From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) by lore.proxmox.com (Postfix) with ESMTPS id BE58F1FF13B for ; Wed, 11 Mar 2026 18:03:46 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 4B8E33422B; Wed, 11 Mar 2026 18:03:41 +0100 (CET) From: Thomas Lamprecht To: pve-devel@lists.proxmox.com Subject: [PATCH manager] fix #7011: ceph monitor: set ownership of monitor logs Date: Wed, 11 Mar 2026 18:03:20 +0100 Message-ID: <20260311170322.3688876-1-t.lamprecht@proxmox.com> X-Mailer: git-send-email 2.47.3 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Bm-Milter-Handled: 55990f41-d878-4baa-be0a-ee34c49e34d2 X-Bm-Transport-Timestamp: 1773248572596 X-SPAM-LEVEL: Spam detection results: 0 AWL -0.013 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Message-ID-Hash: GGEWTUZN4LQNUORTHDBR6NVEPWTBEVG4 X-Message-ID-Hash: GGEWTUZN4LQNUORTHDBR6NVEPWTBEVG4 X-MailFrom: t.lamprecht@proxmox.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.10 Precedence: list List-Id: Proxmox VE development discussion List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: From: Dominik Rusovac Ownership of the ceph monitor log file is now set to ceph:ceph after the creation of a new monitor and before the new monitor starts. Hence, effective ceph monitor logging on freshly set up ceph clusters no longer depends on the first upgrade of ceph-common. For setups (still) affected by #7011 it is required that ownership of the ceph monitor log file is set to ceph:ceph (either manually or due to some ceph-common upgrade), followed by a monitor restart. Signed-off-by: Dominik Rusovac Reviewed-by: Maximiliano Sandoval Tested-by: Maximiliano Sandoval Link: https://lore.proxmox.com/20251217083819.33912-1-d.rusovac@proxmox.com Signed-off-by: Thomas Lamprecht --- PVE/API2/Ceph/MON.pm | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/PVE/API2/Ceph/MON.pm b/PVE/API2/Ceph/MON.pm index 70fc158dd..18407b1c2 100644 --- a/PVE/API2/Ceph/MON.pm +++ b/PVE/API2/Ceph/MON.pm @@ -428,6 +428,15 @@ __PACKAGE__->register_method({ $mon_keyring, ]); run_command(['chown', 'ceph:ceph', '-R', $mondir]); + + eval { + # fix-up initial log file from freshly created monitor here, as currently + # we cannot instruct ceph-mon to create it with the correct ownership without + # losing access to the mon keyring inside pmxcfs. + run_command( + ['chown', 'ceph:ceph', "/var/log/ceph/ceph-mon.$monid.log"]); + }; + warn "$@" if $@; }; my $err = $@; unlink $monmap; -- 2.47.3