[pve-devel] ceph-create-keys hang

Dietmar Maurer dietmar at proxmox.com
Mon Jun 13 07:43:16 CEST 2016


I reported a bug here:

http://tracker.ceph.com/issues/16255


> On June 13, 2016 at 7:23 AM Dietmar Maurer <dietmar at proxmox.com> wrote:
> 
> 
> Or maybe this ceph commit is simply a bug?
> 
> https://github.com/ceph/ceph/commit/c7e905e7e232a973abf7c6fa71a2ffbad7aa0ffd
> 
> I will ask on the ceph list
> 
> > On June 13, 2016 at 6:44 AM Dietmar Maurer <dietmar at proxmox.com> wrote:
> > 
> > 
> > Using ceph jewel, after creating the first monitor with 'pveceph createmon':
> > 
> > Jun 13 06:10:17 elsa ceph-create-keys[10083]: Error EINVAL: key for
> > client.admin
> > exists but cap mds does not match
> > Jun 13 06:10:17 elsa ceph-create-keys[10083]: INFO:ceph-create-keys:Cannot
> > get
> > or create admin key
> > Jun 13 06:10:18 elsa ceph-create-keys[10083]: INFO:ceph-create-keys:Talking
> > to
> > monitor...
> > 
> > # ceph auth list
> > installed auth entries:
> > 
> > client.admin
> > 	key: AQCpKVlXAyx3ABAA1XKLxOC0IapDe/5GTWsQdw==
> > 	auid: 0
> > 	caps: [mds] allow
> > 	caps: [mon] allow *
> > 	caps: [osd] allow *
> > 
> > 
> > 
> > The code in ceph-create-keys reveals:
> > 
> >                 returncode = subprocess.call(
> >                     args=[
> >                         'ceph',
> >                         '--cluster={cluster}'.format(cluster=cluster),
> >                         '--name=mon.',
> > 
> > 
> > 
> >                      '--keyring=/var/lib/ceph/mon/{cluster}-{mon_id}/keyring'.format(
> >                             cluster=cluster,
> >                             mon_id=mon_id,
> >                             ),
> >                         'auth',
> >                         'get-or-create',
> >                         'client.admin',
> >                         'mon', 'allow *',
> >                         'osd', 'allow *',
> >                         'mds', 'allow *',
> >                         ],
> >                     stdout=f,
> >                     )
> >  
> > 
> > So they use "mds 'allow *'" instead of "mds 'allow'".
> > 
> > I wonder how we can fix that for existing installations?
> > 
> > _______________________________________________
> > pve-devel mailing list
> > pve-devel at pve.proxmox.com
> > http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
> > 
> 
> _______________________________________________
> pve-devel mailing list
> pve-devel at pve.proxmox.com
> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
> 



More information about the pve-devel mailing list