Actions
Bug #48925
closedcephadm: iscsi missing mgr permissions
% Done:
0%
Source:
Development
Tags:
Backport:
octopus
Regression:
No
Severity:
3 - minor
Reviewed:
Description
Error after deploying iscsi daemons:
debug 2020-12-20T21:01:53.910+0000 7f76f932e700 0 log_channel(audit) log [INF] : from='client.104309 -' entity='client.iscsi.iscsi.maint-3.njwqhz' cmd=[{"prefix": "service status", "format": "json"}]: access denied
debug 2020-12-20T21:01:53.910+0000 7f76f932e700 -1 mgr.server reply reply (13) Permission denied access denied: does your client key have mgr caps? See http://docs.ceph.com/en/latest/mgr/administrator/#client-authentication
It is needed to change default permission to:
ceph auth caps <iscsi_daemon_client> mon 'profile rbd, allow command "osd blocklist", allow command "config-key get" with "key" prefix "iscsi/"' mgr 'allow *' osd 'allow rwx'
Updated by Juan Miguel Olmo Martínez over 3 years ago
- Status changed from New to Fix Under Review
- Pull request ID set to 38982
Updated by Sebastian Wagner about 3 years ago
- Status changed from Fix Under Review to Resolved
Updated by Sebastian Wagner about 3 years ago
- Related to Bug #48107: cephadm fails to deploy iscsi gateway when selinux is enabled added
Updated by Mykola Golub over 2 years ago
- Status changed from Resolved to Pending Backport
- Backport set to octopus
Updated by Mykola Golub over 2 years ago
octopus backport PR: https://github.com/ceph/ceph/pull/43822
Updated by Sebastian Wagner over 2 years ago
- Status changed from Pending Backport to Resolved
Updated by Yuri Weinstein over 2 years ago
Actions