From: Thomas Lamprecht <t.lamprecht@proxmox.com>
To: pve-devel@lists.proxmox.com
Subject: [PATCH manager] fix #7011: ceph monitor: set ownership of monitor logs
Date: Wed, 11 Mar 2026 18:03:20 +0100 [thread overview]
Message-ID: <20260311170322.3688876-1-t.lamprecht@proxmox.com> (raw)
From: Dominik Rusovac <d.rusovac@proxmox.com>
Ownership of the ceph monitor log file is now set to ceph:ceph after the
creation of a new monitor and before the new monitor starts. Hence,
effective ceph monitor logging on freshly set up ceph clusters no longer
depends on the first upgrade of ceph-common.
For setups (still) affected by #7011 it is required that ownership of
the ceph monitor log file is set to ceph:ceph (either manually or due to
some ceph-common upgrade), followed by a monitor restart.
Signed-off-by: Dominik Rusovac <d.rusovac@proxmox.com>
Reviewed-by: Maximiliano Sandoval <m.sandoval@proxmox.com>
Tested-by: Maximiliano Sandoval <m.sandoval@proxmox.com>
Link: https://lore.proxmox.com/20251217083819.33912-1-d.rusovac@proxmox.com
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
---
PVE/API2/Ceph/MON.pm | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/PVE/API2/Ceph/MON.pm b/PVE/API2/Ceph/MON.pm
index 70fc158dd..18407b1c2 100644
--- a/PVE/API2/Ceph/MON.pm
+++ b/PVE/API2/Ceph/MON.pm
@@ -428,6 +428,15 @@ __PACKAGE__->register_method({
$mon_keyring,
]);
run_command(['chown', 'ceph:ceph', '-R', $mondir]);
+
+ eval {
+ # fix-up initial log file from freshly created monitor here, as currently
+ # we cannot instruct ceph-mon to create it with the correct ownership without
+ # losing access to the mon keyring inside pmxcfs.
+ run_command(
+ ['chown', 'ceph:ceph', "/var/log/ceph/ceph-mon.$monid.log"]);
+ };
+ warn "$@" if $@;
};
my $err = $@;
unlink $monmap;
--
2.47.3
reply other threads:[~2026-03-11 17:03 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260311170322.3688876-1-t.lamprecht@proxmox.com \
--to=t.lamprecht@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.