[pve-devel] [PATCH pve-manager] fix #7011: ceph monitor: set ownership of monitor logs

[pve-devel] [PATCH pve-manager] fix #7011: ceph monitor: set ownership of monitor logs

[Dominik Rusovac]

Ownership of ceph logs is now set to ceph:ceph after the creation of a
new monitor and before the new monitor starts. Hence, effective ceph
monitor logging on freshly set up ceph clusters no longer depends on the
first upgrade of ceph-common.

For setups (still) affected by #7011 it is required that ownership of
ceph logs is set to ceph:ceph (either manually or due to some
ceph-common upgrade), followed by a monitor restart.

Signed-off-by: Dominik Rusovac <d.rusovac@proxmox.com>
---
 PVE/API2/Ceph/MON.pm | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/PVE/API2/Ceph/MON.pm b/PVE/API2/Ceph/MON.pm
index 70fc158d..047337ea 100644
--- a/PVE/API2/Ceph/MON.pm
+++ b/PVE/API2/Ceph/MON.pm
@@ -428,6 +428,12 @@ __PACKAGE__->register_method({
                             $mon_keyring,
                         ]);
                         run_command(['chown', 'ceph:ceph', '-R', $mondir]);
+
+                        eval {
+                            run_command('chown ceph:ceph /var/log/ceph');
+                            run_command('chown ceph:ceph /var/log/ceph/*.log*');
+                        };
+                        warn "$@" if $@;
                     };
                     my $err = $@;
                     unlink $monmap;
-- 
2.47.3



_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

Re: [pve-devel] [PATCH pve-manager] fix #7011: ceph monitor: set ownership of monitor logs

[Maximiliano Sandoval]

Dominik Rusovac <d.rusovac@proxmox.com> writes:

> Ownership of ceph logs is now set to ceph:ceph after the creation of a
> new monitor and before the new monitor starts. Hence, effective ceph
> monitor logging on freshly set up ceph clusters no longer depends on the
> first upgrade of ceph-common.
>
> For setups (still) affected by #7011 it is required that ownership of
> ceph logs is set to ceph:ceph (either manually or due to some
> ceph-common upgrade), followed by a monitor restart.
>
> Signed-off-by: Dominik Rusovac <d.rusovac@proxmox.com>
> ---
>  PVE/API2/Ceph/MON.pm | 6 ++++++
>  1 file changed, 6 insertions(+)
>
> diff --git a/PVE/API2/Ceph/MON.pm b/PVE/API2/Ceph/MON.pm
> index 70fc158d..047337ea 100644
> --- a/PVE/API2/Ceph/MON.pm
> +++ b/PVE/API2/Ceph/MON.pm
> @@ -428,6 +428,12 @@ __PACKAGE__->register_method({
>                              $mon_keyring,
>                          ]);
>                          run_command(['chown', 'ceph:ceph', '-R', $mondir]);
> +
> +                        eval {
> +                            run_command('chown ceph:ceph /var/log/ceph');
> +                            run_command('chown ceph:ceph /var/log/ceph/*.log*');
> +                        };
> +                        warn "$@" if $@;
>                      };
>                      my $err = $@;
>                      unlink $monmap;

When we call ceph-mon --mkfs a few lines above the file
/var/log/ceph/ceph-mon.$monid.log gets created with owner root:ceph. I
tried using --setuser=ceph instead, but that did not work out while this
approach does work.

It should be noted however that only the file mentioned above has the
wrong owner and that the chown calls above are a bit too greedy, however
this matches ceph-common post-install script better.

Tested-by: Maximiliano Sandoval <m.sandoval@proxmox.com>
Reviewed-by: Maximiliano Sandoval <m.sandoval@proxmox.com>

-- 
Maximiliano


_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel