Dear all,
I am trying to follow the instructions at:
http://docs.ceph.com/docs/master/cephfs/client-auth/
to restrict a client to a subdirectory of Ceph filesystem, but always get
an error.
We are running the latest stable release of Ceph (v12.2.1) on CentOS 7
servers. The user 'hydra' has the following capabilities:
# ceph auth get client.hydra
exported keyring for client.hydra
[client.hydra]
key = AQxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx==
caps mds = "allow rw"
caps mgr = "allow r"
caps mon = "allow r"
caps osd = "allow rw"
When I tried to restrict the client to only mount and work within the
directory /hydra of the Ceph filesystem 'pulpos', I got an error:
# ceph fs authorize pulpos client.hydra /hydra rw
Error EINVAL: key for client.dong exists but cap mds does not match
I've tried a few combinations of user caps and CephFS client caps; but
always got the same error!
Has anyone able to get this to work? What is your recipe?
Thanks,
Shaw
_______________________________________________
ceph-users mailing list
[email protected]
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
