Actions
Bug #49724
closedfsid is not validated during accessing the shell through cli
% Done:
0%
Source:
Tags:
Backport:
pacific
Regression:
No
Severity:
3 - minor
Reviewed:
Description
[root@magna061 ubuntu]# cephadm bootstrap --mon-ip 10.8.128.61 --registry-json cephadm.txt Verifying podman|docker is present... Verifying lvm2 is present... Verifying time synchronization is in place... Unit chronyd.service is enabled and running Repeating the final host check... podman|docker (/bin/podman) is present systemctl is present lvcreate is present Unit chronyd.service is enabled and running Host looks OK Cluster fsid: a2b7f12c-6517-11eb-af48-002590fbd650 Verifying IP 10.8.128.61 port 3300 ... Verifying IP 10.8.128.61 port 6789 ... Mon IP 10.8.128.61 is in CIDR network 10.8.128.0/21 Pulling custom registry login info from cephadm.txt. Logging into custom registry. Pulling container image registry.redhat.io/rhceph-alpha/rhceph-5-rhel8:latest... Extracting ceph user uid/gid from container image... Creating initial keys... Creating initial monmap... Creating mon... Waiting for mon to start... Waiting for mon... mon is available Assimilating anything we can from ceph.conf... Generating new minimal ceph.conf... Restarting the monitor... Setting mon public_network... Creating mgr... Verifying port 9283 ... Wrote keyring to /etc/ceph/ceph.client.admin.keyring Wrote config to /etc/ceph/ceph.conf Waiting for mgr to start... Waiting for mgr... mgr not available, waiting (1/10)... mgr not available, waiting (2/10)... mgr not available, waiting (3/10)... mgr is available Enabling cephadm module... Waiting for the mgr to restart... Waiting for mgr epoch 5... mgr epoch 5 is available Setting orchestrator backend to cephadm... Generating ssh key... Wrote public SSH key to to /etc/ceph/ceph.pub Adding key to root@localhost's authorized_keys... Adding host magna061... Deploying mon service with default placement... Deploying mgr service with default placement... Deploying crash service with default placement... Enabling mgr prometheus module... Deploying prometheus service with default placement... Deploying grafana service with default placement... Deploying node-exporter service with default placement... Deploying alertmanager service with default placement... Enabling the dashboard module... Waiting for the mgr to restart... Waiting for mgr epoch 13... mgr epoch 13 is available Generating a dashboard self-signed certificate... Creating initial admin user... Fetching dashboard port number... Ceph Dashboard is now available at: URL: https://magna061:8443/ User: admin Password: 675dbkruhg You can access the Ceph CLI with: *sudo /sbin/cephadm shell --fsid a2b7f12c-6517-11eb-af48-002590fbd650 -c /etc/ceph/ceph.conf -k /etc/ceph/ceph.client.admin.keyring* Please consider enabling telemetry to help improve Ceph: ceph telemetry on For more information see: https://docs.ceph.com/docs/master/mgr/telemetry/ Bootstrap complete.
- This CLI was generated while bootstrapping sudo /sbin/cephadm shell --fsid a2b7f12c-6517-11eb-af48-002590fbd650 -c /etc/ceph/ceph.conf -k /etc/ceph/ceph.client.admin.keyring to access cephadm shell
- Tried providing the wrong fsid but was able to access cephadm shell without any error
eg: [root@magna061 ubuntu]# sudo /sbin/cephadm shell --fsid 123 -c /etc/ceph/ceph.conf -k /etc/ceph/ceph.client.admin.keyring Using recent ceph image registry.redhat.io/rhceph-alpha/rhceph-5-rhel8:latest [ceph: root@magna061 /]#
Updated by Daniel Pivonka about 3 years ago
- Status changed from New to Fix Under Review
- Pull request ID set to 40015
Updated by Sebastian Wagner about 3 years ago
- Related to Feature #48368: cephadm check-host should verify fsid of ceph.conf added
Updated by Sebastian Wagner about 3 years ago
- Status changed from Fix Under Review to Resolved
Actions