hl10502的博客

执行ceph命令出错:librados: client.admin authentication error (1) Operation not permitted

执行ceph -s命令出错:

1
2
3
[root@ceph-231 ceph-ceph-231]# ceph -s
2017-06-20 17:34:12.196793 7f6744580700 0 librados: client.admin authentication error (1) Operation not permitted
Error connecting to cluster: PermissionError

解决方法

将ceph.client.admin.keyring文件内容copy到mon目录的keyring,重启mon服务。

查看mon的client.admin.keyring

1
2
3
4
5
6
7
[root@ceph-231 ceph]# /usr/bin/ceph --connect-timeout=25 --cluster=ceph --name mon. --keyring=/var/lib/ceph/mon/ceph-ceph-231/keyring auth get client.admin
exported keyring for client.admin
[client.admin]
key = AQAEI0JZupXTFRAAmFF56vYMzKkzc5nxLit6mA==
caps mds = "allow *"
caps mon = "allow *"
caps osd = "allow *"

如果auth中存在client.admin.keyring,则将client.admin.keyring信息copy到/etc/ceph/ceph.client.admin.keyring与/var/lib/ceph/mon/ceph-ceph-231/keyring文件中。

如果auth中不存在client.admin.keyring,则需创建client.admin.keyring。

创建client.admin.keyring

查看/etc/ceph/ceph.client.admin.keyring文件,如果不存在则使用ceph-authtool命令重新生成

1
[root@ceph-231 ~]# ceph-authtool --create-keyring /etc/ceph/ceph.client.admin.keyring --gen-key -n client.admin --set-uid=0 --cap mon 'allow *' --cap osd 'allow *' --cap mds 'allow *'

查看/etc/ceph/ceph.client.admin.keyring文件

1
2
3
4
5
6
7
[root@ceph-231 ~]# cat /etc/ceph/ceph.client.admin.keyring
[client.admin]
key = AQAEI0JZupXTFRAAmFF56vYMzKkzc5nxLit6mA==
auid = 0
caps mds = "allow *"
caps mon = "allow *"
caps osd = "allow *"

复制keyring

将/etc/ceph/ceph.client.admin.keyring文件内容copy到mon目录的keyring

1
2
3
4
5
6
7
8
9
10
[root@ceph-231 ~]# vi /var/lib/ceph/mon/ceph-ceph-231/keyring
[mon.]
key = AQBzv0hZAAAAABAAJLiETzmegHWmVO7JwvsMdQ==
caps mon = "allow *"
[client.admin]
key = AQAEI0JZupXTFRAAmFF56vYMzKkzc5nxLit6mA==
auid = 0
caps mds = "allow *"
caps mon = "allow *"
caps osd = "allow *"

重启mon

1
[root@ceph-231 ~]# systemctl restart ceph-mon@ceph-231