The condition guarding bootstrap-osd keyring creation checks for `auth_client_required eq 'cephx'` by reading ceph.conf directly. When this setting is absent from ceph.conf (relying on the Ceph default, or configured via the mon config database instead), the check evaluates as `undef eq 'cephx'` which is false, causing PVE to skip creating the bootstrap keyring. ceph-volume then fails because it cannot find /var/lib/ceph/bootstrap-osd/ceph.keyring.
This can happen when: - ceph.conf [global] was created before `pveceph init` wrote the auth settings (pveceph init skips writing them if [global] already exists) - auth settings were moved from ceph.conf to the mon config database - an upgrade or migration left ceph.conf without the auth lines Fix by defaulting to 'cephx' when the setting is absent (matching Ceph's own default) and inverting the check to only skip keyring creation when auth is explicitly set to 'none'. Signed-off-by: Kefu Chai <[email protected]> Signed-off-by: Kefu Chai <[email protected]> --- PVE/API2/Ceph/OSD.pm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/PVE/API2/Ceph/OSD.pm b/PVE/API2/Ceph/OSD.pm index a952c952..062729ae 100644 --- a/PVE/API2/Ceph/OSD.pm +++ b/PVE/API2/Ceph/OSD.pm @@ -407,7 +407,7 @@ __PACKAGE__->register_method({ if ( !-f $ceph_bootstrap_osd_keyring - && $ceph_conf->{global}->{auth_client_required} eq 'cephx' + && ($ceph_conf->{global}->{auth_client_required} // 'cephx') ne 'none' ) { my $bindata = $rados->mon_command({ prefix => 'auth get-or-create', -- 2.47.3
