ceph-create-keys doesn't work on upgraded clusters
ceph-create-keys requires the "mon." key to have permission to do things to the monitors. Apparently older deployments leave mon. blank, while new ones give it these permissions.
Unfortunately, that means an upgrade from bobtail to cuttlefish leaves ceph-create-keys trying to run, and failing each time. I believe it loops attempting to succeed, which means unending spam to the monitor logs, as well as processes that never go away (which pile up if you restart your monitors, for instance).
I'm setting this to Urgent since we've seen several reports from early upgraders and I think it's going to hit everybody who does so.
#6 Updated by Anonymous almost 7 years ago
- Status changed from In Progress to Resolved
Further update from Dan indicated that EACCES was returned on authentication error after all. I tested the changes by stopping the monitor, setting the keyring cap filed to blank and restarting. Ceph-disk-create exited with error message.
Resolved with the following commit to next branch:
Author: Gary Lowell <email@example.com>
Date: Fri Apr 19 11:19:05 2013 -0700
ceph-create-keys: Don't wait if permission denied
If get or create keys returns permssion denied, exit
gracefully instead of retrying.
Signed-off-by: Gary Lowell <firstname.lastname@example.org>
Reviewed-by: Sage Weil <email@example.com>