Bug 1418577

Summary: following upgrade documentation for ceph possibly breaks functionnality of OpenStack
Product: [Red Hat Storage] Red Hat Ceph Storage Reporter: Petr Barta <pbarta>
Component: DocumentationAssignee: Aron Gunn <agunn>
Status: CLOSED CURRENTRELEASE QA Contact: ceph-qe-bugs <ceph-qe-bugs>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 2.1CC: agunn, asriram, kdreyer, vimishra
Target Milestone: rc   
Target Release: 2.2   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-03-21 23:49:53 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Petr Barta 2017-02-02 08:31:38 UTC 
Description of problem:

In Installation Guide for Red Hat Enterprise Linux - Red Hat Ceph Storage (https://access.redhat.com/documentation/en/red-hat-ceph-storage/2/paged/installation-guide-for-red-hat-enterprise-linux/chapter-5-upgrading-ceph-storage-cluster), there is instruction for changing ownership of several directories, like for example:

Chapter 5.1.1 Upgrading a Ceph Monitor Node

..........
5. As root, update the owner and group permissions:
Syntax

# chown -R <owner>:<group> <path_to_directory>

Example

# chown -R ceph:ceph /var/lib/ceph/mon
# chown -R ceph:ceph /var/log/ceph
# chown -R ceph:ceph /var/run/ceph
# chown -R ceph:ceph /etc/ceph
..........

Similar examples are in different places throughout the document.

The last command can potentially break function of OpenStack commands, when monitoring node is running on OSP controller nodes. 
We have seen this for glance/cinder not being able to upload image to storage, because ownership for following keyring files was incorrectly set to ceph:ceph, instead of correct glance:glance, and cinder:cinder, respectively.

$ ls -al /etc/ceph
...
-rw-------.  1 ceph ceph      64 <date> ceph.client.cinder.keyring
-rw-------.  1 ceph ceph      64 <date> ceph.client.glance.keyring
...



Version-Release number of selected component (if applicable):

Ceph storage monitoring running on OSP controller nodes.

How reproducible:

Always

Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:

  The best way would be to specify exat files which need to have changed ownership.
  Second best way is to make a note that in such a situation files which are used by OSP need to have appropriate ownership/access rights set up.