all lists on lists.proxmox.com
 help / color / mirror / Atom feed
* [pve-devel] [PATCH pve-manager v2] fix #7011: ceph monitor: set ownership of monitor logs
@ 2025-12-17  8:38 Dominik Rusovac
  2025-12-17  9:13 ` Dominik Rusovac
  0 siblings, 1 reply; 2+ messages in thread
From: Dominik Rusovac @ 2025-12-17  8:38 UTC (permalink / raw)
  To: pve-devel; +Cc: Dominik Rusovac

Ownership of the ceph monitor log file is now set to ceph:ceph after the
creation of a new monitor and before the new monitor starts. Hence,
effective ceph monitor logging on freshly set up ceph clusters no longer
depends on the first upgrade of ceph-common.

For setups (still) affected by #7011 it is required that ownership of
the ceph monitor log file is set to ceph:ceph (either manually or due to
some ceph-common upgrade), followed by a monitor restart.

Signed-off-by: Dominik Rusovac <d.rusovac@proxmox.com>
---
 PVE/API2/Ceph/MON.pm | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/PVE/API2/Ceph/MON.pm b/PVE/API2/Ceph/MON.pm
index 70fc158d..18407b1c 100644
--- a/PVE/API2/Ceph/MON.pm
+++ b/PVE/API2/Ceph/MON.pm
@@ -428,6 +428,15 @@ __PACKAGE__->register_method({
                             $mon_keyring,
                         ]);
                         run_command(['chown', 'ceph:ceph', '-R', $mondir]);
+
+                        eval {
+                            # fix-up initial log file from freshly created monitor here, as currently
+                            # we cannot instruct ceph-mon to create it with the correct ownership without
+                            # losing access to the mon keyring inside pmxcfs.
+                            run_command(
+                                ['chown', 'ceph:ceph', "/var/log/ceph/ceph-mon.$monid.log"]);
+                        };
+                        warn "$@" if $@;
                     };
                     my $err = $@;
                     unlink $monmap;
-- 
2.47.3



_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel


^ permalink raw reply	[flat|nested] 2+ messages in thread
* Re: [pve-devel] [PATCH pve-manager v2] fix #7011: ceph monitor: set ownership of monitor logs
  2025-12-17  8:38 [pve-devel] [PATCH pve-manager v2] fix #7011: ceph monitor: set ownership of monitor logs Dominik Rusovac
@ 2025-12-17  9:13 ` Dominik Rusovac
  0 siblings, 0 replies; 2+ messages in thread
From: Dominik Rusovac @ 2025-12-17  9:13 UTC (permalink / raw)
  To: pve-devel

Haven't added the notes due to omitting "--notes" in my "git-format-path" command, sorry. 
Notes:
changes since v1:
* only the concrete ceph monitor log file is being chown'ed, meaning:
* the whole log directory is no longer being chown'ed
* no more globbing involed
* command passed as array
v1: https://lore.proxmox.com/all/20251212130531.116019-1-d.rusovac@proxmox.com/ [https://lore.proxmox.com/all/20251212130531.116019-1-d.rusovac@proxmox.com/]
On Wednesday, 12/17/2025, 09:38, Dominik Rusovac <d.rusovac@proxmox.com> wrote:

From : Dominik Rusovac <d.rusovac@proxmox.com>
Sent on : Wednesday, 12/17/2025, 09:38
To : pve-devel@lists.proxmox.com
Cc : Dominik Rusovac <d.rusovac@proxmox.com>
Subject : [PATCH pve-manager v2] fix #7011: ceph monitor: set ownership of monitor logs
Ownership of the ceph monitor log file is now set to ceph:ceph after the
creation of a new monitor and before the new monitor starts. Hence,
effective ceph monitor logging on freshly set up ceph clusters no longer
depends on the first upgrade of ceph-common.

For setups (still) affected by #7011 it is required that ownership of
the ceph monitor log file is set to ceph:ceph (either manually or due to
some ceph-common upgrade), followed by a monitor restart.

Signed-off-by: Dominik Rusovac <d.rusovac@proxmox.com>
---
 PVE/API2/Ceph/MON.pm [http://mon.pm/] | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/PVE/API2/Ceph/MON.pm [http://mon.pm/] b/PVE/API2/Ceph/MON.pm [http://mon.pm/]
index 70fc158d..18407b1c 100644
--- a/PVE/API2/Ceph/MON.pm [http://mon.pm/]
+++ b/PVE/API2/Ceph/MON.pm [http://mon.pm/]
@@ -428,6 +428,15 @@ __PACKAGE__->register_method({
                             $mon_keyring,
                         ]);
                         run_command(['chown', 'ceph:ceph', '-R', $mondir]);
+
+                        eval {
+                            # fix-up initial log file from freshly created monitor here, as currently
+                            # we cannot instruct ceph-mon to create it with the correct ownership without
+                            # losing access to the mon keyring inside pmxcfs.
+                            run_command(
+                                ['chown', 'ceph:ceph', "/var/log/ceph/ceph-mon.$monid.log"]);
+                        };
+                        warn "$@" if $@;
                     };
                     my $err = $@;
                     unlink $monmap;
-- 
2.47.3


_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2025-12-17  9:13 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2025-12-17  8:38 [pve-devel] [PATCH pve-manager v2] fix #7011: ceph monitor: set ownership of monitor logs Dominik Rusovac
2025-12-17  9:13 ` Dominik Rusovac

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal