Saw that, too, however it does not work: root@server3:/var/lib/ceph/mon/ceph-server3# ceph -n mon. --keyring keyring auth caps client.admin mds 'allow *' osd 'allow *' mon 'allow *' 2018-02-16 17:23:38.154282 7f7e257e3700 0 librados: mon. authentication error (13) Permission denied [errno 13] error connecting to the cluster
... which kind of makes sense, as the mon. key does not have capabilities for it. Then again, I wonder how monitors actually talk to each other... Michel Raabe <rmic...@devnu11.net> writes: > On 02/16/18 @ 18:21, Nico Schottelius wrote: >> on a test cluster I issued a few seconds ago: >> >> ceph auth caps client.admin mgr 'allow *' >> >> instead of what I really wanted to do >> >> ceph auth caps client.admin mgr 'allow *' mon 'allow *' osd 'allow *' \ >> mds allow >> >> Now any access to the cluster using client.admin correctly results in >> client.admin authentication error (13) Permission denied. >> >> Is there any way to modify the keyring capabilities "from behind", >> i.e. by modifying the rocksdb of the monitors or similar? > > http://lists.ceph.com/pipermail/ceph-users-ceph.com/2017-January/015474.html > > Not verified. > > Regards, > Michel -- Modern, affordable, Swiss Virtual Machines. Visit www.datacenterlight.ch _______________________________________________ ceph-users mailing list ceph-users@lists.ceph.com http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
