Hi, We've been running squid 19.2.3 on Ubuntu 24.04.3 LTS We encountered some issues where the Ceph dashboard was unable to get SMART data from OSDs under the Device Health tab.
At first we were getting -22 errors from that tab suggesting that smartctl was under version 7. That wasn't the case at all. System logging determined that there was an apparmor profile called unix-chkpwd which was producing errors as ceph tried to authenticate into the pod to run smartctl. We had to disable that profile in order to get that to work. We had to set the profile to complain mode using aa-complain (and even then Ubuntu had some bugs getting that command to work) Our OSD node has a HPE smart array card on it which ensures the kernel sees all drives on it as scsi devices, whether in HBA or RAID mode. From within the OSD pod, it seems that smartctl isn't able to autodetect the type of drives it is trying to access, possibly because attributed from udev and getting blocked somehow. We needed the "-d scsi" command to work, but the ceph code doesn't allow any customisation or flexibility in how smartctl is called. In the end I had to write a wrapper script to inject the -d scsi command around smartctl in order to get it to work within the confines of the OSD pod. Then the wrapper had to be distributed across every OSD pod. It's a real messy hack. So a couple of things: How can we control how the OSD pods supposed to present allowing smartctl to work but without compromising on security? Is this just an ubuntu apparmor thing that ubuntu should deal with? I can see that there is a separate apparmor profile applied to pods. I'm sure we're not the only ones who have hit this roadblock. In any case, I hope someone else having the same issues find these workarounds useful Nathan Butcher Senior Systems Engineer 1300 852 110 Chat on Teams [email protected] We are passionate about service excellence. If you would like to contact my Team Leader for any reason, their name is Tim Sandy, email address is [email protected] and phone number is (03) 9998 6377. We’re 100% Carbon Neutral and ISO 14001 certified. Check out our Environmental Sustainability pledge here. Adelaide | Brisbane | Canberra | Darwin | Hobart | Melbourne | Perth | Sydney Disclaimer This email message is confidential and may be privileged. Unauthorised use, copying or distribution of any part of this email including attachments is prohibited. If you are not the intended recipient, please forward the email to [email protected] and delete the original. Any advice contained in this email is of a general nature only and has been prepared without considering your relevant personal circumstances. To the extent permitted by law, we exclude (and where the law does not permit exclusion, limit to the extent permitted by law) all liability for any direct, indirect and consequential losses, damages and expenses incurred in any way (including but not limited to that arising from negligence), connected with any use or access to or any reliance on information contained in this email or any attachments. Centorrino Technologies Pty Ltd (ABN: 83 606 931 524). All Rights Reserved. _______________________________________________ ceph-users mailing list -- [email protected] To unsubscribe send an email to [email protected]
