You need to tell it the username and the key ring to use. I’m on my mobile right now so don’t have access to a server to check but If you check the man of the RBD command it is something like id/name.
If your key ring is named the correct format it will find the key ring, if not you can specify the location using —keyring On Fri, 9 Nov 2018 at 11:41 PM, ST Wong (ITSC) <[email protected]> wrote: > Thanks for your help. Tried to follow steps in CEPH doc: > > > > On admin host: > > > > # ceph auth add client.acapp1 mon 'allow r' osd 'allow rw pool=4copy' > > # ceph auth export client.acapp1 > keyring > > > > Copy keyring to rbd client:/etc/ceph/keyring, and got following error: > > > > # rbd map 4copy/foo > > rbd: sysfs write failed > > rbd: couldn't connect to the cluster! > > In some cases useful info is found in syslog - try "dmesg | tail". > > rbd: map failed: (22) Invalid argument > > > > Also modified the capability as described in doc but gets same error: > > > > # ceph auth caps client.acapp1 mon 'allow r' osd 'allow class-read > object_prefix rbd_children, allow pool templates r class-read, allow pool > 4copy rwx' > > > > Would you help? Thanks a lot. > > > > Btw, shal /etc/ceph/ceph.client.admin.keyring be removed in ceph-ansible > client deployment task? > > > > Thanks and Best Regards, > > /st wong > > > > *From:* Ashley Merrick <[email protected]> > *Sent:* Friday, November 9, 2018 10:51 PM > *To:* ST Wong (ITSC) <[email protected]> > *Cc:* Wido den Hollander <[email protected]>; [email protected] > > > *Subject:* Re: [ceph-users] mount rbd read only > > > > You could create a key ring that only has perms to mount the RBD and read > only to the mon’s. > > > > Depends if anyone that you wouldn’t trust with ceph commands has access to > that VM / host. > > > > On Fri, 9 Nov 2018 at 10:47 PM, ST Wong (ITSC) <[email protected]> > wrote: > > Stupid me. I was focus on learning CEPH commands and forget something > basic - haven't done mkfs. Sorry for the trouble caused. > > Btw, is ceph.client.admin.keyring a must on client that mount rbd device? > Any security concern? > > Sorry for the newbie questions. > Thanks for all responded. > > Best Rgds > /st wong > > -----Original Message----- > From: ceph-users <[email protected]> On Behalf Of Wido > den Hollander > Sent: Thursday, November 8, 2018 8:31 PM > To: [email protected] > Subject: Re: [ceph-users] mount rbd read only > > > > On 11/8/18 1:05 PM, ST Wong (ITSC) wrote: > > Hi, > > > > > > > > We created a testing rbd block device image as following: > > > > > > > > ----- cut here ------- > > > > # rbd create 4copy/foo --size 10G > > > > # rbd feature disable 4copy/foo object-map fast-diff deep-flatten > > > > # rbd --image 4copy/foo info > > > > rbd image 'foo': > > > > size 10 GiB in 2560 objects > > > > order 22 (4 MiB objects) > > > > id: 122f36b8b4567 > > > > block_name_prefix: rbd_data.122f36b8b4567 > > > > format: 2 > > > > features: layering, exclusive-lock > > > > op_features: > > > > flags: > > > > create_timestamp: Thu Nov 8 19:42:25 2018 > > > > > > > > ----- cut here ------- > > > > > > > > Then try to mount it on client but got error and can't be mounted: > > > > > > > > ----- cut here ------- > > > > # mount /dev/rbd0 /mnt > > > > mount: /dev/rbd0 is write-protected, mounting read-only > > > > mount: unknown filesystem type '(null)' > > Did you create a filesystem on it with mkfs? Are you sure there is a > FileSystem on it? > > Wido > > > > > ----- cut here ------- > > > > > > > > Did we do any step incorrect? We're using mimic. Thanks. > > > > > > > > > > > > > > > > Besides, the rbd client is deployed through ceph-ansible as client > > role and found that the ceph.client.admin.keyring from admin server > > was also copied to the client machine. Is it necessary? Thanks a lot. > > > > > > > > Best Regards, > > > > /ST Wong > > > > > > _______________________________________________ > > ceph-users mailing list > > [email protected] > > http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com > > > _______________________________________________ > ceph-users mailing list > [email protected] > http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com > _______________________________________________ > ceph-users mailing list > [email protected] > http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com > >
_______________________________________________ ceph-users mailing list [email protected] http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
