Re: [ceph-users] Creating a block device user with restricted access to image

Your caps are invalid -- you are missing the access-spec on the first OSD cap clause. See [1] for more information for how to properly format caps. What version of Ceph are you using? If I remember correctly, since Luminous it will at least throw an error when you give it invalid caps.

Re: [ceph-users] Creating a block device user with restricted access to image

Hi, unfortunately it's not working, yet. I have modified user gbsadm: root@ld4257:/etc/ceph# ceph auth get client.gbsadm exported keyring for client.gbsadm [client.gbsadm]     key = AQBd0klcFknvMRAAwuu30bNG7L7PHk5d8cSVvg==     caps mon = "allow r"     caps osd = "allow pool backup

Re: [ceph-users] Creating a block device user with restricted access to image

Hi, just a comment: the RBD pool also contain management objects, e.g. the rbd_directory and rbd_info objects. And AFAIK these objects storage the name->id mapping for images. This means in your case, looking up the name backup/gbs requires read access to these objects in the backup

Re: [ceph-users] Creating a block device user with restricted access to image

You can check all objects of that pool to see if your caps match: rados -p backup ls | grep rbd_id Zitat von Eugen Block : caps osd = "allow pool backup object_prefix rbd_data.18102d6b8b4567; allow rwx pool backup object_prefix rbd_header.18102d6b8b4567; allow rx pool backup object_prefix

Re: [ceph-users] Creating a block device user with restricted access to image

caps osd = "allow pool backup object_prefix rbd_data.18102d6b8b4567; allow rwx pool backup object_prefix rbd_header.18102d6b8b4567; allow rx pool backup object_prefix rbd_id.rbd-image" I think your caps are not entirely correct, the part "[...] object_prefix rbd_id.rbd-image" should contain

Re: [ceph-users] Creating a block device user with restricted access to image

Thanks. Unfortunately this is still not working. Here's the info of my image: root@ld4257:/etc/ceph# rbd info backup/gbs rbd image 'gbs':     size 500GiB in 128000 objects     order 22 (4MiB objects)     block_name_prefix: rbd_data.18102d6b8b4567     format: 2     features:

Re: [ceph-users] Creating a block device user with restricted access to image

Hi, I replied to your thread a couple of days ago, maybe you didn't notice: Restricting user access is possible on rbd image level. You can grant read/write access for one client and only read access for other clients, you have to create different clients for that, see [1] for more

[ceph-users] Creating a block device user with restricted access to image

Hi, I can create a block device user with this command: ceph auth get-or-create client.{ID} mon 'profile rbd' osd 'profile {profile name} [pool={pool-name}][, profile ...]' Question: How can I create a user that has access only to a specific image created in pool ? If this is not possible this