[pve-devel] [PATCH V2 pve-manager 1/2] Set correct permission for ceph user.
Wolfgang Link
w.link at proxmox.com
Tue Dec 20 07:55:46 CET 2016
We have to set the correct permission,
because ceph greater than infernalis use ceph as daemon user.
---
PVE/API2/Ceph.pm | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/PVE/API2/Ceph.pm b/PVE/API2/Ceph.pm
index f6b9370..96ae9e2 100644
--- a/PVE/API2/Ceph.pm
+++ b/PVE/API2/Ceph.pm
@@ -843,6 +843,8 @@ __PACKAGE__->register_method ({
my $monaddrhash = {};
+ my $systemd_managed = PVE::CephTools::systemd_managed();
+
foreach my $section (keys %$cfg) {
next if $section eq 'global';
my $d = $cfg->{$section};
@@ -895,6 +897,8 @@ __PACKAGE__->register_method ({
"--cap mds 'allow' " .
"--cap osd 'allow *' " .
"--cap mon 'allow *'");
+ run_command("cp $pve_mon_key_path.tmp /etc/ceph/ceph.client.admin.keyring") if $systemd_managed;
+ run_command("chown ceph:ceph /etc/ceph/ceph.client.admin.keyring") if $systemd_managed;
run_command("ceph-authtool $pve_mon_key_path.tmp --gen-key -n mon. --cap mon 'allow *'");
run_command("mv $pve_mon_key_path.tmp $pve_mon_key_path");
}
@@ -909,6 +913,8 @@ __PACKAGE__->register_method ({
eval {
mkdir $mondir;
+ run_command("chown ceph:ceph $mondir") if $systemd_managed;
+
if ($moncount > 0) {
my $rados = PVE::RADOS->new(timeout => PVE::CephTools::get_config('long_rados_timeout'));
my $mapdata = $rados->mon_command({ prefix => 'mon getmap', format => 'plain' });
@@ -918,6 +924,7 @@ __PACKAGE__->register_method ({
}
run_command("ceph-mon --mkfs -i $monid --monmap $monmap --keyring $pve_mon_key_path");
+ run_command("chown ceph:ceph -R $mondir") if $systemd_managed;
};
my $err = $@;
unlink $monmap;
--
2.1.4
More information about the pve-devel
mailing list