[Bug 1847822] Re: CephFS authorize fails with unknown cap type

Billy Olsen billy.olsen at canonical.com
Fri Oct 11 23:42:28 UTC 2019 

This appears to have been broken by commit
d63fccb52241a216a08a92e615bcff008d365392 which added a validation for
all of the capabilities in this code path. The fs authorize command
works by adding a new capability keyed by the path. This capability with
the path key was not understood by the standard capability check method
being invoked so it returned False to indicate the capabilities are not
valid, which results in an EINVAL value.

The patch included in the pull request fixes this by changing to only
check the mds and osd capabilities instead of the full set.

-- 
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to Ubuntu Cloud Archive.
https://bugs.launchpad.net/bugs/1847822

Title:
  CephFS authorize fails with unknown cap type

Status in Ubuntu Cloud Archive:
  Triaged
Status in Ubuntu Cloud Archive queens series:
  Triaged
Status in ceph package in Ubuntu:
  Triaged

Bug description:
  Attempting to provide access to a user within Ceph to a specific mount
  path fails with unknown cap type. This appears to be due to the
  monitor not knowing how to validate the caps that are provided with
  the mount path per upstream bug https://tracker.ceph.com/issues/39395
  and subsequent pull requests.

  This is fixed in Mimic (13.1.0+) and included in the current Luminous
  devel release (upcoming 12.2.13).

  
  Steps to recreate:

  1. Install ceph w/ ceph-fs.

  2. Mount ceph filesystem and create subdirectory for restricting access
  $ ceph-fuse -k /etc/ceph/ceph.client.foo.keyring --id foo -m 10.5.0.5:6789 /mnt/ceph-fs
  $ mkdir /mnt/ceph-fs/bar

  3. Authorize access for ceph user to rw a directory
  $ ceph fs authorize ceph-fs client.foo /bar rw

  Expected Results:

  The authorize command to succeed

  Actual Results:

  Error EINVAL: unknown cap type '/bar'

  Upstream pull-request:
  https://github.com/ceph/ceph/pull/28666

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1847822/+subscriptions

More information about the Ubuntu-openstack-bugs mailing list