Hi everyone, We encountered an issue with KRBD mounting after mapping it to the host with read-only option. We try to pinpoint where the problem is, but not able to do it.
The image is mounted well if we map it without the "read-only" option. This leads to an issue that the pod in k8s cannot use the snapshotted persistent volume created by ceph-csi rbd provisioner. Thank you for reading. I have reported the bug here: Bug #50234: krbd failed to mount after map image with read-only option - Ceph - Ceph<https://tracker.ceph.com/issues/50234> Context - Using admin keyring - Linux Kernel: 3.10.0-1160.15.2.el7.x86_64 - Linux Distribution: Red Hat Enterprise Linux Server 7.8 (Maipo) - Ceph version: "ceph version 14.2.8 (2d095e947a02261ce61424021bb43bd3022d35cb) nautilus (stable)" rbd image 'csi-vol-85919409-9797-11eb-80ba-720b2b57c790': size 10 GiB in 2560 objects order 22 (4 MiB objects) snapshot_count: 0 id: 533a03bba388ea block_name_prefix: rbd_data.533a03bba388ea format: 2 features: layering op_features: flags: create_timestamp: Wed Apr 7 13:51:02 2021 access_timestamp: Wed Apr 7 13:51:02 2021 modify_timestamp: Wed Apr 7 13:51:02 2021 Bug Reproduction # Map RBD image WITH read-only option, CANNOT mount with both readonly or readwrite option sudo rbd device map -p k8s-sharedpool csi-vol-85919409-9797-11eb-80ba-720b2b57c790 -ro /dev/rbd0 sudo mount -v -r -t ext4 /dev/rbd0 /mnt/test1 mount: cannot mount /dev/rbd0 read-only sudo mount -v -r -t ext4 /dev/rbd0 /mnt/test1 mount: /dev/rbd0 is write-protected, mounting read-only mount: cannot mount /dev/rbd0 read-only # Map RBD image WITHOUT read-only option, CAN mount with both readonly or readwrite option sudo rbd device map -p k8s-sharedpool csi-vol-85919409-9797-11eb-80ba-720b2b57c790 /dev/rbd0 sudo mount -v -r -t ext4 /dev/rbd0 /mnt/test1 mount: /mnt/test1 does not contain SELinux labels. You just mounted an file system that supports labels which does not contain labels, onto an SELinux box. It is likely that confined applications will generate AVC messages and not be allowed access to this file system. For more details see restorecon(8) and mount(8). mount: /dev/rbd0 mounted on /mnt/test1. sudo mount -v -t ext4 /dev/rbd0 /mnt/test1 mount: /mnt/test1 does not contain SELinux labels. You just mounted an file system that supports labels which does not contain labels, onto an SELinux box. It is likely that confined applications will generate AVC messages and not be allowed access to this file system. For more details see restorecon(8) and mount(8). mount: /dev/rbd0 mounted on /mnt/test1. With my best regards, Son Hai Ha -- KPMG IT Service GmbH Sitz/Registergericht: Berlin/Amtsgericht Charlottenburg, HRB 87521 B Geschäftsführer: Hans-Christian Schwieger, Helmar Symmank Aufsichtsratsvorsitzender: WP StB Klaus Becker Allgemeine Informationen zur Datenverarbeitung im Rahmen unserer allgemeinen Geschäftstätigkeit sowie im Mandatsverhältnis gemäß EU Datenschutz-Grundverordnung sind hier <https://home.kpmg.com/content/dam/kpmg/de/pdf/Themen/2018/datenschutzinformationen-fuer-betroffene-kpmg-it-service-gmbh.pdf> abrufbar. Die Information in dieser E-Mail ist vertraulich und kann dem Berufsgeheimnis unterliegen. Sie ist ausschließlich für den Adressaten bestimmt. Jeglicher Zugriff auf diese E-Mail durch andere Personen als den Adressaten ist untersagt. Sollten Sie nicht der für diese E-Mail bestimmte Adressat sein, ist Ihnen jede Veröffentlichung, Vervielfältigung oder Weitergabe wie auch das Ergreifen oder Unterlassen von Maßnahmen im Vertrauen auf erlangte Information untersagt. In dieser E-Mail enthaltene Meinungen oder Empfehlungen unterliegen den Bedingungen des jeweiligen Mandatsverhältnisses mit dem Adressaten. The information in this e-mail is confidential and may be legally privileged. It is intended solely for the addressee. Access to this e-mail by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. Any opinions or advice contained in this e-mail are subject to the terms and conditions expressed in the governing KPMG client engagement letter. _______________________________________________ ceph-users mailing list -- ceph-users@ceph.io To unsubscribe send an email to ceph-users-le...@ceph.io
