cancel
Showing results for 
Search instead for 
Did you mean: 
Flight Engineer littlebigfab Flight Engineer
Flight Engineer
  • 149 Views

[ceph125] Bug in guided exercise 5.2 ?

Hello,

In training course ceph125 version 3.0, at guided exercise 5.2 : Deploying a RADOS Gateway, it seems that the 'client.bootstrap-rgw' identity has insufficient permissions on the 3-node ceph cluster to create the new 'client.rgw.servera' identity.

Indeed the 'site.yml' playbook fails at task ceph-rgw: create rados gateway keyring with error librados: client.bootstrap-rgw authentication error (1) Operation not permitted

On cluster site, the user does exist with 'profile bootstrap-rgw' permissions.

Workaround: create the new user manually using the admin identity:

[ceph@servera ~]$ ceph auth get-or-create client.rgw.servera \
osd 'allow rwx' \
mon 'allow rw' \
-o /var/lib/ceph/radosgw/ceph-sgw.servera.keyring

(the admin keyring is supposed to be present on servera from a previous lab, otherwise run that command on serverc instead and copy the resulting keyring file to servera)

 

Finally, launch the playbook again in order to complete the installation :

[student@servera ~]$ cd /usr/share/ceph-ansible
[student@servera ceph-ansible]$ ansible-playbook site.yml --limit rgws
0 Kudos
1 Reply
Highlighted
Flight Engineer littlebigfab Flight Engineer
Flight Engineer
  • 135 Views

Re: [ceph125] Bug in guided exercise 5.2 ?

The same issue also occurs at guided exercise 6.2: Providing File Storage with CephFS, this time with client.bootstrap-mds having insufficient permissions to create the mds.servera user.

Same workaround works here too: create the new user manually using the admin identity:

[ceph@servera ~]$ ceph auth get-or-create mds.servera \
osd 'allow rwx' \
mds 'allow' \
mon 'allow profile mds' \
-o /var/lib/ceph/mds/ceph-servera.keyring

 

Then, re-launch the playbook :

[student@servera ~]$ cd /usr/share/ceph-ansible
[student@servera ceph-ansible]$ ansible-playbook site.yml

 

0 Kudos
Reply
Loading...
Join the discussion
You must log in to join this conversation.