Hello,
In our Ceph cluster we encountered issues while attempting to execute
"radosgw-admin" command on client side using cephx user having read only
permission. Whenever we are executing "radosgw-admin user list" command it is
throwing an error.
"ceph version 18.2.1 (7fe91d5d5842e04be3b4f514d6dd990c54b29c76) reef (stable)"
We have performed below steps in our environment
Case-1 : First we created cephx user with below privileges
client.rgw.username
key: <-------key------->
caps: [mgr] allow r
caps: [mon] allow r
caps: [osd] allow r tag rgw *=*
on client side we copied keyring and ceph.conf file
What we noticed on client machine all general command like "ceph -s", "ceph
health detail" "ceph df" running fine, even "radosgw-admin zonegroup list
--id=rgw.username," command returned the expected output, but when attempting
commands like "radosgw-admin user list," "radosgw-admin bucket list," or
"radosgw-admin user info," errors were encountered.
Below are the outputs that is throwing
root@control:~# radosgw-admin user list --id=rgw.username
2024-01-03T17:34:06.498+0000 7f915ece1fc0 0 ERROR: failed reading data
(obj=default.rgw.log:bucket.sync-source-hints.), r=-1
2024-01-03T17:34:06.498+0000 7f915ece1fc0 0 ERROR: failed to update sources
index for bucket=:[]) r=-1
2024-01-03T17:34:06.498+0000 7f915ece1fc0 0 ERROR: failed to initialize bucket
sync policy handler: get_bucket_sync_hints() on bucket=-- returned r=-1
2024-01-03T17:34:06.498+0000 7f915ece1fc0 -1 ERROR: could not initialize zone
policy handler for zone=default
2024-01-03T17:34:06.498+0000 7f915ece1fc0 0 ERROR: failed to start notify
service ((1) Operation not permitted
2024-01-03T17:34:06.498+0000 7f915ece1fc0 0 ERROR: failed to init services
(ret=(1) Operation not permitted)
couldn't init storage provider
Case- 2 : In this case we granted read permissions to the rgw data pool and
index pool for the user,
client.rgw.username
key: <----key---->
caps: [mgr] allow r
caps: [mon] allow r
caps: [osd] allow r pool=default.rgw.log
Despite this, while general commands worked perfectly fine on the client side,
but "radosgw-admin" commands still failed to execute.
Here is the output
root@control:~# radosgw-admin user list --id=rgw.username
2024-01-03T17:43:38.071+0000 7f8b5a8bffc0 0 failed reading realm info: ret -1
(1) Operation not permitted
2024-01-03T17:43:38.071+0000 7f8b5a8bffc0 0 ERROR: failed to start notify
service ((1) Operation not permitted
2024-01-03T17:43:38.071+0000 7f8b5a8bffc0 0 ERROR: failed to init services
(ret=(1) Operation not permitted)
couldn't init storage provider
Have I overlooked anything in the process?
Any guidance or insight would be greatly appreciated.
Thanks,
Mohammad Saif
Ceph Enthusiast
In the first step, we created a CephX user named client.rgw.saif with read
permissions for the manager (mgr), monitor (mon), and object storage daemon
(osd) components, along with specific RGW capabilities. On the client side, we
successfully copied the keyring and ceph.conf, and certain commands, such as
radosgw-admin zonegroup list --id=rgw.username,
_______________________________________________
ceph-users mailing list -- ceph-users@ceph.io
To unsubscribe send an email to ceph-users-le...@ceph.io
