From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) by lore.proxmox.com (Postfix) with ESMTPS id 604681FF13F for ; Thu, 12 Mar 2026 06:09:53 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id EFFE25478; Thu, 12 Mar 2026 06:09:48 +0100 (CET) From: Kefu Chai To: pve-devel@lists.proxmox.com Subject: [PATCH manager v2 1/1] ceph: osd: fix bootstrap keyring creation when auth_client_required is not in ceph.conf Date: Thu, 12 Mar 2026 13:09:01 +0800 Message-ID: <20260312050901.1054941-2-k.chai@proxmox.com> X-Mailer: git-send-email 2.47.3 In-Reply-To: <20260312050901.1054941-1-k.chai@proxmox.com> References: <20260312050901.1054941-1-k.chai@proxmox.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Bm-Milter-Handled: 55990f41-d878-4baa-be0a-ee34c49e34d2 X-Bm-Transport-Timestamp: 1773292119584 X-SPAM-LEVEL: Spam detection results: 0 AWL -0.735 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment RCVD_IN_MSPIKE_H2 0.001 Average reputation (+2) RCVD_IN_VALIDITY_CERTIFIED_BLOCKED 0.408 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. RCVD_IN_VALIDITY_RPBL_BLOCKED 0.819 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. RCVD_IN_VALIDITY_SAFE_BLOCKED 0.903 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Message-ID-Hash: GTQOJOIOKIEG4NSLAXLAQUAHBAMETDWL X-Message-ID-Hash: GTQOJOIOKIEG4NSLAXLAQUAHBAMETDWL X-MailFrom: k.chai@proxmox.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: Kefu Chai X-Mailman-Version: 3.3.10 Precedence: list List-Id: Proxmox VE development discussion List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: The condition guarding bootstrap-osd keyring creation checks for `auth_client_required eq 'cephx'` by reading ceph.conf directly. When this setting is absent from ceph.conf (relying on the Ceph default, or configured via the mon config database instead), the check evaluates as `undef eq 'cephx'` which is false, causing PVE to skip creating the bootstrap keyring. ceph-volume then fails because it cannot find /var/lib/ceph/bootstrap-osd/ceph.keyring. This can happen when: - ceph.conf [global] was created before `pveceph init` wrote the auth settings (pveceph init skips writing them if [global] already exists) - auth settings were moved from ceph.conf to the mon config database - an upgrade or migration left ceph.conf without the auth lines Fix by defaulting to 'cephx' when the setting is absent (matching Ceph's own default) and inverting the check to only skip keyring creation when auth is explicitly set to 'none'. Signed-off-by: Kefu Chai Signed-off-by: Kefu Chai --- PVE/API2/Ceph/OSD.pm | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/PVE/API2/Ceph/OSD.pm b/PVE/API2/Ceph/OSD.pm index a952c952..dce519a5 100644 --- a/PVE/API2/Ceph/OSD.pm +++ b/PVE/API2/Ceph/OSD.pm @@ -405,10 +405,8 @@ __PACKAGE__->register_method({ my $ceph_bootstrap_osd_keyring = PVE::Ceph::Tools::get_config('ceph_bootstrap_osd_keyring'); - if ( - !-f $ceph_bootstrap_osd_keyring - && $ceph_conf->{global}->{auth_client_required} eq 'cephx' - ) { + my $auth_client_required = $ceph_conf->{global}->{auth_client_required} // 'cephx'; + if (!-f $ceph_bootstrap_osd_keyring && $auth_client_required ne 'none') { my $bindata = $rados->mon_command({ prefix => 'auth get-or-create', entity => 'client.bootstrap-osd', -- 2.47.3