I have a Nautilus (14.2.8) cluster and I'd like to
give access to a pool with librados to a user.
Here what I have
# ceph osd pool ls detail | grep user1
pool 5 'user1' replicated size 3 min_size 2 crush_rule 0 object_hash rjenkins
pg_num 256 pgp_num 256 autoscale_mode warn last_change 108 flags hashpspool max_bytes
1099511627776 stripe_width 0 application user1
# ceph auth get client.user1
exported keyring for client.user1> client.user1
key: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX==
caps: [mon] allow r
caps: [osd] allow rw pool=user1 namespace=user1
On the client
$ cat ~/ceph.conf>> [global]
mon host =
[v2:10.90.36.16:3300,v1:10.90.36.16:6789],[v2:10.90.36.17:3300,v1:10.90.36.17:6789],[v2:10.90.36.18:3300,v1:10.90.36.18:6789]
keyring = ~/user1.keyring
$ cat ~/user1.keyring
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX==
$ rados -c ~/ceph.conf -p pool ls
2020-04-02 12:44:59.900 7fd78aea3700 -1 monclient(hunting): handle_auth_bad_method server
allowed_methods [2] but i only support [2,1]
2020-04-02 12:44:59.900 7fd789ea1700 -1 monclient(hunting): handle_auth_bad_method server
allowed_methods [2] but i only support [2,1]
2020-04-02 12:44:59.900 7fd78a6a2700 -1 monclient(hunting): handle_auth_bad_method server
allowed_methods [2] but i only support [2,1]
failed to fetch mon config (--no-mon-config to skip)
Is there something I missed?
I did more tests and even with those capabilities, it doesn't work.
[client.user1]
key = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX==
caps mds = "allow *"
caps mgr = "allow *"
caps mon = "allow *"
caps osd = "allow *"
But if I use client.admin user, it works.
[client.admin]
key = YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY==
caps mds = "allow *"
caps mgr = "allow *"
caps mon = "allow *"
caps osd = "allow *"
$ rados -c ~/ceph.conf -p pool ls
$
--
Yoann Moulin
EPFL IC-IT