[ceph-users] How to configure s3 bucket acl so that one user's bucket is visible to another.

2018-04-28 Thread Безруков Илья Алексеевич 

Hello,

How to configure s3 bucket acl so that one user's bucket is visible to 
another.



I can create a bucket, objects in it and give another user access to it.
But another user does not see this bucket in the list of available buckets.


## User1

```
s3cmd -c s3cfg_user1 ls s3://

2018-04-28 07:50  s3://example1

#set ACL
s3cmd -c s3cfg_user1 setacl --acl-grant=all:user2 s3://example1
s3://example1/: ACL updated

# Check
s3cmd -c s3cfg_user1 info s3://example1
s3://example1/ (bucket):
   Location:  us-east-1
   Payer: BucketOwner
   Expiration Rule: none
   Policy:    none
   CORS:  none
   ACL:   User1: FULL_CONTROL
   ACL:   User2: FULL_CONTROL

# Put some data
s3cmd -c s3cfg_user1 put /tmp/dmesg s3://example1
upload: '/tmp/dmesg' -> 's3://example1/dmesg'  [1 of 1]
 5305 of 5305   100% in    0s    27.28 kB/s  done

#set ACL
s3cmd -c s3cfg_user1 setacl --acl-grant=all:bondarenko s3://example1/dmesg
s3://example1/dmesg: ACL updated

```

## User2
```
s3cmd -c ~/.s3cfg_user2 ls s3://
2018-04-27 14:23  s3://only_itself_dir

# Check info
s3cmd -c ~/.s3cfg_user2 info s3://example1
ERROR: Access to bucket 'example1' was denied
ERROR: S3 error: 403 (AccessDenied)

# ls bucket
s3cmd -c ~/.s3cfg_user2 ls s3://example1
2018-04-28 07:58  5305   s3://example1/dmesg

#Get info
s3cmd -c ~/.s3cfg_user2 info s3://example1/dmesg
s3://example1/dmesg (object):
   File size: 5305
   Last mod:  Sat, 28 Apr 2018 07:58:03 GMT
   MIME type: text/plain
   Storage:   STANDARD
   MD5 sum:   47ddc4780956cb55abe27e851aa02cfa
   SSE:   none
   Policy:    none
ERROR: Access to bucket 'example1' was denied
ERROR: S3 error: 403 (AccessDenied)

#Get object
s3cmd -c ~/.s3cfg_user2 get s3://example1/dmesg /tmp/test
download: 's3://example1/dmesg' -> '/tmp/test'  [1 of 1]
 5305 of 5305   100% in    0s   160.54 kB/s  done

#Put some oject to bucket
s3cmd -c ~/.s3cfg_user2 put /tmp/dmesg2 s3://example1/dmesg2
upload: '/tmp/dmesg2' -> 's3://example1/dmesg2'  [1 of 1]
 38136 of 38136   100% in    0s   455.18 kB/s  done
```

Best regards,

Ilya

___
ceph-users mailing list
ceph-users@lists.ceph.com
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com

Re: [ceph-users] Backup LUKS/Dmcrypt keys

2018-04-28 Thread Дробышевский , Владимир 
Hi, David!

In case of dm-crypt luks (as default) ceph-disk keeps particular OSD
partition\partitions key in ceph mon attributes and uses OSD partition uuid
as an ID for this key.

So you can get all your keys running:

/usr/bin/ceph config-key ls

You'll get something like:

[
...
"dm-crypt/osd/50250ade-500a-44c4-8a47-00224d76594a/luks",
"dm-crypt/osd/940b5b1c-5926-4aa5-8cd7-ce2f22371d6a/luks",
"dm-crypt/osd/dd28c6ba-c101-4874-bc1c-401b34cb2f9b/luks",
...
]

These uuids are partition uuids.

You can get particular key as:

/usr/bin/ceph config-key get dm-crypt/osd//luks

As I don't use external wal\db partition currently I can't tell the exact
config path for their keys, but I believe a scheme will be the same.

Best regards,
Vladimir

2018-04-26 1:29 GMT+05:00 Kevin Olbrich :

> Hi,
>
> how can I backup the dmcrypt keys on luminous?
> The folder under /etc/ceph does not exist anymore.
>
> Kind regards
> Kevin
>
> ___
> ceph-users mailing list
> ceph-users@lists.ceph.com
> http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
>
>


-- 

С уважением,
Дробышевский Владимир
Компания "АйТи Город"
+7 343 192

ИТ-консалтинг
Поставка проектов "под ключ"
Аутсорсинг ИТ-услуг
Аутсорсинг ИТ-инфраструктуры
___
ceph-users mailing list
ceph-users@lists.ceph.com
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com

Re: [ceph-users] trimming the MON level db

2018-04-28 Thread Wido den Hollander 


On 04/27/2018 08:31 PM, David Turner wrote:
> I'm assuming that the "very bad move" means that you have some PGs not
> in active+clean.  Any non-active+clean PG will prevent your mons from
> being able to compact their db store.  This is by design so that if
> something were to happen where the data on some of the copies of the PG
> were lost and gone forever the mons could do their best to enable the
> cluster to reconstruct the PG knowing when OSDs went down/up, when PGs
> moved to new locations, etc.
> 
> Thankfully there isn't a way around this.  Something you can do is stop
> a mon, move the /var/lib/mon/$(hostname -s)/ folder to a new disk with
> more space, set it to mount in the proper location, and start it back
> up.  You would want to do this for each mon to give them more room for
> the mon store to grow.  Make sure to give the mon plenty of time to get
> back up into the quorum before moving on to the next one.
> 

Indeed. This is a unknown thing with Monitors for a lot of people. I
always suggest installing a >200GB DC-grade SSD in Monitors to make sure
you can make large movements without running into trouble with the MONs.

So yes, move this data to a new disk. Without all PGs active+clean you
can't trim the store.

> On Wed, Apr 25, 2018 at 10:25 AM Luis Periquito  > wrote:
> 
> Hi all,
> 
> we have a (really) big cluster that's ongoing a very bad move and the
> monitor database is growing at an alarming rate.
> 
> The cluster is running jewel (10.2.7) and is there any way to trim the
> monitor database before it gets HEALTH_OK?
> 
> I've searched and so far only found people saying not really, but just
> wanted a final sanity check...
> 
> thanks,
> ___
> ceph-users mailing list
> ceph-users@lists.ceph.com 
> http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
> 
> 
> 
> ___
> ceph-users mailing list
> ceph-users@lists.ceph.com
> http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
> 
___
ceph-users mailing list
ceph-users@lists.ceph.com
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com

[ceph-users] Correct way of adding placement pool for radosgw in luminous

2018-04-28 Thread Marc Roos 

I was wondering if the steps below are indeed the correct way to add a 
placement pool for the radosgw. 

My main concern is if indeed you only change the data_pool and keep the 
index_pool and data_extra_pool the same. (the data_extra_pool is not 
mentioned in the old manuals I used)

===
radosgw-admin zonegroup placement add --rgw-zonegroup=default 
--placement-id="ec21-placement" 

radosgw-admin zone placement add --rgw-zone=default 
--placement-id="ec21-placement" 
--data-pool="default.rgw.buckets.data.ec21" 
--index-pool="default.rgw.buckets.index" 
--data_extra_pool="default.rgw.buckets.non-ec" 

radosgw-admin period update --commit

service ceph-radosgw@rgw3 start

s3cmd mb s3://test2 --bucket-location=:ec21-placement
===

Used old manuals:
https://habrahabr.info/administration/data-warehousing/655-we-divide-s3-baketes-into-different-pools-in-ceph-luminous.html
http://cephnotes.ksperis.com/blog/2014/11/28/placement-pools-on-rados-gw/






___
ceph-users mailing list
ceph-users@lists.ceph.com
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com

Re: [ceph-users] Correct way of adding placement pool for radosgw in luminous

2018-04-28 Thread David Turner 
Correct you do not need to change the index_pool and the data_extra_pool is
a non-ec pool that is used by rgw for multi-part uploads. There is no need
to change that either for a placement pool.

You can additionally change the default placement rule for a zone as well
as for a specific user. I find creating a role specific for an arrival user
is handy so it can move data to a pool with shower/cheaper storage.

On Sat, Apr 28, 2018, 5:49 AM Marc Roos  wrote:

>
> I was wondering if the steps below are indeed the correct way to add a
> placement pool for the radosgw.
>
> My main concern is if indeed you only change the data_pool and keep the
> index_pool and data_extra_pool the same. (the data_extra_pool is not
> mentioned in the old manuals I used)
>
> ===
> radosgw-admin zonegroup placement add --rgw-zonegroup=default
> --placement-id="ec21-placement"
>
> radosgw-admin zone placement add --rgw-zone=default
> --placement-id="ec21-placement"
> --data-pool="default.rgw.buckets.data.ec21"
> --index-pool="default.rgw.buckets.index"
> --data_extra_pool="default.rgw.buckets.non-ec"
>
> radosgw-admin period update --commit
>
> service ceph-radosgw@rgw3 start
>
> s3cmd mb s3://test2 --bucket-location=:ec21-placement
> ===
>
> Used old manuals:
>
> https://habrahabr.info/administration/data-warehousing/655-we-divide-s3-baketes-into-different-pools-in-ceph-luminous.html
> http://cephnotes.ksperis.com/blog/2014/11/28/placement-pools-on-rados-gw/
>
>
>
>
>
>
> ___
> ceph-users mailing list
> ceph-users@lists.ceph.com
> http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
>
___
ceph-users mailing list
ceph-users@lists.ceph.com
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com

Re: [ceph-users] How to configure s3 bucket acl so that one user's bucket is visible to another.

2018-04-28 Thread Marc Roos 
 
I have asked the same, hope someone is able to asist soon.
https://www.mail-archive.com/ceph-users@lists.ceph.com/msg45644.html


-Original Message-
From: Безруков Илья Алексеевич [mailto:bezru...@iaaras.ru] 
Sent: zaterdag 28 april 2018 10:11
To: ceph-users@lists.ceph.com
Subject: *SPAM* [ceph-users] How to configure s3 bucket acl so 
that one user's bucket is visible to another.

Hello,

How to configure s3 bucket acl so that one user's bucket is visible to 
another.


I can create a bucket, objects in it and give another user access to it.
But another user does not see this bucket in the list of available 
buckets.




## User1


```
s3cmd -c s3cfg_user1 ls s3://

2018-04-28 07:50  s3://example1

#set ACL
s3cmd -c s3cfg_user1 setacl --acl-grant=all:user2 s3://example1
s3://example1/: ACL updated

# Check
s3cmd -c s3cfg_user1 info s3://example1  
   
s3://example1/ (bucket):
   Location:  us-east-1
   Payer: BucketOwner
   Expiration Rule: none
   Policy:none
   CORS:  none
   ACL:   User1: FULL_CONTROL
   ACL:   User2: FULL_CONTROL

# Put some data
s3cmd -c s3cfg_user1 put /tmp/dmesg s3://example1
upload: '/tmp/dmesg' -> 's3://example1/dmesg'  [1 of 1]
 5305 of 5305   100% in0s27.28 kB/s  done

#set ACL
s3cmd -c s3cfg_user1 setacl --acl-grant=all:bondarenko 
s3://example1/dmesg  

s3://example1/dmesg: ACL updated

```

## User2
```
s3cmd -c ~/.s3cfg_user2 ls s3://
2018-04-27 14:23  s3://only_itself_dir


# Check info
s3cmd -c ~/.s3cfg_user2 info s3://example1   
   
ERROR: Access to bucket 'example1' was denied
ERROR: S3 error: 403 (AccessDenied)

# ls bucket
s3cmd -c ~/.s3cfg_user2 ls s3://example1 
   
2018-04-28 07:58  5305   s3://example1/dmesg

#Get info
s3cmd -c ~/.s3cfg_user2 info s3://example1/dmesg s3://example1/dmesg 
(object):
   File size: 5305
   Last mod:  Sat, 28 Apr 2018 07:58:03 GMT
   MIME type: text/plain
   Storage:   STANDARD
   MD5 sum:   47ddc4780956cb55abe27e851aa02cfa
   SSE:   none
   Policy:none
ERROR: Access to bucket 'example1' was denied
ERROR: S3 error: 403 (AccessDenied)

#Get object
s3cmd -c ~/.s3cfg_user2 get s3://example1/dmesg /tmp/test
   
download: 's3://example1/dmesg' -> '/tmp/test'  [1 of 1]
 5305 of 5305   100% in0s   160.54 kB/s  done


#Put some oject to bucket
s3cmd -c ~/.s3cfg_user2 put /tmp/dmesg2 s3://example1/dmesg2 
   
upload: '/tmp/dmesg2' -> 's3://example1/dmesg2'  [1 of 1]
 38136 of 38136   100% in0s   455.18 kB/s  done
```


Best regards,

Ilya



___
ceph-users mailing list
ceph-users@lists.ceph.com
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com