Hi François,
"usermod -aG ceph snmp" is better ;)

2016-03-11 3:37 GMT+01:00 Francois Lafont <flafdiv...@free.fr>:
> Hi,
>
> I have a ceph cluster on Infernalis and I'm using a snmp agent to retrieve
> data and generate generic graphs concerning each cluster node. Currently, I
> can see in the syslog of each node this kind of lines (every 5 minutes):
>
>     Mar 11 03:15:26 ceph01 snmpd[16824]: Cannot statfs 
> /var/lib/ceph/mon/ceph-ceph01#012: Permission denied
>     Mar 11 03:15:26 ceph01 snmpd[16824]: Cannot statfs 
> /var/lib/ceph/osd/ceph-16#012: Permission denied
>
> Of course, it's a basic problem of Unix rights. The snmp agent uses the
> account "snmp" and the Unix rights of the ceph home directory are:
>
>     ~# ll -d /var/lib/ceph
>     drwxr-x--- 9 ceph ceph 4096 Nov  4 06:34 /var/lib/ceph/
>
> So, of course, currently the snmp account can't access to
> /var/lib/ceph/{osd,mon}/$cluster-$id/.
>
> 1. Is there a problem (an eventually side effect) if I just do that?
>
>     chmod o+rx /var/lib/ceph/
>
> Can I have security problem with that?
>
>
> 2. Or do you think it's a better idea to just add "snmp" in the Unix group
> "ceph"? Maybe better than 1. because I don't change the permissions of the
> directory _and_ it seems to me that a member of the "ceph" group has never
> the "w" right in /var/lib/ceph/.
>
> Thanks in advance for your help.
>
> --
> François Lafont
> _______________________________________________
> ceph-users mailing list
> ceph-users@lists.ceph.com
> http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com



-- 

________________________________________________________

Cordialement,

David CASIER


3B Rue Taylor, CS20004
75481 PARIS Cedex 10 Paris

Ligne directe: 01 75 98 53 85
Email: david.cas...@aevoo.fr
________________________________________________________
_______________________________________________
ceph-users mailing list
ceph-users@lists.ceph.com
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com

Reply via email to