Project

General

Profile

Bug #4756

mkcephfs doesn't set up same keys as ceph-deploy

Added by Greg Farnum almost 7 years ago. Updated almost 7 years ago.

Status:
Resolved
Priority:
High
Assignee:
Category:
-
Target version:
% Done:

0%

Source:
Development
Tags:
Backport:
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Pull request ID:
Crash signature:

Description

Notably, "mon." doesn't get any permissions associated with it, which can also lead to the problems in #4752. Until we officially deprecate mkcephfs it needs to support all the stuff we package.

Associated revisions

Revision 12bc9a7a (diff)
Added by Sage Weil almost 7 years ago

mkcephfs: give mon. key 'allow *' mon caps

This will ease the transition from mkcephfs to ceph-deploy by allowing
ceph-create-keys to use the mon. keyring file in $mon_data and get the
caps it needs.

Fixes: #4756
Signed-off-by: Sage Weil <>

Revision fa9f17c5 (diff)
Added by John Wilkins almost 7 years ago

doc: Added transition from mkcephfs to ceph-deploy page.

fixes: #4756

Signed-off-by: John Wilkins <>

History

#1 Updated by Sage Weil almost 7 years ago

I'll update mkcephfs to do this to ease future users' transition to ceph-deploy.

For existing clusters, the transition path is probably to document adding the line manually? Or make ceph-create-keys add it?

#2 Updated by Greg Farnum almost 7 years ago

Well ceph-create-keys isn't able to add it because it needs those keys, right? ;)

I think a transition document is probably appropriate, or possibly a nicely packaged one-off script they can run.

#3 Updated by Sage Weil almost 7 years ago

wip-4756 tested out ok, commit:12bc9a7aa9cb2f47c952dee9abb210dc4eacf470

#4 Updated by Sage Weil almost 7 years ago

  • Status changed from New to 12
  • Assignee set to John Wilkins

The transition doc should be something like 'transitioning an existing cluster from mkcephfs to ceph-deploy', and the key step is to add the line

         caps mon = "allow *" 

to /var/lib/ceph/mon/ceph-$id/keyring

so that it looks something like

[mon.]
        key = AQBJIHhRuHCwDRAAZjBTSJcIBIoGpdOR9ToiyQ==
        caps mon = "allow *" 

also the mon and osd data directories need to be /var/lib/ceph/osd/ceph-$id and /var/lib/ceph/mon/ceph-$id with keyrings in the 'keyring' file in those dirs.

#5 Updated by John Wilkins almost 7 years ago

  • Status changed from 12 to In Progress

#6 Updated by John Wilkins almost 7 years ago

  • Status changed from In Progress to Resolved

Also available in: Atom PDF