From: Kefu Chai <k.chai@proxmox.com>
To: pve-devel@lists.proxmox.com
Cc: Kefu Chai <tchaikov@gmail.com>
Subject: [PATCH manager 1/1] ceph: osd: fix bootstrap keyring creation when auth_client_required is not in ceph.conf
Date: Wed, 11 Mar 2026 21:28:50 +0800 [thread overview]
Message-ID: <20260311132849.437725-3-k.chai@proxmox.com> (raw)
In-Reply-To: <20260311132849.437725-2-k.chai@proxmox.com>
The condition guarding bootstrap-osd keyring creation checks for
`auth_client_required eq 'cephx'` by reading ceph.conf directly. When
this setting is absent from ceph.conf (relying on the Ceph default, or
configured via the mon config database instead), the check evaluates as
`undef eq 'cephx'` which is false, causing PVE to skip creating the
bootstrap keyring. ceph-volume then fails because it cannot find
/var/lib/ceph/bootstrap-osd/ceph.keyring.
This can happen when:
- ceph.conf [global] was created before `pveceph init` wrote the auth
settings (pveceph init skips writing them if [global] already exists)
- auth settings were moved from ceph.conf to the mon config database
- an upgrade or migration left ceph.conf without the auth lines
Fix by defaulting to 'cephx' when the setting is absent (matching
Ceph's own default) and inverting the check to only skip keyring
creation when auth is explicitly set to 'none'.
Signed-off-by: Kefu Chai <tchaikov@gmail.com>
Signed-off-by: Kefu Chai <k.chai@proxmox.com>
---
PVE/API2/Ceph/OSD.pm | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/PVE/API2/Ceph/OSD.pm b/PVE/API2/Ceph/OSD.pm
index a952c952..062729ae 100644
--- a/PVE/API2/Ceph/OSD.pm
+++ b/PVE/API2/Ceph/OSD.pm
@@ -407,7 +407,7 @@ __PACKAGE__->register_method({
if (
!-f $ceph_bootstrap_osd_keyring
- && $ceph_conf->{global}->{auth_client_required} eq 'cephx'
+ && ($ceph_conf->{global}->{auth_client_required} // 'cephx') ne 'none'
) {
my $bindata = $rados->mon_command({
prefix => 'auth get-or-create',
--
2.47.3
next prev parent reply other threads:[~2026-03-11 13:29 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-11 13:28 [PATCH manager 0/1] fix bootstreap keyring creation when auth_client_required is missing Kefu Chai
2026-03-11 13:28 ` Kefu Chai [this message]
2026-03-11 17:02 ` [PATCH manager 1/1] ceph: osd: fix bootstrap keyring creation when auth_client_required is not in ceph.conf Thomas Lamprecht
2026-03-12 3:35 ` Kefu Chai
2026-03-12 5:19 ` kefu chai
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260311132849.437725-3-k.chai@proxmox.com \
--to=k.chai@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
--cc=tchaikov@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox