[ceph-users] Re: Cephfs mount error 1 = Operation not permitted

Yes, exactly: admin:~ # ceph fs authorize cephfs client.bob / r / rw [client.bob] key = AQAyw3leAv9tKxAA+wtNEa40yK6svPE/VPlqdA== admin:~ # mount -t ceph mon1:/ /mnt/ -o name=bob,secret=AQAyw3leAv9tKxAA+wtNEa40yK6svPE/VPlqdA== admin:~ # touch /mnt/file Zitat von "Dungan, Scott A." &lt;sdungan(a)caltech.edu&gt;du>: > That was it! I am not sure how I got confused with the client name > syntax. When I issued the command to create a client key, I used: > > ceph fs authorize cephfs client.1 / r / rw > > I assumed from the syntax that my client name is "client.1" > > > -Scott > ________________________________ > From: Eugen Block &lt;eblock(a)nde.ag&gt; > Sent: Monday, March 23, 2020 11:30 AM > To: Dungan, Scott A. &lt;sdungan(a)caltech.edu&gt; > Cc: Yan, Zheng &lt;ukernel(a)gmail.com&gt;om>; ceph-users(a)ceph.io &lt;ceph-users(a)ceph.io&gt; > Subject: Re: [ceph-users] Re: Cephfs mount error 1 = Operation not permitted > > Wait, your client name is just "1"? In that case you need to specify > that in your mount command: > > mount ... -o name=1,secret=... > > It has to match your ceph auth settings, where "client" is only a > prefix and is followed by the client's name > > [client.1] > > > Zitat von "Dungan, Scott A." &lt;sdungan(a)caltech.edu&gt;du>: > >> Tried that: >> >> [client.1] >> key = ******************************* >> caps mds = "allow rw path=/" >> caps mon = "allow r" >> caps osd = "allow rw tag cephfs pool=meta_data, allow rw pool=data" >> >> No change. >> >> >> ________________________________ >> From: Yan, Zheng &lt;ukernel(a)gmail.com&gt; >> Sent: Sunday, March 22, 2020 9:28 PM >> To: Dungan, Scott A. &lt;sdungan(a)caltech.edu&gt; >> Cc: Eugen Block &lt;eblock(a)nde.ag&gt;ag>; ceph-users(a)ceph.io &lt;ceph-users(a)ceph.io&gt; >> Subject: Re: [ceph-users] Re: Cephfs mount error 1 = Operation not permitted >> >> On Sun, Mar 22, 2020 at 8:21 AM Dungan, Scott A. >> &lt;sdungan(a)caltech.edu&gt; wrote: >>> >>> Zitat, thanks for the tips. >>> >>> I tried appending the key directly in the mount command >>> (secret=<CLIENT.1.SECRET>) and that produced the same error. >>> >>> I took a look at the thread you suggested and I ran the commands >>> that Paul at Croit suggested even though I the ceph dashboard >>> showed "cephs" as already set as the application on both my data >>> and metadata pools: >>> >>> [root@ceph-n4 ~]# ceph osd pool application set data cephfs data cephfs >>> set application 'cephfs' key 'data' to 'cephfs' on pool 'data' >>> [root@ceph-n4 ~]# ceph osd pool application set meta_data cephfs >>> metadata cephfs >>> set application 'cephfs' key 'metadata' to 'cephfs' on pool 'meta_data' >>> >>> No change. I get the "mount error 1 = Operation not permitted" >>> error the same as before. >>> >>> I also tried manually editing the caps osd pool tags for my >>> client.1, to allow rw to both the data pool as well as the metadata >>> pool, as suggested further in the thread: >>> >>> [client.1] >>> key = *********************************** >>> caps mds = "allow rw path=all" >> >> >> try replacing this with "allow rw path=/" >> >>> caps mon = "allow r" >>> caps osd = "allow rw tag cephfs pool=meta_data, allow rw pool=data" >>> >>> No change. >>> >>> ________________________________ >>> From: Eugen Block &lt;eblock(a)nde.ag&gt; >>> Sent: Saturday, March 21, 2020 1:16 PM >>> To: ceph-users(a)ceph.io &lt;ceph-users(a)ceph.io&gt; >>> Subject: [ceph-users] Re: Cephfs mount error 1 = Operation not permitted >>> >>> I just remembered there was a thread [1] about that a couple of weeks >>> ago. Seems like you need to add the capabilities to the client. >>> >>> [1] >>> https://lists.ceph.io/hyperkitty/list/ceph-users@ceph.io/thread/23FDDSYBCDV… >>> >>> >>> Zitat von Eugen Block &lt;eblock(a)nde.ag&gt;ag>: >>> >>> > Hi, >>> > >>> > have you tried to mount with the secret only instead of a secret file? >>> > >>> > mount -t ceph ceph-n4:6789:/ /ceph -o name=client.1,secret=<SECRET> >>> > >>> > If that works your secret file is not right. If not you should check >>> > if the client actually has access to the cephfs pools ('ceph auth >>> > list'). >>> > >>> > >>> > >>> > Zitat von "Dungan, Scott A." &lt;sdungan(a)caltech.edu&gt;du>: >>> > >>> >> I am still very new to ceph and I have just set up my first small >>> >> test cluster. I have Cephfs enabled (named cephfs) and everything >>> >> is good in the dashboard. I added an authorized user key for cephfs >>> >> with: >>> >> >>> >> ceph fs authorize cephfs client.1 / r / rw >>> >> >>> >> I then copied the key to a file with: >>> >> >>> >> ceph auth get-key client.1 > /tmp/client.1.secret >>> >> >>> >> Copied the file over to the client and then attempt mount witth the >>> >> kernel driver: >>> >> >>> >> mount -t ceph ceph-n4:6789:/ /ceph -o >>> >> name=client.1,secretfile=/root/client.1.secret >>> >> mount error 1 = Operation not permitted >>> >> >>> >> I looked in the logs on the mds (which is also the mgr and mon for >>> >> the cluster) and I don't see any events logged for this. I also >>> >> tried the mount command with verbose and I didn't get any further >>> >> detail. Any tips would be most appreciated. >>> >> >>> >> -- >>> >> >>> >> Scott Dungan >>> >> California Institute of Technology >>> >> Office: (626) 395-3170 >>> >> sdungan@caltech.edu<mailto:sdungan@caltech.edu> >>> >> >>> >> _______________________________________________ >>> >> ceph-users mailing list -- ceph-users(a)ceph.io >>> >> To unsubscribe send an email to ceph-users-leave(a)ceph.io >>> >>> >>> _______________________________________________ >>> ceph-users mailing list -- ceph-users(a)ceph.io >>> To unsubscribe send an email to ceph-users-leave(a)ceph.io >>> _______________________________________________ >>> ceph-users mailing list -- ceph-users(a)ceph.io >>> To unsubscribe send an email to ceph-users-leave(a)ceph.io