Your caps are invalid -- you are missing the access-spec on the first
OSD cap clause. See [1] for more information for how to properly
format caps.
What version of Ceph are you using? If I remember correctly, since
Luminous it will at least throw an error when you give it invalid
caps.
Hi,
unfortunately it's not working, yet.
I have modified user gbsadm:
root@ld4257:/etc/ceph# ceph auth get client.gbsadm
exported keyring for client.gbsadm
[client.gbsadm]
key = AQBd0klcFknvMRAAwuu30bNG7L7PHk5d8cSVvg==
caps mon = "allow r"
caps osd = "allow pool backup
Hi,
just a comment:
the RBD pool also contain management objects, e.g. the rbd_directory and
rbd_info objects. And AFAIK these objects storage the name->id mapping
for images.
This means in your case, looking up the name backup/gbs requires read
access to these objects in the backup
You can check all objects of that pool to see if your caps match:
rados -p backup ls | grep rbd_id
Zitat von Eugen Block :
caps osd = "allow pool backup object_prefix
rbd_data.18102d6b8b4567; allow rwx pool backup object_prefix
rbd_header.18102d6b8b4567; allow rx pool backup object_prefix
caps osd = "allow pool backup object_prefix
rbd_data.18102d6b8b4567; allow rwx pool backup object_prefix
rbd_header.18102d6b8b4567; allow rx pool backup object_prefix
rbd_id.rbd-image"
I think your caps are not entirely correct, the part "[...]
object_prefix rbd_id.rbd-image" should contain
Thanks.
Unfortunately this is still not working.
Here's the info of my image:
root@ld4257:/etc/ceph# rbd info backup/gbs
rbd image 'gbs':
size 500GiB in 128000 objects
order 22 (4MiB objects)
block_name_prefix: rbd_data.18102d6b8b4567
format: 2
features:
Hi,
I replied to your thread a couple of days ago, maybe you didn't notice:
Restricting user access is possible on rbd image level. You can grant
read/write access for one client and only read access for other
clients, you have to create different clients for that, see [1] for
more
Hi,
I can create a block device user with this command:
ceph auth get-or-create client.{ID} mon 'profile rbd' osd 'profile
{profile name} [pool={pool-name}][, profile ...]'
Question:
How can I create a user that has access only to a specific image
created in pool ?
If this is not possible this