Single MDS cephx key - Travis Nielsen

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Travis Nielsen <Travis.Nielsen@Quantum.com>
To: Ceph Development <ceph-devel@vger.kernel.org>
Subject: Single MDS cephx key
Date: Tue, 26 Sep 2017 23:09:33 +0000	[thread overview]
Message-ID: <D5F02A0B.9B73A%travis.nielsen@quantum.com> (raw)

Is it possible to use the same cephx key for all instances of MDS or do
they each require their own? Mons require the same keyring so I tried
following the same pattern by creating a keyring with "mds.", but the MDS
is complaining about not being authorized when it tries to start. Am I
missing something or is this not possible for MDS keys? If I create a
unique key for each MDS instance it works fine, but it would simplify my
scenario if I could use the same key. I'm running on Luminous.

The key was generated with this:
ceph auth get-or-create-key mds. osd allow * mds allow mon allow profile
mds

The keyring contents are:
[mds.]
key = AQD62spZw3zRGhAAkHHVokP3BDf8PEy4+vXGMg==

I run the following with that keyring:
ceph-mds --foreground --name=mds.mymds -i mymds

And I see the error:
2017-09-26 22:55:55.973047 7fb004459200 -1 mds.mds81c2n ERROR: failed to
authenticate: (22) Invalid argument

Thanks,
Travis

next             reply	other threads:[~2017-09-26 23:09 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-09-26 23:09 Travis Nielsen [this message]
2017-09-27 10:01 ` Single MDS cephx key John Spray
2017-09-27 14:49   ` Travis Nielsen
2017-09-27 16:36   ` Travis Nielsen
2017-09-27 16:45     ` John Spray
2017-09-27 17:01       ` Travis Nielsen
2017-10-02 16:14         ` Xiaoxi Chen

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=D5F02A0B.9B73A%travis.nielsen@quantum.com \
    --to=travis.nielsen@quantum.com \
    --cc=ceph-devel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.