key for client.someuser, first remove client.someuser from configuration files, execute 'ceph auth rm client.someuser', then execute this command again.
$

I think it would be very convenient for CephFS users to be able to assign caps for multiple FSs to already existing clients using this subcommand. Ticket #15070 (PR #32581) already adds the ability for a client to have caps for multiple FSs, we just need to modify behaviour for "fs authorize" subcommand to get this done.

Also, IMO, it would be nice to have the reverse of the behaviour proposed above: removing caps only for a certain FS for a client. We can add a new subcommand "fs deauthorize" the syntax of which would be same as that of "fs authorize".

Related issues 3 (2 open1 closed)

Related to CephFS - Feature #15070: mon: client: multifs: auth caps on client->mon connections to limit their access to MDSMaps by FSCIDResolvedRishabh Dave

Actions
Related to CephFS - Feature #56428: add command "fs deauthorize"NewRishabh Dave

Actions
Related to CephFS - Bug #64182: mds: "fs authorize" update MDS caps only if it is last one to be consideredFix Under ReviewRishabh Dave

Actions
Actions
Copy link
 #1

Updated by Rishabh Dave over 3 years ago

  • Related to Feature #15070: mon: client: multifs: auth caps on client->mon connections to limit their access to MDSMaps by FSCID added
Actions
Copy link
 #2

Updated by Patrick Donnelly over 3 years ago

  • Target version set to v16.0.0
  • Source set to Development
Actions
Copy link
 #3

Updated by Patrick Donnelly over 3 years ago

  • Target version changed from v16.0.0 to v17.0.0
Actions
Copy link
 #4

Updated by Rishabh Dave almost 3 years ago

  • Status changed from New to In Progress
Actions
Copy link
 #5

Updated by Rishabh Dave almost 3 years ago

  • Status changed from In Progress to Fix Under Review
  • Pull request ID set to 41779
Actions
Copy link
 #6

Updated by Rishabh Dave almost 2 years ago

Actions
Copy link
 #7

Updated by Patrick Donnelly almost 2 years ago

  • Target version deleted (v17.0.0)
Actions
Copy link
 #8

Updated by Rishabh Dave 7 months ago

  • Status changed from Fix Under Review to Resolved
Actions
Copy link
 #9

Updated by Rishabh Dave 5 months ago

Apparently, release note was added in wrong part of PendingReleaseNote (or it was added to right part but it was moved later). This PR moves it to right part - https://tracker.ceph.com/issues/47264.

Actions
Copy link
 #10

Updated by Venky Shankar 3 months ago

  • Related to Bug #64182: mds: "fs authorize" update MDS caps only if it is last one to be considered added
Actions
Copy link

Also available in: Atom PDF