On Tue, Aug 21, 2018 at 9:19 PM Jacob DeGlopper wrote:
>
> I'm seeing an error from the rbd map command running in ceph-container;
> I had initially deployed this cluster as Luminous, but a pull of the
> ceph/daemon container unexpectedly upgraded me to Mimic 13.2.1.
>
> [root@nodeA2 ~]# ceph version
> ceph version 13.2.1 (5533ecdc0fda920179d7ad84e0aa65a127b20d77) mimic
> (stable)
>
> [root@nodeA2 ~]# rbd info mysqlTB
> rbd image 'mysqlTB':
> size 360 GiB in 92160 objects
> order 22 (4 MiB objects)
> id: 206a962ae8944a
> block_name_prefix: rbd_data.206a962ae8944a
> format: 2
> features: layering
> op_features:
> flags:
> create_timestamp: Sat Aug 11 00:00:36 2018
>
> [root@nodeA2 ~]# rbd map mysqlTB
> rbd: failed to add secret 'client.admin' to kernel
> In some cases useful info is found in syslog - try "dmesg | tail".
> rbd: map failed: (1) Operation not permitted
>
> [root@nodeA2 ~]# type rbd
> rbd is a function
> rbd ()
> {
> sudo docker exec ceph-mon-nodeA2 rbd --cluster ceph ${@}
> }
>
> [root@nodeA2 ~]# ls -alF /etc/ceph/ceph.client.admin.keyring
> -rw--- 1 ceph ceph 159 May 21 09:27 /etc/ceph/ceph.client.admin.keyring
>
> System is CentOS 7 with the elrepo mainline kernel:
>
> [root@nodeA2 ~]# uname -a
> Linux nodeA2 4.18.3-1.el7.elrepo.x86_64 #1 SMP Sat Aug 18 09:30:18 EDT
> 2018 x86_64 x86_64 x86_64 GNU/Linux
>
> I see a similar question here with no answer:
> https://github.com/ceph/ceph-container/issues/1030
Hi Jacob,
You mentioned an upgrade in the subject, did it work with luminous
ceph-container?
It seems unlikely -- docker blocks add_key(2) and other key management
related system calls with seccomp because the kernel keyring is global.
See https://docs.docker.com/engine/security/seccomp/.
Thanks,
Ilya
___
ceph-users mailing list
ceph-users@lists.ceph.com
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
