[PATCH manager v2 0/1] ceph: osd: fix bootstrap keyring creation when auth_client

public inbox for pve-devel@lists.proxmox.com
 help / color / mirror / Atom feed

* [PATCH manager v2 0/1] ceph: osd: fix bootstrap keyring creation when auth_client_required is not in ceph.conf
@ 2026-03-12  5:09 Kefu Chai
  2026-03-12  5:09 ` [PATCH manager v2 1/1] " Kefu Chai
  2026-03-12  7:48 ` applied: [PATCH manager v2 0/1] " Thomas Lamprecht
  0 siblings, 2 replies; 3+ messages in thread
From: Kefu Chai @ 2026-03-12  5:09 UTC (permalink / raw)
  To: pve-devel

changes since v1:

- extracted $auth_client_required to a named variable

Kefu Chai (1):
  ceph: osd: fix bootstrap keyring creation when auth_client_required is
    not in ceph.conf

 PVE/API2/Ceph/OSD.pm | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

-- 
2.47.3





^ permalink raw reply	[flat|nested] 3+ messages in thread

* [PATCH manager v2 1/1] ceph: osd: fix bootstrap keyring creation when auth_client_required is not in ceph.conf
  2026-03-12  5:09 [PATCH manager v2 0/1] ceph: osd: fix bootstrap keyring creation when auth_client_required is not in ceph.conf Kefu Chai
@ 2026-03-12  5:09 ` Kefu Chai
  2026-03-12  7:48 ` applied: [PATCH manager v2 0/1] " Thomas Lamprecht
  1 sibling, 0 replies; 3+ messages in thread
From: Kefu Chai @ 2026-03-12  5:09 UTC (permalink / raw)
  To: pve-devel; +Cc: Kefu Chai

The condition guarding bootstrap-osd keyring creation checks for
`auth_client_required eq 'cephx'` by reading ceph.conf directly. When
this setting is absent from ceph.conf (relying on the Ceph default, or
configured via the mon config database instead), the check evaluates as
`undef eq 'cephx'` which is false, causing PVE to skip creating the
bootstrap keyring. ceph-volume then fails because it cannot find
/var/lib/ceph/bootstrap-osd/ceph.keyring.

This can happen when:
- ceph.conf [global] was created before `pveceph init` wrote the auth
  settings (pveceph init skips writing them if [global] already exists)
- auth settings were moved from ceph.conf to the mon config database
- an upgrade or migration left ceph.conf without the auth lines

Fix by defaulting to 'cephx' when the setting is absent (matching
Ceph's own default) and inverting the check to only skip keyring
creation when auth is explicitly set to 'none'.

Signed-off-by: Kefu Chai <tchaikov@gmail.com>
Signed-off-by: Kefu Chai <k.chai@proxmox.com>
---
 PVE/API2/Ceph/OSD.pm | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/PVE/API2/Ceph/OSD.pm b/PVE/API2/Ceph/OSD.pm
index a952c952..dce519a5 100644
--- a/PVE/API2/Ceph/OSD.pm
+++ b/PVE/API2/Ceph/OSD.pm
@@ -405,10 +405,8 @@ __PACKAGE__->register_method({
         my $ceph_bootstrap_osd_keyring =
             PVE::Ceph::Tools::get_config('ceph_bootstrap_osd_keyring');
 
-        if (
-            !-f $ceph_bootstrap_osd_keyring
-            && $ceph_conf->{global}->{auth_client_required} eq 'cephx'
-        ) {
+        my $auth_client_required = $ceph_conf->{global}->{auth_client_required} // 'cephx';
+        if (!-f $ceph_bootstrap_osd_keyring && $auth_client_required ne 'none') {
             my $bindata = $rados->mon_command({
                 prefix => 'auth get-or-create',
                 entity => 'client.bootstrap-osd',
-- 
2.47.3





^ permalink raw reply	[flat|nested] 3+ messages in thread

* applied: [PATCH manager v2 0/1] ceph: osd: fix bootstrap keyring creation when auth_client_required is not in ceph.conf
  2026-03-12  5:09 [PATCH manager v2 0/1] ceph: osd: fix bootstrap keyring creation when auth_client_required is not in ceph.conf Kefu Chai
  2026-03-12  5:09 ` [PATCH manager v2 1/1] " Kefu Chai
@ 2026-03-12  7:48 ` Thomas Lamprecht
  1 sibling, 0 replies; 3+ messages in thread
From: Thomas Lamprecht @ 2026-03-12  7:48 UTC (permalink / raw)
  To: pve-devel, Kefu Chai

On Thu, 12 Mar 2026 13:09:00 +0800, Kefu Chai wrote:
> changes since v1:
> 
> - extracted $auth_client_required to a named variable
> 
> Kefu Chai (1):
>   ceph: osd: fix bootstrap keyring creation when auth_client_required is
>     not in ceph.conf
> 
> [...]

Applied, thanks!

[1/1] ceph: osd: fix bootstrap keyring creation when auth_client_required is not in ceph.conf
      commit: 7c05cb03ec81630eb1c0177f4c1914c55a1653f0




^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2026-03-12  8:00 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2026-03-12  5:09 [PATCH manager v2 0/1] ceph: osd: fix bootstrap keyring creation when auth_client_required is not in ceph.conf Kefu Chai
2026-03-12  5:09 ` [PATCH manager v2 1/1] " Kefu Chai
2026-03-12  7:48 ` applied: [PATCH manager v2 0/1] " Thomas Lamprecht

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox

Service provided by Proxmox Server Solutions GmbH | Privacy | Legal