I suppose the correct syntax is that anything after
"client." is the
name? So:
ceph fs authorize cephfs client.bob / r / rw
Would authorize a client named bob?
Yes, exactly:
admin:~ # ceph fs authorize cephfs client.bob / r / rw
[client.bob]
key = AQAyw3leAv9tKxAA+wtNEa40yK6svPE/VPlqdA==
admin:~ # mount -t ceph mon1:/ /mnt/ -o
name=bob,secret=AQAyw3leAv9tKxAA+wtNEa40yK6svPE/VPlqdA==
admin:~ # touch /mnt/file
Zitat von "Dungan, Scott A." <sdungan(a)caltech.edu>du>:
> That was it! I am not sure how I got confused with the client name
> syntax. When I issued the command to create a client key, I used:
>
> ceph fs authorize cephfs client.1 / r / rw
>
> I assumed from the syntax that my client name is "client.1"
>
I suppose the correct syntax is that anything after
"client." is the
name? So:
ceph fs authorize cephfs client.bob / r / rw
Would authorize a client named bob?
>
> -Scott
> ________________________________
> From: Eugen Block <eblock(a)nde.ag>
> Sent: Monday, March 23, 2020 11:30 AM
> To: Dungan, Scott A. <sdungan(a)caltech.edu>
> Cc: Yan, Zheng <ukernel(a)gmail.com>om>; ceph-users(a)ceph.io
<ceph-users(a)ceph.io>
> Subject: Re: [ceph-users] Re: Cephfs mount error 1 = Operation not permitted
>
> Wait, your client name is just "1"? In that case you need to specify
> that in your mount command:
>
> mount ... -o name=1,secret=...
>
> It has to match your ceph auth settings, where "client" is only a
> prefix and is followed by the client's name
>
> [client.1]
>
>
> Zitat von "Dungan, Scott A." <sdungan(a)caltech.edu>du>:
>
>> Tried that:
>>
>> [client.1]
>> key = *******************************
>> caps mds = "allow rw path=/"
>> caps mon = "allow r"
>> caps osd = "allow rw tag cephfs pool=meta_data, allow rw
pool=data"
>>
>> No change.
>>
>>
>> ________________________________
>> From: Yan, Zheng <ukernel(a)gmail.com>
>> Sent: Sunday, March 22, 2020 9:28 PM
>> To: Dungan, Scott A. <sdungan(a)caltech.edu>
>> Cc: Eugen Block <eblock(a)nde.ag>ag>; ceph-users(a)ceph.io
<ceph-users(a)ceph.io>
>> Subject: Re: [ceph-users] Re: Cephfs mount error 1 = Operation not permitted
>>
>> On Sun, Mar 22, 2020 at 8:21 AM Dungan, Scott A.
>> <sdungan(a)caltech.edu> wrote:
>>>
>>> Zitat, thanks for the tips.
>>>
>>> I tried appending the key directly in the mount command
>>> (secret=<CLIENT.1.SECRET>) and that produced the same error.
>>>
>>> I took a look at the thread you suggested and I ran the commands
>>> that Paul at Croit suggested even though I the ceph dashboard
>>> showed "cephs" as already set as the application on both my data
>>> and metadata pools:
>>>
>>> [root@ceph-n4 ~]# ceph osd pool application set data cephfs data cephfs
>>> set application 'cephfs' key 'data' to 'cephfs' on
pool 'data'
>>> [root@ceph-n4 ~]# ceph osd pool application set meta_data cephfs
>>> metadata cephfs
>>> set application 'cephfs' key 'metadata' to 'cephfs'
on pool 'meta_data'
>>>
>>> No change. I get the "mount error 1 = Operation not permitted"
>>> error the same as before.
>>>
>>> I also tried manually editing the caps osd pool tags for my
>>> client.1, to allow rw to both the data pool as well as the metadata
>>> pool, as suggested further in the thread:
>>>
>>> [client.1]
>>> key = ***********************************
>>> caps mds = "allow rw path=all"
>>
>>
>> try replacing this with "allow rw path=/"
>>
>>> caps mon = "allow r"
>>> caps osd = "allow rw tag cephfs pool=meta_data, allow rw
pool=data"
>>>
>>> No change.
>>>
>>> ________________________________
>>> From: Eugen Block <eblock(a)nde.ag>
>>> Sent: Saturday, March 21, 2020 1:16 PM
>>> To: ceph-users(a)ceph.io <ceph-users(a)ceph.io>
>>> Subject: [ceph-users] Re: Cephfs mount error 1 = Operation not permitted
>>>
>>> I just remembered there was a thread [1] about that a couple of weeks
>>> ago. Seems like you need to add the capabilities to the client.
>>>
>>> [1]
>>>
https://lists.ceph.io/hyperkitty/list/ceph-users@ceph.io/thread/23FDDSYBCDV…
>>>
>>>
>>> Zitat von Eugen Block <eblock(a)nde.ag>ag>:
>>>
>>> > Hi,
>>> >
>>> > have you tried to mount with the secret only instead of a secret file?
>>> >
>>> > mount -t ceph ceph-n4:6789:/ /ceph -o
name=client.1,secret=<SECRET>
>>> >
>>> > If that works your secret file is not right. If not you should check
>>> > if the client actually has access to the cephfs pools ('ceph auth
>>> > list').
>>> >
>>> >
>>> >
>>> > Zitat von "Dungan, Scott A." <sdungan(a)caltech.edu>du>:
>>> >
>>> >> I am still very new to ceph and I have just set up my first small
>>> >> test cluster. I have Cephfs enabled (named cephfs) and everything
>>> >> is good in the dashboard. I added an authorized user key for cephfs
>>> >> with:
>>> >>
>>> >> ceph fs authorize cephfs client.1 / r / rw
>>> >>
>>> >> I then copied the key to a file with:
>>> >>
>>> >> ceph auth get-key client.1 > /tmp/client.1.secret
>>> >>
>>> >> Copied the file over to the client and then attempt mount witth the
>>> >> kernel driver:
>>> >>
>>> >> mount -t ceph ceph-n4:6789:/ /ceph -o
>>> >> name=client.1,secretfile=/root/client.1.secret
>>> >> mount error 1 = Operation not permitted
>>> >>
>>> >> I looked in the logs on the mds (which is also the mgr and mon for
>>> >> the cluster) and I don't see any events logged for this. I also
>>> >> tried the mount command with verbose and I didn't get any
further
>>> >> detail. Any tips would be most appreciated.
>>> >>
>>> >> --
>>> >>
>>> >> Scott Dungan
>>> >> California Institute of Technology
>>> >> Office: (626) 395-3170
>>> >> sdungan@caltech.edu<mailto:sdungan@caltech.edu>
>>> >>
>>> >> _______________________________________________
>>> >> ceph-users mailing list -- ceph-users(a)ceph.io
>>> >> To unsubscribe send an email to ceph-users-leave(a)ceph.io
>>>
>>>
>>> _______________________________________________
>>> ceph-users mailing list -- ceph-users(a)ceph.io
>>> To unsubscribe send an email to ceph-users-leave(a)ceph.io
>>> _______________________________________________
>>> ceph-users mailing list -- ceph-users(a)ceph.io
>>> To unsubscribe send an email to ceph-users-leave(a)ceph.io