[pve-devel] ceph-create-keys hang

Dietmar Maurer dietmar at proxmox.com
Mon Jun 13 07:23:09 CEST 2016


Or maybe this ceph commit is simply a bug?

https://github.com/ceph/ceph/commit/c7e905e7e232a973abf7c6fa71a2ffbad7aa0ffd

I will ask on the ceph list

> On June 13, 2016 at 6:44 AM Dietmar Maurer <dietmar at proxmox.com> wrote:
> 
> 
> Using ceph jewel, after creating the first monitor with 'pveceph createmon':
> 
> Jun 13 06:10:17 elsa ceph-create-keys[10083]: Error EINVAL: key for
> client.admin
> exists but cap mds does not match
> Jun 13 06:10:17 elsa ceph-create-keys[10083]: INFO:ceph-create-keys:Cannot get
> or create admin key
> Jun 13 06:10:18 elsa ceph-create-keys[10083]: INFO:ceph-create-keys:Talking to
> monitor...
> 
> # ceph auth list
> installed auth entries:
> 
> client.admin
> 	key: AQCpKVlXAyx3ABAA1XKLxOC0IapDe/5GTWsQdw==
> 	auid: 0
> 	caps: [mds] allow
> 	caps: [mon] allow *
> 	caps: [osd] allow *
> 
> 
> 
> The code in ceph-create-keys reveals:
> 
>                 returncode = subprocess.call(
>                     args=[
>                         'ceph',
>                         '--cluster={cluster}'.format(cluster=cluster),
>                         '--name=mon.',
> 
> 
>                       '--keyring=/var/lib/ceph/mon/{cluster}-{mon_id}/keyring'.format(
>                             cluster=cluster,
>                             mon_id=mon_id,
>                             ),
>                         'auth',
>                         'get-or-create',
>                         'client.admin',
>                         'mon', 'allow *',
>                         'osd', 'allow *',
>                         'mds', 'allow *',
>                         ],
>                     stdout=f,
>                     )
>  
> 
> So they use "mds 'allow *'" instead of "mds 'allow'".
> 
> I wonder how we can fix that for existing installations?
> 
> _______________________________________________
> pve-devel mailing list
> pve-devel at pve.proxmox.com
> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
> 




More information about the pve-devel mailing list