Hi,
I found two maybe related bugs in the tracker (#4287, #3657) but both
are resolved, so I'm wondering if there's spmething I'm doing wrong.
Has anybody sucessfully mapped rbd images with kernel rbd, when cephx
require signatures is set to true in the cluster?
Thanks for your help,
best
Hi Kurt,
Your original analysis is correct: cephx signatures aren't yet implemented
in the kernel client. I don't have a good indication of when this will be
prioritized, unfortunately.
I'm not aware of anybody who has targetted this or has even made note of
the potential vulnerability. It
Hi Sage,
thanks for your answer.
Am I right, that the communication between nodes that support cephx
signatures is still signed, although the option is set to false?
So only the communication between the client, mapping the rbd, and the
relevant OSDs and MONs is not signed?
Thanks,
best regards,
Correct. During the intiial handshake, the to ends will decide whether
to use signatures based on whether it is supported by both ends. That
option allows them to continue even if it is not. You probably want
the more specific options:
cephx_require_signatures = false
Hi,
I have to open our CEPH cluster for some clients, that only support
kernel rbd. In general that's no problem and works just fine (verified
in our test-cluster ;-) ). I then tried to map images from our
production cluster and failed: rbd: add failed: (95) Operation not supported
After some