doc: Update cephfs caps #5294
doc: Update cephfs caps #5294
Conversation
mergify
bot
added
ci/skip/e2e
When cephfs is used with encryption an exclusive lock is acquired. This needs the execute permission on the metadata pool. Fixes: ceph#4728 Signed-off-by: Felix Prasse <[email protected]>
| ``` | ||
| mgr "allow rw" | ||
| osd "allow rw tag cephfs metadata=cephfs, allow rw tag cephfs data=cephfs" | ||
| osd "allow rwx tag cephfs metadata=cephfs, allow rw tag cephfs data=cephfs" |
There was a problem hiding this comment.
If am correct, the allow x permission is specifically needed when CephFS encryption is in use. If encryption is not configured, this permission can be omitted from the OSD capabilities. Can we add this as NOTE section?
There was a problem hiding this comment.
You are correct. Currently it is only required when CephFS encryption is used. However, this is needed for using RADOS locks, which might get used in other places too. A note about it might be useful, but it can get outdated easily too. Once deployed, users will likely not change the capabilities later on, adding an encrypted CephFS storage class after a while is surely more common.
I am fine with the current enhancement, it will prevent others from hitting problems with this.
nixpanic
force-pushed
the
feature/update-documentation-for-lock
branch
from
ccdb9bd to
629c997
Compare
3 participants
When cephfs is used with encryption an exclusive lock is acquired. This needs the execute permission on the metadata pool.
Fixes #4728
Future concerns
Checklist:
guidelines in the developer
guide.
Request
notes
updated with breaking and/or notable changes for the next major release.
Show available bot commands
These commands are normally not required, but in case of issues, leave any of
the following bot commands in an otherwise empty comment in this PR:
/retest ci/centos/<job-name>: retest the<job-name>after unrelatedfailure (please report the failure too!)