Manila's cephfs native driver uses this client library. Users of the driver will get back auth IDs with invalid caps, for auth IDs that weren't created by the driver and had no MDS or OSD caps. Steps to reproduce: 1. Create a ceph auth ID with no caps. $ sudo ceph auth get-or-create client.test2 2. Create a ceph client auth ID 'manila' with r/w access to the entire CephFS . It will be used by the ceph volume client. $ sudo ceph auth get-or-create client.manila mon "allow *" osd "allow rw" mds "allow *" -o /etc/ceph/ceph.client.manila.keyring 3. Allow ceph volume client to authorize ID 'client.test2' to access a volume (a CephFS subdir). Do this in the python interpreter. >>> import ceph_volume_client >>> vc = ceph_volume_client.CephFSVolumeClient("manila", "/etc/ceph/ceph.conf", "ceph") >>> vc.connect() >>> vp = ceph_volume_client.VolumePath('group1', 'share1') >>> vc.create_volume(vp, size=5) >>> vc.authorize(vp, 'test2') >>> vc.disconnect() 4. Now check out the caps of 'client.test2'. It's got invalid OSD and MDS caps, a ',' is at the beginning of the caps. $ sudo ceph auth get client.test2 [client.test2] key = AQD4CsVZCpBBORAAtqL6wndnhTbip9xf0NQeeQ== caps mds = ",allow rw path=/volumes/group1/share1" caps mon = "allow r" caps osd = ",allow rw pool=cephfs_data namespace=fsvolumens_share1"
The fix is in uptream v12.2.2 https://github.com/ceph/ceph/commit/c5ccbf1108532547f54f084b8f06c7f5ddf8a4e8
In https://bugzilla.redhat.com/show_bug.cgi?id=1543879#c0 > Manila's cephfs native driver uses this client library Meant to say 'ceph_volume_client' library
provided qa_ack, clearing needinfo flag.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2018:1259