[ceph-users] mount rbd read only

ST Wong (ITSC) ST at itsc.cuhk.edu.hk
Fri Nov 9 07:41:10 PST 2018


Thanks for your help.  Tried to follow steps in CEPH doc:

On admin host:

# ceph auth add client.acapp1 mon 'allow r' osd 'allow rw pool=4copy'
# ceph auth export client.acapp1 > keyring

Copy keyring to rbd client:/etc/ceph/keyring, and got following error:

# rbd map 4copy/foo
rbd: sysfs write failed
rbd: couldn't connect to the cluster!
In some cases useful info is found in syslog - try "dmesg | tail".
rbd: map failed: (22) Invalid argument

Also modified the capability as described in doc but gets same error:

# ceph auth caps client.acapp1 mon 'allow r' osd 'allow class-read object_prefix rbd_children, allow pool templates r class-read, allow pool 4copy rwx'

Would you help?    Thanks a lot.

Btw, shal /etc/ceph/ceph.client.admin.keyring be removed in ceph-ansible client deployment task?

Thanks and Best Regards,
/st wong

From: Ashley Merrick <singapore at amerrick.co.uk>
Sent: Friday, November 9, 2018 10:51 PM
To: ST Wong (ITSC) <ST at itsc.cuhk.edu.hk>
Cc: Wido den Hollander <wido at 42on.com>; ceph-users at lists.ceph.com
Subject: Re: [ceph-users] mount rbd read only

You could create a key ring that only has perms to mount the RBD and read only to the mon’s.

Depends if anyone that you wouldn’t trust with ceph commands has access to that VM / host.

On Fri, 9 Nov 2018 at 10:47 PM, ST Wong (ITSC) <ST at itsc.cuhk.edu.hk<mailto:ST at itsc.cuhk.edu.hk>> wrote:
Stupid me.  I was focus on learning CEPH commands and forget something basic - haven't done mkfs.  Sorry for the trouble caused.

Btw, is ceph.client.admin.keyring a must on client that mount rbd device?  Any security concern?

Sorry for the newbie questions.
Thanks for all responded.

Best Rgds
/st wong

-----Original Message-----
From: ceph-users <ceph-users-bounces at lists.ceph.com<mailto:ceph-users-bounces at lists.ceph.com>> On Behalf Of Wido den Hollander
Sent: Thursday, November 8, 2018 8:31 PM
To: ceph-users at lists.ceph.com<mailto:ceph-users at lists.ceph.com>
Subject: Re: [ceph-users] mount rbd read only



On 11/8/18 1:05 PM, ST Wong (ITSC) wrote:
> Hi,
>
>
>
> We created a testing rbd block device image as following:
>
>
>
> ----- cut here -------
>
> # rbd create 4copy/foo --size 10G
>
> # rbd feature disable 4copy/foo object-map fast-diff deep-flatten
>
> # rbd --image 4copy/foo info
>
> rbd image 'foo':
>
>         size 10 GiB in 2560 objects
>
>         order 22 (4 MiB objects)
>
>         id: 122f36b8b4567
>
>         block_name_prefix: rbd_data.122f36b8b4567
>
>         format: 2
>
>         features: layering, exclusive-lock
>
>         op_features:
>
>         flags:
>
>         create_timestamp: Thu Nov  8 19:42:25 2018
>
>
>
> ----- cut here -------
>
>
>
> Then try to mount it on client but got error and can't be mounted:
>
>
>
> ----- cut here -------
>
> # mount  /dev/rbd0 /mnt
>
> mount: /dev/rbd0 is write-protected, mounting read-only
>
> mount: unknown filesystem type '(null)'

Did you create a filesystem on it with mkfs? Are you sure there is a FileSystem on it?

Wido

>
> ----- cut here -------
>
>
>
> Did we do any step incorrect?  We're using mimic.   Thanks.
>
>
>
>
>
>
>
> Besides, the rbd client is deployed through ceph-ansible as client
> role and found that the ceph.client.admin.keyring from admin server
> was also copied to the client machine.  Is it necessary?   Thanks a lot.
>
>
>
> Best Regards,
>
> /ST Wong
>
>
> _______________________________________________
> ceph-users mailing list
> ceph-users at lists.ceph.com<mailto:ceph-users at lists.ceph.com>
> http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
>
_______________________________________________
ceph-users mailing list
ceph-users at lists.ceph.com<mailto:ceph-users at lists.ceph.com>
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
_______________________________________________
ceph-users mailing list
ceph-users at lists.ceph.com<mailto:ceph-users at lists.ceph.com>
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ceph.com/pipermail/ceph-users-ceph.com/attachments/20181109/31e75dce/attachment.html>


More information about the ceph-users mailing list