DescriptionPersona non grata
2019-02-06 05:44:03 UTC
Description of problem:
Command 'ceph tell mds.0 session ls' is failing with permission error due to missing permission for MDS in client.admin
[root@ceph-cephfs-1549351399814-node1-monmgrinstaller ceph]# ceph tell mds.0 session ls
2019-02-06 00:33:01.644120 7faad5ffb700 0 client.64221 ms_handle_reset on 172.16.115.137:6800/263978892
Error EPERM: problem getting command descriptions from mds.0
---------------------
client.admin's keyring looks like this:
[client.admin]
key = AQDSQVlclkwsORAAMWQgP/c4EXo0N1bYjbS4aQ==
auid = 0
caps mds = "allow"
caps mgr = "allow *"
caps mon = "allow *"
caps osd = "allow *"
Version-Release number of selected component (if applicable):
ceph-ansible-3.2.5-1.el7cp.noarch
How reproducible:
Always
Steps to Reproduce:
1. Setup a ceph cluster on containers, try to run command 'ceph tell mds.0 session ls'
Actual results:
[root@ceph-cephfs-1549351399814-node1-monmgrinstaller ceph]# ceph tell mds.0 session ls
2019-02-06 00:33:01.644120 7faad5ffb700 0 client.64221 ms_handle_reset on 172.16.115.137:6800/263978892
Expected results:
Should output clients session info
Additional info:
Command like 'ceph tell osd.0 injectargs --debug-osd 20 --debug-ms 1' works without any problems since it has "allow *" permission
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.
https://access.redhat.com/errata/RHSA-2019:0911