On Fri, Jan 24, 2020 at 1:43 PM Frank Schilder <[email protected]> wrote:
>
> Dear Ilya,
>
> I had exactly the same problem with authentication of cephfs clients on a
> mimic-13.2.2 cluster. The key created with "ceph fs authorize ..." did not
> grant access to the data pool. I ended up adding "rw" access to this pool by
> hand.
>
> Following up on your remark about pool tags, could you please point me to any
> documentation about how this tagging is used and what key-value pair you are
> referring to? It sounds like this is the new way to go, but I cannot find
> anything useful about it in here:
>
> https://docs.ceph.com/docs/mimic/cephfs/client-auth/
Hi Frank,
This is the correct page, but this key-value pair is more or less an
internal implementation detail. "ceph fs authorize" is all the users
should know about, but there seems to be a bug lurking there.
In general, for a cap that looks like
allow <r/w/x> tag <tag name> <key>=<value>
the OSD will allow <r/w/x> access to the pool iff a) the pool is tagged
with <tag name> and b) the tag metadata has that <key>: <value> pair in
it. In the cephfs case, the key is "data" for data pool and "metadata"
for metadata pools, the value is the name of the filesystem.
Thanks,
Ilya
_______________________________________________
ceph-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
