On Wed, Feb 21, 2018 at 10:54 AM, Enrico Kern
<enrico.k...@glispamedia.com> wrote:
> Hey all,
> i would suggest some changes to the ceph auth caps command.
> Today i almost fucked up half of one of our openstack regions with i/o
> errors because of user failure.
> I tried to add osd blacklist caps to a cinder keyring after luminous
> upgrade.
> I did so by issuing ceph auth caps client.cinder mon 'bla'
> doing this i forgot that this will wipe also other caps and not just only
> updates caps for mon because you need to specify all in one line. Result was
> all of our vms passing out with read only filesystems after a while because
> osd caps were gone.
> I suggest that if you only pass
> Ceph auth caps mon
> It only updates caps for mon or osd etc. and leaves others untouched. Or at
> least print some huge error message.
> I know it is more a pebkac problem, but ceph is doing great in being idiot
> proof and this would make it even more idiot proof ;)

This sounds like a good idea to me! I created a ticket at
ceph-users mailing list

Reply via email to