Hey all, i would suggest some changes to the ceph auth caps command.
Today i almost fucked up half of one of our openstack regions with i/o errors because of user failure. I tried to add osd blacklist caps to a cinder keyring after luminous upgrade. I did so by issuing ceph auth caps client.cinder mon 'bla' doing this i forgot that this will wipe also other caps and not just only updates caps for mon because you need to specify all in one line. Result was all of our vms passing out with read only filesystems after a while because osd caps were gone. I suggest that if you only pass Ceph auth caps mon It only updates caps for mon or osd etc. and leaves others untouched. Or at least print some huge error message. I know it is more a pebkac problem, but ceph is doing great in being idiot proof and this would make it even more idiot proof ;)
_______________________________________________ ceph-users mailing list ceph-users@lists.ceph.com http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
