Hello guys,
could someone help me with this? We've been long-time CEPH users... runing several
Mimic + Pacific CEPH clusters. Dozens of disk per cluster, typically.
BUT... now I have this brand new Quincy cluster and I'm not able to give CLIENT
(Quincy on Rocky 8) rw access to ONE IMAGE on Quincy cluster (cephadm / Rocky 9).
I'm using something what worked for us for ages:
rbd auth ls:
client.xxx
key: ...
caps: [mon] profile rbd
caps: [osd] allow rwx pool prod object_prefix rbd_data.600d1c6723ae; allow rwx
pool prod object_prefix rbd_header.600d1c6723ae; allow rx pool prod object_prefix
rbd_id.xxx-data
rbd info:
rbd image 'xxx-data':
size 2 TiB in 524288 objects
order 22 (4 MiB objects)
snapshot_count: 2
id: 600d1c6723ae
block_name_prefix: rbd_data.600d1c6723ae
format: 2
features: layering, exclusive-lock, object-map, fast-diff, deep-flatten
op_features:
flags:
rados ls:
rbd_data.600d1c6723ae.000000000003958d
rbd_header.600d1c6723ae
rbd_id.xxx-data
BUT... it DOES NOT WORK. When I try it to map on client it says:
2023-02-11T20:49:18.665+0100 7f3a337fe700 -1 librbd::image::GetMetadataRequest:
0x7f3a1c001f40 handle_metadata_list: failed to retrieve image metadata: (1) Operation not
permitted
2023-02-11T20:49:18.665+0100 7f3a337fe700 -1 librbd::image::RefreshRequest: failed to
retrieve pool metadata: (1) Operation not permitted
2023-02-11T20:49:18.665+0100 7f3a337fe700 -1 librbd::image::OpenRequest: failed to refresh
image: (1) Operation not permitted
2023-02-11T20:49:18.665+0100 7f3a337fe700 -1 librbd::ImageState: 0x555eff78cfc0 failed to
open image: (1) Operation not permitted
rbd: error opening image xxx-data: (1) Operation not permitted
The mapping and access DOES work when I put "osd allow *" into ceph auth.
What is the recommended syntax for Quincy?
btw: this use case should be mentioned in the manual I think...
Thanks!
Show replies by date
Hello,
looks like I've found it -- THE NAMESPACES :)
I love it. Thanks!
On 11/02/2023 21:37, hicks(a)cgi.cz wrote:
> Hello guys,
>
> could someone help me with this? We've been long-time CEPH users... runing
several Mimic + Pacific CEPH clusters. Dozens of disk per cluster, typically.
>
> BUT... now I have this brand new Quincy cluster and I'm not able to give CLIENT
(Quincy on Rocky 8) rw access to ONE IMAGE on Quincy cluster (cephadm / Rocky 9).
>
> I'm using something what worked for us for ages:
>
> rbd auth ls:
> client.xxx
> key: ...
> caps: [mon] profile rbd
> caps: [osd] allow rwx pool prod object_prefix rbd_data.600d1c6723ae; allow
rwx pool prod object_prefix rbd_header.600d1c6723ae; allow rx pool prod object_prefix
rbd_id.xxx-data
>
> rbd info:
> rbd image 'xxx-data':
> size 2 TiB in 524288 objects
> order 22 (4 MiB objects)
> snapshot_count: 2
> id: 600d1c6723ae
> block_name_prefix: rbd_data.600d1c6723ae
> format: 2
> features: layering, exclusive-lock, object-map, fast-diff, deep-flatten
> op_features:
> flags:
>
> rados ls:
> rbd_data.600d1c6723ae.000000000003958d
> rbd_header.600d1c6723ae
> rbd_id.xxx-data
>
> BUT... it DOES NOT WORK. When I try it to map on client it says:
>
> 2023-02-11T20:49:18.665+0100 7f3a337fe700 -1 librbd::image::GetMetadataRequest:
0x7f3a1c001f40 handle_metadata_list: failed to retrieve image metadata: (1) Operation not
permitted
> 2023-02-11T20:49:18.665+0100 7f3a337fe700 -1 librbd::image::RefreshRequest: failed to
retrieve pool metadata: (1) Operation not permitted
> 2023-02-11T20:49:18.665+0100 7f3a337fe700 -1 librbd::image::OpenRequest: failed to
refresh image: (1) Operation not permitted
> 2023-02-11T20:49:18.665+0100 7f3a337fe700 -1 librbd::ImageState: 0x555eff78cfc0
failed to open image: (1) Operation not permitted
> rbd: error opening image xxx-data: (1) Operation not permitted
>
> The mapping and access DOES work when I put "osd allow *" into ceph auth.
>
> What is the recommended syntax for Quincy?
>
> btw: this use case should be mentioned in the manual I think...
>
> Thanks!
> _______________________________________________
> ceph-users mailing list -- ceph-users(a)ceph.io
> To unsubscribe send an email to ceph-users-leave(a)ceph.io