> I have a Nautilus (14.2.8) cluster and I'd like to give access to a pool with
> librados to a user.
>
> Here what I have
>
>> # ceph osd pool ls detail | grep user1
>> pool 5 'user1' replicated size 3 min_size 2 crush_rule 0 object_hash
>> rjenkins pg_num 256 pgp_num 256 autoscale_mode warn last_change 108 flags
>> hashpspool max_bytes 1099511627776 stripe_width 0 application user1
>
>> # ceph auth get client.user1
>> exported keyring for client.user1> client.user1
>> key: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX==
>> caps: [mon] allow r
>> caps: [osd] allow rw pool=user1 namespace=user1
> On the client
>
>> $ cat ~/ceph.conf>> [global]
>> mon host =
>> [v2:10.90.36.16:3300,v1:10.90.36.16:6789],[v2:10.90.36.17:3300,v1:10.90.36.17:6789],[v2:10.90.36.18:3300,v1:10.90.36.18:6789]
>> keyring = ~/user1.keyring
>
>> $ cat ~/user1.keyring
>> XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX==
>
>> $ rados -c ~/ceph.conf -p pool ls
>> 2020-04-02 12:44:59.900 7fd78aea3700 -1 monclient(hunting):
>> handle_auth_bad_method server allowed_methods [2] but i only support [2,1]
>> 2020-04-02 12:44:59.900 7fd789ea1700 -1 monclient(hunting):
>> handle_auth_bad_method server allowed_methods [2] but i only support [2,1]
>> 2020-04-02 12:44:59.900 7fd78a6a2700 -1 monclient(hunting):
>> handle_auth_bad_method server allowed_methods [2] but i only support [2,1]
>> failed to fetch mon config (--no-mon-config to skip)
>
> Is there something I missed?
I did more tests and even with those capabilities, it doesn't work.
[client.user1]
key = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX==
caps mds = "allow *"
caps mgr = "allow *"
caps mon = "allow *"
caps osd = "allow *"
But if I use client.admin user, it works.
[client.admin]
key = YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY==
caps mds = "allow *"
caps mgr = "allow *"
caps mon = "allow *"
caps osd = "allow *"
$ rados -c ~/ceph.conf -p pool ls
$
--
Yoann Moulin
EPFL IC-IT
_______________________________________________
ceph-users mailing list -- ceph-users@ceph.io
To unsubscribe send an email to ceph-users-le...@ceph.io
