There is a tiny bit more to it. The idea is that, when adding a data pool, any
cephfs client can access the new pool without changing and updating the caps.
To this end, the fs-caps must include 2 pieces of information, the application
name "cephfs" and the file system name (ceph can have multiple file systems).
Any cephfs enabled pool with the correct file system name will be accessible to
a properly authorized client of that file system without having to add that
pool to the client caps explicitly, as was necessary in older versions.
The 2 pieces of information are provided like:
application name cephfs: "tag cephfs"
file system name: "data=con-fs2"
One can check what is encoded for each pool using
ceph osd pool ls detail --format=json | jq '.[] | .pool_name,
.application_metadata'
For a ceph-fs pool, it will look something like
"con-fs2-data2"
{
"cephfs": {
"data": "con-fs2"
}
}
As of today, it seems indeed undocumented black magic and you need to search
very carefully to find ceph-user cases that discuss (issues with) these tags,
thereby explaining it as a side effect.
Best regards,
=================
Frank Schilder
AIT Risø Campus
Bygning 109, rum S14
________________________________________
From: Eugen Block <ebl...@nde.ag>
Sent: Tuesday, June 11, 2024 2:14 PM
To: ceph-users@ceph.io
Subject: [ceph-users] Re: Documentation for meaning of "tag cephfs" in OSD caps
I assume it means that pools with an enabled application "cephfs" can
be targeted by specifying this tag instead of listing each pool
separately. Browsing through the code [1] seems to confirm that
(somehow, I'm not a dev):
> if (g.match.pool_tag.application == ng.match.pool_tag.application
But I agree, it's worth adding that to the docs.
[1]
https://github.com/ceph/ceph/blob/09e81319648dd504cfd94edfdd321c7163cefa98/src/osd/OSDCap.cc#L549
Zitat von Petr Bena <petr@bena.rocks>:
> Hello
>
> In https://docs.ceph.com/en/latest/cephfs/client-auth/ we can find that
>
> ceph fs authorize cephfs_a client.foo / r /bar rw Results in
>
> client.foo
> key: *key*
> caps: [mds] allow r, allow rw path=/bar
> caps: [mon] allow r
> caps: [osd] allow rw tag cephfs data=cephfs_a
>
>
> What is this "tag cephfs" thing? It seems like some undocumented
> black magic to me, since I can't find anything that documents it.
> Can someone explain how it works under the hood? What does it expand
> to? What does it limit and how?
> _______________________________________________
> ceph-users mailing list -- ceph-users@ceph.io
> To unsubscribe send an email to ceph-users-le...@ceph.io
_______________________________________________
ceph-users mailing list -- ceph-users@ceph.io
To unsubscribe send an email to ceph-users-le...@ceph.io
_______________________________________________
ceph-users mailing list -- ceph-users@ceph.io
To unsubscribe send an email to ceph-users-le...@ceph.io
