Proxmox + Ceph: why a non-standard keyring parameter in /etc/ceph/ceph.conf?

C

cmonty14

Renowned Member
Mar 4, 2014
344
5
83
Hi,
in the Ceph configuration file /etc/ceph/ceph.conf you define a non-standard path for parameter "keyring" in section global:
root@ld4257:/# more /etc/ceph/ceph.conf
[global]
auth client required = cephx
auth cluster required = cephx
auth service required = cephx
cluster network = 192.168.100.8/29
fsid = fda2f219-7355-4c46-b300-8a65b3834761
keyring = /etc/pve/priv/$cluster.$name.keyring
[...]

Why are you doing this?

The downside of this is that I cannot use a custom keyring with different permission and ownership demands because any file copied to /etc/pve/priv/ gets permission 600 and ownership root:www-data.
But I need to modify group ownership and set permission 640.

Any advice?

THX
 
OK... this means there's no functional reason?
Must I expect a malfunction if I disable this parameter?

Will Proxmox VE + Ceph still work considering the fact that Proxmox stores specific keyrings in /etc/pve/priv/ceph/
root@ld4257:~# ls -l /etc/pve/priv/ceph
insgesamt 2
-rw------- 1 root www-data 63 Jul 19 18:19 LVE-PVE-Clstr01.keyring
-rw------- 1 root www-data 63 Jul 30 15:40 pve_ct.keyring
-rw------- 1 root www-data 63 Jul 30 15:40 pve_vm.keyring
and only 2 keyrings in /etc/pve/priv/
root@ld4257:~# ls -l /etc/pve/priv/
insgesamt 4
-rw------- 1 root www-data 1679 Jul 18 12:01 authkey.key
-rw------- 1 root www-data 1527 Sep 24 15:56 authorized_keys
drwx------ 2 root www-data 0 Jul 19 18:18 ceph
-rw------- 1 root www-data 63 Jul 19 11:53 ceph.client.admin.keyring
-rw------- 1 root www-data 236 Jul 19 11:53 ceph.mon.keyring
-rw------- 1 root www-data 2739 Sep 24 15:56 known_hosts
drwx------ 2 root www-data 0 Jul 18 12:02 lock
-rw------- 1 root www-data 3243 Jul 18 12:01 pve-root-ca.key
-rw------- 1 root www-data 3 Jul 18 16:46 pve-root-ca.srl

Can you please advice if it's possible to change the ownership of any file in /etc/pve/priv/?
 
You must log in or register to reply here.
Top Bottom