Ceph

Have updated to 16.2.5, the issue still remains.

There are recommendations of dealing with this warning in https://docs.ceph.com/en/latest/security/CVE-2021-20288/. Have you looked at this already? You can also reach out on the ceph-users mailing list for more recommendations.

Hi Neha

Thanks for the response.

Sadly it doesn't really give you any information about the clients and how to handle the issue. Currently when I turn it on I get the following error:

monclient(hunting): handle_auth_bad_method server allowed_methods [2] but i only support [2]

Could be that the client is not new enough. But I use the kernel module installed together with the installation of 16.2.5. I've also tried to run the command

ceph status

with the same error on the machine.

Independent of if I use the built from source arm module, windows ceph-dokan module or the installed debian module I get the same result.

Best regards
Daniel

Daniel Persson wrote:

Sadly it doesn't really give you any information about the clients and how to handle the issue.

Actually it does in https://docs.ceph.com/en/latest/security/CVE-2021-20288/#recommendations and quite certainly your client is not current enough.
Which version of Ubuntu are you using? Did you add https://download.ceph.com/ as apt repo to have Ceph 15 or 16 packages?

Please check which version of i.e. librados2 or since your are building the client yourself librados-dev you are using. Maybe doing ldd $PATH_TO_CLIENT or apt policy librados2 might help you on your Ubuntu box.

Hi Christian

Thank you for your response. The extra information to look for librados2 library helped me figure out my versions. And with the help of the command:

ceph health detail

I could get the IP of the failing clients. With that, I figured out that one of the clients had not gotten the correct packages from Debian's package store. I ran 12, which is a distro standard, but when updating to 16.2.5, it worked just fine.

Now the only client that won't connect is the windows client, which is ceph-dokan version 15.0.0, and I could understand that it would not work. A bit sad but not fatal. We are not running any windows clients in production yet because it's still in beta.

I think this issue could be changed to resolved and closed.

Best regards
Daniel

Daniel Persson wrote:

Now the only client that won't connect is the windows client, which is ceph-dokan version 15.0.0, and I could understand that it would not work. A bit sad but not fatal. We are not running any windows clients in production yet because it's still in beta.

I don't have any experience with ceph-dokan. Which build or installation source are you using? https://github.com/ceph/ceph-dokan seems archived and then there are
is https://github.com/dokan-dev/dokany as a fork and future project?

Hi again.

I've now solved my problem and also got the Windows client to work. The process was a bit complicated so I created a short video to hopefully help anyone else that has the same problem.

https://youtu.be/Ds4Wvvo79-M

I hope this helps, and again thank you for helping me.

Best regards
Daniel