[pve-devel] [PATCH V2 pve-manager 1/2] Set correct permission for ceph user.

Wolfgang Link w.link at proxmox.com
Tue Dec 20 07:55:46 CET 2016


We have to set the correct permission,
because ceph greater than infernalis use ceph as daemon user.
---
 PVE/API2/Ceph.pm | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/PVE/API2/Ceph.pm b/PVE/API2/Ceph.pm
index f6b9370..96ae9e2 100644
--- a/PVE/API2/Ceph.pm
+++ b/PVE/API2/Ceph.pm
@@ -843,6 +843,8 @@ __PACKAGE__->register_method ({
 
 	my $monaddrhash = {}; 
 
+	my $systemd_managed = PVE::CephTools::systemd_managed();
+
 	foreach my $section (keys %$cfg) {
 	    next if $section eq 'global';
 	    my $d = $cfg->{$section};
@@ -895,6 +897,8 @@ __PACKAGE__->register_method ({
 			    "--cap mds 'allow' " .
 			    "--cap osd 'allow *' " .
 			    "--cap mon 'allow *'");
+		run_command("cp $pve_mon_key_path.tmp /etc/ceph/ceph.client.admin.keyring") if $systemd_managed;
+		run_command("chown ceph:ceph /etc/ceph/ceph.client.admin.keyring") if $systemd_managed;
 		run_command("ceph-authtool $pve_mon_key_path.tmp --gen-key -n mon. --cap mon 'allow *'");
 		run_command("mv $pve_mon_key_path.tmp $pve_mon_key_path");
 	    }
@@ -909,6 +913,8 @@ __PACKAGE__->register_method ({
 	    eval {
 		mkdir $mondir;
 
+		run_command("chown ceph:ceph $mondir") if $systemd_managed;
+
 		if ($moncount > 0) {
 		    my $rados = PVE::RADOS->new(timeout => PVE::CephTools::get_config('long_rados_timeout'));
 		    my $mapdata = $rados->mon_command({ prefix => 'mon getmap', format => 'plain' });
@@ -918,6 +924,7 @@ __PACKAGE__->register_method ({
 		}
 
 		run_command("ceph-mon --mkfs -i $monid --monmap $monmap --keyring $pve_mon_key_path");
+		run_command("chown ceph:ceph -R $mondir") if $systemd_managed;
 	    };
 	    my $err = $@;
 	    unlink $monmap;
-- 
2.1.4





More information about the pve-devel mailing list