Snapshot operation not permitted

45Drives / cephgeorep

An efficient unidirectional remote backup daemon for CephFS.

GNU Lesser General Public License v2.1

58 stars 12 forks source link

Snapshot operation not permitted #44

Closed SjamonDaal closed 2 years ago

SjamonDaal commented 2 years ago

Hi,

I'm trying to setup cephgeorep but I can't get it to work.

Output:

$ cephfssyncd -d -s -v

Reading last rctime from disk.
Watching: /mnt/cephroot
Checking for change.
Change detected in /mnt/cephroot
Creating snapshot: /mnt/cephroot/.snap/2928286snapshot1643381222.476912000
Error: Error creating snapshot path: Operation not permitted
Removing snapshot: /mnt/cephroot/.snap/2928286snapshot1643381222.476912000

What permissions are required for the ceph user? Or that is the issue? I've created a new user and allowed * on all objects but still didn't work.

bkelly16 commented 2 years ago

What is the contents of that users keyring ?

You will need to either * the mds caps, or explicity give snapshot permission to the directory.

For example, the below caps for a client.samba has only read access to the root of the cephfs filesystem. But on /fsgw and below client has permission to:

(r)ead
(w)rite
(p) set quota and data layout
(s) create/delete snapshots

More info in the ceph docs's here

client.samba
    key: AQB8tOphAAAAABAAgKYR8cR8HLliC2Rmu/0n3A==
    caps: [mds] allow r path=/, allow rwps path=/fsgw
    caps: [mon] allow r
    caps: [osd] allow *

SjamonDaal commented 2 years ago

I've tested cephgeorep with the following permissions:

client.admin
        key: 000==
        caps: [mds] allow *
        caps: [mgr] allow *
        caps: [mon] allow *
        caps: [osd] allow *

SjamonDaal commented 2 years ago

I've created a new user with the following auth but I still receive the same message.

client.cephfs-backup
        key: 000==
        caps: [mds] allow rws path=/
        caps: [mon] allow r
        caps: [osd] allow rw pool=cephfs_data

$ cephfssyncd -d -s -v

Reading last rctime from disk.
Watching: /mnt/cephroot-backup
Checking for change.
Change detected in /mnt/cephroot-backup
Creating snapshot: /mnt/cephroot-backup/.snap/2935579snapshot1643383817.273354728
Error: Error creating snapshot path: Operation not permitted
Removing snapshot: /mnt/cephroot-backup/.snap/2935579snapshot1643383817.273354728

SjamonDaal commented 2 years ago

It's working now on our testing cluster but I can't get it to work on our production servers. Seems to be something ceph related. Is there a setting I need to enable before snapshots are enabled or something like that? I've tried

$ ceph mds set allow_new_snaps true
Error ENOTSUP: command is obsolete; please check usage and/or man page

Running ceph version 13.2.5 mimic

SjamonDaal commented 2 years ago

Fixed this issue. Solution: https://docs.ceph.com/en/mimic/dev/cephfs-snapshots/#creating-a-snapshot