On Tue, Mar 3, 2020 at 10:05 AM Rainer Krienke <krienke(a)uni-koblenz.de> wrote:
Hello,
I do not know how to restrict a client.user to a certain rbd pool where
this pool has a replicated metadata pool pool.rbd and an erasure coded
data pool named pool.ec . I am running ceph nautilus.
I tried this for a client.user:
# ceph auth caps client.user mon 'profile rbd' osd 'profile rbd
pool=pool.rbd'
# ceph auth get client.user > ./client.user
# rbd -n client.user -k ./client.user create pool.rbd/test --size=1G
--data-pool=pool.ec
2020-03-03 15:54:43.813 7f2817fff700 -1
librbd::image::ValidatePoolRequest: handle_read_rbd_info: failed to read
RBD info: (1) Operation not permitted
2020-03-03 15:54:43.813 7f2817fff700 -1 librbd::image::CreateRequest:
0x563421cf4730 handle_validate_data_pool: failed to validate pool: (1)
Operation not permitted
rbd: create error: (1) Operation not permitted
If I remove the "... pool=pool.rbd" -section in "ceph auth caps ..."
call from above everything works.
Any idea how I can get this setup to work?
You haven't given the user any access to "rbd.ec" so it's failing when
attempting to validate that data pool. You would need something like
the following:
osd "profile rbd pool=pool.rbd, profile rbd pool=pool.ec"
Thanks
Rainer
--
Rainer Krienke, Uni Koblenz, Rechenzentrum, A22, Universitaetsstrasse 1
56070 Koblenz, Tel: +49261287 1312 Fax +49261287 100 1312
Web:
http://userpages.uni-koblenz.de/~krienke
PGP:
http://userpages.uni-koblenz.de/~krienke/mypgp.html
_______________________________________________
ceph-users mailing list -- ceph-users(a)ceph.io
To unsubscribe send an email to ceph-users-leave(a)ceph.io
--
Jason