From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) by lore.proxmox.com (Postfix) with ESMTPS id 551271FF13B for ; Wed, 11 Mar 2026 14:29:53 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 410E01C2D0; Wed, 11 Mar 2026 14:29:44 +0100 (CET) From: Kefu Chai To: pve-devel@lists.proxmox.com Subject: [PATCH manager 1/1] ceph: osd: fix bootstrap keyring creation when auth_client_required is not in ceph.conf Date: Wed, 11 Mar 2026 21:28:50 +0800 Message-ID: <20260311132849.437725-3-k.chai@proxmox.com> X-Mailer: git-send-email 2.47.3 In-Reply-To: <20260311132849.437725-2-k.chai@proxmox.com> References: <20260311132849.437725-2-k.chai@proxmox.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Bm-Milter-Handled: 55990f41-d878-4baa-be0a-ee34c49e34d2 X-Bm-Transport-Timestamp: 1773235715570 X-SPAM-LEVEL: Spam detection results: 0 AWL 0.319 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Message-ID-Hash: JCUKQO2M2ZPX4BDMFCQHAUXNOREDJCQ5 X-Message-ID-Hash: JCUKQO2M2ZPX4BDMFCQHAUXNOREDJCQ5 X-MailFrom: k.chai@proxmox.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: Kefu Chai X-Mailman-Version: 3.3.10 Precedence: list List-Id: Proxmox VE development discussion List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: The condition guarding bootstrap-osd keyring creation checks for `auth_client_required eq 'cephx'` by reading ceph.conf directly. When this setting is absent from ceph.conf (relying on the Ceph default, or configured via the mon config database instead), the check evaluates as `undef eq 'cephx'` which is false, causing PVE to skip creating the bootstrap keyring. ceph-volume then fails because it cannot find /var/lib/ceph/bootstrap-osd/ceph.keyring. This can happen when: - ceph.conf [global] was created before `pveceph init` wrote the auth settings (pveceph init skips writing them if [global] already exists) - auth settings were moved from ceph.conf to the mon config database - an upgrade or migration left ceph.conf without the auth lines Fix by defaulting to 'cephx' when the setting is absent (matching Ceph's own default) and inverting the check to only skip keyring creation when auth is explicitly set to 'none'. Signed-off-by: Kefu Chai Signed-off-by: Kefu Chai --- PVE/API2/Ceph/OSD.pm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/PVE/API2/Ceph/OSD.pm b/PVE/API2/Ceph/OSD.pm index a952c952..062729ae 100644 --- a/PVE/API2/Ceph/OSD.pm +++ b/PVE/API2/Ceph/OSD.pm @@ -407,7 +407,7 @@ __PACKAGE__->register_method({ if ( !-f $ceph_bootstrap_osd_keyring - && $ceph_conf->{global}->{auth_client_required} eq 'cephx' + && ($ceph_conf->{global}->{auth_client_required} // 'cephx') ne 'none' ) { my $bindata = $rados->mon_command({ prefix => 'auth get-or-create', -- 2.47.3