On 01/30/2013 08:21 AM, Wido den Hollander wrote:
Hi,
Yesterday I ran into a weird situation where my libvirt RBD pool
just wouldn't work.
Turned out the credentials I was using only had rw permissions for OSDs
instead of rwx or *.
This caused rbd_open to fail, looking at librbd itself I understand why
execute permissions are required to do so (locks, watches).
It's actually not the watches, but the general metadata stored in the
header object (snapshots, locks, and for format 2 images everything
else).
What is however the best way to detect if you don't have the required
permissions?
rbd_open() should return -EPERM. From the cli, doing 'rbd info' will do
this and tell you. The one case where you need more permissions
(allow class-read object_prefix rbd_children) is when unprotecting a
snapshot, which will fail with -EPERM when it is attempted. That only
matters for format 2 images though.
This piece of code:
http://libvirt.org/git/?p=libvirt.git;a=blob;f=src/storage/storage_backend_rbd.c;h=8a0e517502c482f23f01bc63e95f1dc210d711cd;hb=master#l215
I simply check if the open fails, but just "failed to open the RBD
image" wasn't really that clear.
I'd like to give a more useful error instead of that, but what error
codes can I expect?
-EPERM for this case, others could be -EIO, -ENOSPC (since a watch is a
write), -ENOENT, -ENOSYS (trying to open an image that librbd or the
osds don't support), and possibly others I'm forgetting.
Josh
--
To unsubscribe from this list: send the line "unsubscribe ceph-devel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
