* ceph authenticate problem
@ 2011-05-23 7:48 biyan chen
2011-05-23 15:56 ` Tommi Virtanen
2011-05-24 4:51 ` huang jun
0 siblings, 2 replies; 8+ messages in thread
From: biyan chen @ 2011-05-23 7:48 UTC (permalink / raw)
To: ceph-devel
;
; Sample ceph ceph.conf file.
;
; This file defines cluster membership, the various locations
; that Ceph stores data, and any other runtime options.
; If a 'host' is defined for a daemon, the start/stop script will
; verify that it matches the hostname (or else ignore it). If it is
; not defined, it is assumed that the daemon is intended to start on
; the current host (e.g., in a setup with a startup.conf on each
; node).
; global
[global]
; enable secure authentication
auth supported = cephx
keyring = /use/local/etc/ceph/keyring.bin
; allow ourselves to open a lot of files
max open files = 131072
; set up logging
"/usr/local/etc/ceph/ceph.conf" 98L, 2601C
;
; Sample ceph ceph.conf file.
;
; This file defines cluster membership, the various locations
; that Ceph stores data, and any other runtime options.
; If a 'host' is defined for a daemon, the start/stop script will
; verify that it matches the hostname (or else ignore it). If it is
; not defined, it is assumed that the daemon is intended to start on
; the current host (e.g., in a setup with a startup.conf on each
; node).
; global
[global]
; enable secure authentication
auth supported = cephx
keyring = /use/local/etc/ceph/keyring.bin
; allow ourselves to open a lot of files
max open files = 131072
; set up logging
log file = /var/log/ceph/$name.log
; set up pid files
pid file = /var/run/ceph/$name.pid
; monitors
; You need at least one. You need at least three if you want to
; tolerate any node failures. Always create an odd number.
[mon]
mon data = /data/mon$id
; logging, for debugging monitor crashes, in order of
; their likelihood of being helpful :)
;debug ms = 1
;debug mon = 20
;debug paxos = 20
;debug auth = 20
[mon.0]
host = ceph_mon0
mon addr = 192.168.0.211:6789
; mds
; You need at least one. Define two to get a standby.
[mds]
; where the mds keeps it's secret encryption keys
keyring = /usr/local/etc/ceph/keyring.$name
; mds logging to debug issues.
;debug ms = 1
;debug mds = 20
[mds.alpha]
host = ceph_mds0
; osd
; You need at least one. Two if you want data to be replicated.
; Define as many as you like.
[osd]
; This is where the btrfs volume will be mounted.
osd data = /data/osd$id
keyring = /usr/local/etc/ceph/keyring.$name
; Ideally, make this a separate disk or partition. A few
; hundred MB should be enough; more if you have fast or many
; disks. You can use a file under the osd data dir if need be
; (e.g. /data/osd$id/journal), but it will be slower than a
; separate disk or partition.
; This is an example of a file-based journal.
osd journal = /data/osd$id/journal
osd journal size = 1000 ; journal size, in megabytes
; osd logging to debug osd issues, in order of likelihood of being
; helpful
;debug ms = 1
;debug osd = 20
;debug filestore = 20
;debug journal = 20
[osd.0]
host = ceph_osd0
; if 'btrfs devs' is not specified, you're responsible for
; setting up the 'osd data' dir. if it is not btrfs, things
; will behave up until you try to recover from a crash (which
; usually fine for basic testing).
btrfs devs = /dev/sda7
[osd.1]
host = ceph_osd1
btrfs devs = /dev/sda7
log:
[root@ceph_mon0 ~]# ceph mon stat -c /usr/local/etc/ceph/ceph.conf
2011-05-23 11:44:47.078662 7fb266bf8720 unable to authenticate as client.admin
2011-05-23 11:44:47.079037 7fb266bf8720 ceph_tool_common_init failed.
[root@ceph_mds0 ~]# tail /var/log/ceph/mds.alpha.log -f
2011-05-23 23:44:53.464262 7fb0ce956710 -- 192.168.0.207:6800/29302 >>
192.168.0.211:6789/0 pipe(0x26c1a00 sd=5 pgs=0 cs=0 l=0).fault first
fault
2011-05-23 23:44:56.464402 7fb0ce855710 -- 192.168.0.207:6800/29302 >>
192.168.0.211:6789/0 pipe(0x26d3280 sd=5 pgs=0 cs=0 l=0).fault first
fault
2011-05-23 23:44:59.464492 7fb0ce956710 -- 192.168.0.207:6800/29302 >>
192.168.0.211:6789/0 pipe(0x26c3c80 sd=5 pgs=0 cs=0 l=0).fault first
fault
2011-05-23 23:45:02.464787 7fb0ce855710 -- 192.168.0.207:6800/29302 >>
192.168.0.211:6789/0 pipe(0x26cec80 sd=6 pgs=0 cs=0 l=0).fault first
fault
2011-05-23 23:45:05.464941 7fb0cfd58710 mds-1.0 ms_handle_connect on
192.168.0.211:6789/0
2011-05-23 23:45:05.465405 7fb0cfd58710 cannot convert AES key for NSS: -8023
2011-05-23 23:45:05.465946 7fb0cfd58710 cannot convert AES key for NSS: -8023
2011-05-23 23:45:05.465969 7fb0cfd58710 error from decrypt -22
2011-05-23 23:45:05.465998 7fb0cfd58710 cephx:
verify_service_ticket_reply failed decode_decrypt with secret
AQB4R9pNEJ/lFRAAdsRa+EFMA00acC28x9Fj7A==
2011-05-23 23:45:05.466010 7fb0cfd58710 cephx client: could not verify
service_ticket reply
[root@ceph_osd0 ~]# tail /var/log/ceph/osd.0.log -f
2011-05-23 23:43:45.583183 7f5b2f383710 -- 192.168.0.208:6800/30745 >>
192.168.0.211:6789/0 pipe(0xf79280 sd=12 pgs=0 cs=0 l=0).fault first
fault
2011-05-23 23:43:48.583357 7f5b32689710 -- 192.168.0.208:6800/30745 >>
192.168.0.211:6789/0 pipe(0xf79000 sd=12 pgs=0 cs=0 l=0).fault first
fault
2011-05-23 23:43:51.583412 7f5b2f383710 -- 192.168.0.208:6800/30745 >>
192.168.0.211:6789/0 pipe(0xf79280 sd=13 pgs=0 cs=0 l=0).fault first
fault
2011-05-23 23:43:54.583548 7f5b32689710 -- 192.168.0.208:6800/30745 >>
192.168.0.211:6789/0 pipe(0xf79000 sd=12 pgs=0 cs=0 l=0).fault first
fault
2011-05-23 23:43:57.583842 7f5b2f383710 -- 192.168.0.208:6800/30745 >>
192.168.0.211:6789/0 pipe(0xf79280 sd=12 pgs=0 cs=0 l=0).fault first
fault
2011-05-23 23:44:00.584629 7f5b34f8e710 cannot convert AES key for NSS: -8023
2011-05-23 23:44:00.585262 7f5b34f8e710 cannot convert AES key for NSS: -8023
2011-05-23 23:44:00.585290 7f5b34f8e710 error from decrypt -22
2011-05-23 23:44:00.585312 7f5b34f8e710 cephx:
verify_service_ticket_reply failed decode_decrypt with secret
AQAqR9pNUNJ2IBAAp16KszdsZHCwEf5IOcoSdw==
2011-05-23 23:44:00.585322 7f5b34f8e710 cephx client: could not verify
service_ticket reply
Do we have such problems? If you give me some help,
thank you!
--
To unsubscribe from this list: send the line "unsubscribe ceph-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: ceph authenticate problem
2011-05-23 7:48 ceph authenticate problem biyan chen
@ 2011-05-23 15:56 ` Tommi Virtanen
2011-05-24 1:50 ` biyan chen
2011-05-24 4:51 ` huang jun
1 sibling, 1 reply; 8+ messages in thread
From: Tommi Virtanen @ 2011-05-23 15:56 UTC (permalink / raw)
To: biyan chen; +Cc: ceph-devel
On Mon, May 23, 2011 at 03:48:41PM +0800, biyan chen wrote:
> keyring = /use/local/etc/ceph/keyring.bin
This might be your problem..
--
:(){ :|:&};:
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: ceph authenticate problem
2011-05-23 15:56 ` Tommi Virtanen
@ 2011-05-24 1:50 ` biyan chen
2011-05-24 2:30 ` huang jun
[not found] ` <BANLkTinWBurx+J10u063sPRnkqYp1BZHOQ@mail.gmail.com>
0 siblings, 2 replies; 8+ messages in thread
From: biyan chen @ 2011-05-24 1:50 UTC (permalink / raw)
To: Tommi Virtanen; +Cc: ceph-devel
My steps :
mkcephfs -c /usr/local/etc/ceph/ceph.conf --allhosts --mkbtrfs -k
/usr/local/etc/ceph/keyring.bin
/etc/init.d/ceph -a start
Can give me a little more information?
2011/5/23 Tommi Virtanen <tommi.virtanen@dreamhost.com>:
> On Mon, May 23, 2011 at 03:48:41PM +0800, biyan chen wrote:
>> keyring = /use/local/etc/ceph/keyring.bin
>
> This might be your problem..
>
> --
> :(){ :|:&};:
>
--
name:Riby
mobile:+86 15280267642
company: 百大龙一
--
To unsubscribe from this list: send the line "unsubscribe ceph-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: ceph authenticate problem
2011-05-24 1:50 ` biyan chen
@ 2011-05-24 2:30 ` huang jun
2011-05-24 3:25 ` biyan chen
[not found] ` <BANLkTinWBurx+J10u063sPRnkqYp1BZHOQ@mail.gmail.com>
1 sibling, 1 reply; 8+ messages in thread
From: huang jun @ 2011-05-24 2:30 UTC (permalink / raw)
To: biyan chen; +Cc: Tommi Virtanen, ceph-devel
try "cp /data/mon0/admin_keyring.bin /usr/local/etc/ceph/keyring.bin"
在 2011年5月24日 上午9:50,biyan chen <riby.chen@gmail.com> 写道:
> My steps :
> mkcephfs -c /usr/local/etc/ceph/ceph.conf --allhosts --mkbtrfs -k
> /usr/local/etc/ceph/keyring.bin
> /etc/init.d/ceph -a start
>
> Can give me a little more information?
>
>
> 2011/5/23 Tommi Virtanen <tommi.virtanen@dreamhost.com>:
>> On Mon, May 23, 2011 at 03:48:41PM +0800, biyan chen wrote:
>>> keyring = /use/local/etc/ceph/keyring.bin
>>
>> This might be your problem..
>>
>> --
>> :(){ :|:&};:
>>
>
>
>
> --
> name:Riby
> mobile:+86 15280267642
> company: 百大龙一
> --
> To unsubscribe from this list: send the line "unsubscribe ceph-devel" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
>
--
To unsubscribe from this list: send the line "unsubscribe ceph-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: ceph authenticate problem
[not found] ` <BANLkTinWBurx+J10u063sPRnkqYp1BZHOQ@mail.gmail.com>
@ 2011-05-24 3:25 ` biyan chen
0 siblings, 0 replies; 8+ messages in thread
From: biyan chen @ 2011-05-24 3:25 UTC (permalink / raw)
To: Yehuda Sadeh Weinraub; +Cc: ceph-devel, Tommi Virtanen
Thank Yehuda ,Tommi Virtanen huang jun
(/use instead of /usr) Is my careless
Repair remains after error!
I try'ed
"cp /data/mon0/admin_keyring.bin /usr/local/etc/ceph/keyring.bin"
But ceph_mon0 server did not find /data/mon0/admin_keyring.bin
[root@ceph_mon0 mon0]# ll
total 60
drwxr-xr-x. 2 root root 4096 May 24 11:18 auth
drwxr-xr-x. 2 root root 4096 May 24 11:18 class
-rw-r--r--. 1 root root 75 May 24 11:18 feature_set
-rw-------. 1 root root 0 May 24 11:18 lock
-rw-r--r--. 1 root root 160 May 24 11:18 log
-rw-r--r--. 1 root root 160 May 24 11:18 log.debug
-rw-r--r--. 1 root root 55 May 24 11:18 log.err
-rw-r--r--. 1 root root 160 May 24 11:18 log.info
drwxr-xr-x. 2 root root 4096 May 24 11:18 logm
-rw-r--r--. 1 root root 55 May 24 11:18 log.warn
-rw-r--r--. 1 root root 21 May 24 11:18 magic
drwxr-xr-x. 2 root root 4096 May 24 11:18 mdsmap
drwxr-xr-x. 2 root root 4096 May 24 11:18 monmap
drwxr-xr-x. 2 root root 4096 May 24 11:18 osdmap
drwxr-xr-x. 2 root root 4096 May 24 11:18 osdmap_full
drwxr-xr-x. 2 root root 4096 May 24 11:18 pgmap
[root@ceph_mon0 mon0]#
在 2011年5月24日 上午10:03,Yehuda Sadeh Weinraub <yehudasa@gmail.com> 写道:
> I think he was pointing at a typo (/use instead of /usr)
>
> Yehuda
>
> On May 23, 2011 6:50 PM, "biyan chen" <riby.chen@gmail.com> wrote:
>>
>> My steps :
>> mkcephfs -c /usr/local/etc/ceph/ceph.conf --allhosts --mkbtrfs -k
>> /usr/local/etc/ceph/keyring.bin
>> /etc/init.d/ceph -a start
>>
>> Can give me a little more information?
>>
>>
>> 2011/5/23 Tommi Virtanen <tommi.virtanen@dreamhost.com>:
>> > On Mon, May 23, 2011 at 03:48:41PM +0800, biyan chen wrote:
>> >> keyring = /use/local/etc/ceph/keyring.bin
>> >
>> > This might be your problem..
>> >
>> > --
>> > :(){ :|:&};:
>> >
>>
>>
>>
>> --
>> name:Riby
>> mobile:+86 15280267642
>> company: 百大龙一
>> --
>> To unsubscribe from this list: send the line "unsubscribe ceph-devel" in
>> the body of a message to majordomo@vger.kernel.org
>> More majordomo info at http://vger.kernel.org/majordomo-info.html
>
--
name:Riby
mobile:+86 15280267642
company: 百大龙一
--
To unsubscribe from this list: send the line "unsubscribe ceph-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: ceph authenticate problem
2011-05-24 2:30 ` huang jun
@ 2011-05-24 3:25 ` biyan chen
0 siblings, 0 replies; 8+ messages in thread
From: biyan chen @ 2011-05-24 3:25 UTC (permalink / raw)
To: huang jun; +Cc: Tommi Virtanen, ceph-devel
Thank Yehuda ,Tommi Virtanen huang jun
(/use instead of /usr) Is my careless
Repair remains after error!
I try'ed
"cp /data/mon0/admin_keyring.bin /usr/local/etc/ceph/keyring.bin"
But ceph_mon0 server did not find /data/mon0/admin_keyring.bin
[root@ceph_mon0 mon0]# ll
total 60
drwxr-xr-x. 2 root root 4096 May 24 11:18 auth
drwxr-xr-x. 2 root root 4096 May 24 11:18 class
-rw-r--r--. 1 root root 75 May 24 11:18 feature_set
-rw-------. 1 root root 0 May 24 11:18 lock
-rw-r--r--. 1 root root 160 May 24 11:18 log
-rw-r--r--. 1 root root 160 May 24 11:18 log.debug
-rw-r--r--. 1 root root 55 May 24 11:18 log.err
-rw-r--r--. 1 root root 160 May 24 11:18 log.info
drwxr-xr-x. 2 root root 4096 May 24 11:18 logm
-rw-r--r--. 1 root root 55 May 24 11:18 log.warn
-rw-r--r--. 1 root root 21 May 24 11:18 magic
drwxr-xr-x. 2 root root 4096 May 24 11:18 mdsmap
drwxr-xr-x. 2 root root 4096 May 24 11:18 monmap
drwxr-xr-x. 2 root root 4096 May 24 11:18 osdmap
drwxr-xr-x. 2 root root 4096 May 24 11:18 osdmap_full
drwxr-xr-x. 2 root root 4096 May 24 11:18 pgmap
[root@ceph_mon0 mon0]#
在 2011年5月24日 上午10:30,huang jun <hjwsm1989@gmail.com> 写道:
> try "cp /data/mon0/admin_keyring.bin /usr/local/etc/ceph/keyring.bin"
>
> 在 2011年5月24日 上午9:50,biyan chen <riby.chen@gmail.com> 写道:
>> My steps :
>> mkcephfs -c /usr/local/etc/ceph/ceph.conf --allhosts --mkbtrfs -k
>> /usr/local/etc/ceph/keyring.bin
>> /etc/init.d/ceph -a start
>>
>> Can give me a little more information?
>>
>>
>> 2011/5/23 Tommi Virtanen <tommi.virtanen@dreamhost.com>:
>>> On Mon, May 23, 2011 at 03:48:41PM +0800, biyan chen wrote:
>>>> keyring = /use/local/etc/ceph/keyring.bin
>>>
>>> This might be your problem..
>>>
>>> --
>>> :(){ :|:&};:
>>>
>>
>>
>>
>> --
>> name:Riby
>> mobile:+86 15280267642
>> company: 百大龙一
>> --
>> To unsubscribe from this list: send the line "unsubscribe ceph-devel" in
>> the body of a message to majordomo@vger.kernel.org
>> More majordomo info at http://vger.kernel.org/majordomo-info.html
>>
>
--
name:Riby
mobile:+86 15280267642
company: 百大龙一
--
To unsubscribe from this list: send the line "unsubscribe ceph-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: ceph authenticate problem
2011-05-23 7:48 ceph authenticate problem biyan chen
2011-05-23 15:56 ` Tommi Virtanen
@ 2011-05-24 4:51 ` huang jun
2011-05-24 6:03 ` biyan chen
1 sibling, 1 reply; 8+ messages in thread
From: huang jun @ 2011-05-24 4:51 UTC (permalink / raw)
To: biyan chen; +Cc: ceph-devel
hi
there are two [global] sections in your ceph.conf
i do not know why you didn't have admin_keyring.bin in you /data/mon0,
maybe you should restart the whole cluster after you assured configure
file is right
在 2011年5月23日 下午3:48,biyan chen <riby.chen@gmail.com> 写道:
> ;
> ; Sample ceph ceph.conf file.
> ;
> ; This file defines cluster membership, the various locations
> ; that Ceph stores data, and any other runtime options.
>
> ; If a 'host' is defined for a daemon, the start/stop script will
> ; verify that it matches the hostname (or else ignore it). If it is
> ; not defined, it is assumed that the daemon is intended to start on
> ; the current host (e.g., in a setup with a startup.conf on each
> ; node).
>
> ; global
> [global]
> ; enable secure authentication
> auth supported = cephx
> keyring = /use/local/etc/ceph/keyring.bin
>
>
> ; allow ourselves to open a lot of files
> max open files = 131072
>
> ; set up logging
> "/usr/local/etc/ceph/ceph.conf" 98L, 2601C
> ;
> ; Sample ceph ceph.conf file.
> ;
> ; This file defines cluster membership, the various locations
> ; that Ceph stores data, and any other runtime options.
>
> ; If a 'host' is defined for a daemon, the start/stop script will
> ; verify that it matches the hostname (or else ignore it). If it is
> ; not defined, it is assumed that the daemon is intended to start on
> ; the current host (e.g., in a setup with a startup.conf on each
> ; node).
>
> ; global
> [global]
> ; enable secure authentication
> auth supported = cephx
> keyring = /use/local/etc/ceph/keyring.bin
>
>
> ; allow ourselves to open a lot of files
> max open files = 131072
>
> ; set up logging
> log file = /var/log/ceph/$name.log
>
> ; set up pid files
> pid file = /var/run/ceph/$name.pid
>
> ; monitors
> ; You need at least one. You need at least three if you want to
> ; tolerate any node failures. Always create an odd number.
> [mon]
> mon data = /data/mon$id
>
> ; logging, for debugging monitor crashes, in order of
> ; their likelihood of being helpful :)
> ;debug ms = 1
> ;debug mon = 20
> ;debug paxos = 20
> ;debug auth = 20
>
> [mon.0]
> host = ceph_mon0
> mon addr = 192.168.0.211:6789
>
> ; mds
> ; You need at least one. Define two to get a standby.
> [mds]
> ; where the mds keeps it's secret encryption keys
> keyring = /usr/local/etc/ceph/keyring.$name
>
> ; mds logging to debug issues.
> ;debug ms = 1
> ;debug mds = 20
>
> [mds.alpha]
> host = ceph_mds0
>
> ; osd
> ; You need at least one. Two if you want data to be replicated.
> ; Define as many as you like.
> [osd]
> ; This is where the btrfs volume will be mounted.
> osd data = /data/osd$id
> keyring = /usr/local/etc/ceph/keyring.$name
>
>
> ; Ideally, make this a separate disk or partition. A few
> ; hundred MB should be enough; more if you have fast or many
> ; disks. You can use a file under the osd data dir if need be
> ; (e.g. /data/osd$id/journal), but it will be slower than a
> ; separate disk or partition.
>
> ; This is an example of a file-based journal.
> osd journal = /data/osd$id/journal
> osd journal size = 1000 ; journal size, in megabytes
>
> ; osd logging to debug osd issues, in order of likelihood of being
> ; helpful
> ;debug ms = 1
> ;debug osd = 20
> ;debug filestore = 20
> ;debug journal = 20
>
> [osd.0]
> host = ceph_osd0
>
> ; if 'btrfs devs' is not specified, you're responsible for
> ; setting up the 'osd data' dir. if it is not btrfs, things
> ; will behave up until you try to recover from a crash (which
> ; usually fine for basic testing).
> btrfs devs = /dev/sda7
>
>
> [osd.1]
> host = ceph_osd1
> btrfs devs = /dev/sda7
>
>
>
> log:
> [root@ceph_mon0 ~]# ceph mon stat -c /usr/local/etc/ceph/ceph.conf
> 2011-05-23 11:44:47.078662 7fb266bf8720 unable to authenticate as client.admin
> 2011-05-23 11:44:47.079037 7fb266bf8720 ceph_tool_common_init failed.
>
> [root@ceph_mds0 ~]# tail /var/log/ceph/mds.alpha.log -f
> 2011-05-23 23:44:53.464262 7fb0ce956710 -- 192.168.0.207:6800/29302 >>
> 192.168.0.211:6789/0 pipe(0x26c1a00 sd=5 pgs=0 cs=0 l=0).fault first
> fault
> 2011-05-23 23:44:56.464402 7fb0ce855710 -- 192.168.0.207:6800/29302 >>
> 192.168.0.211:6789/0 pipe(0x26d3280 sd=5 pgs=0 cs=0 l=0).fault first
> fault
> 2011-05-23 23:44:59.464492 7fb0ce956710 -- 192.168.0.207:6800/29302 >>
> 192.168.0.211:6789/0 pipe(0x26c3c80 sd=5 pgs=0 cs=0 l=0).fault first
> fault
> 2011-05-23 23:45:02.464787 7fb0ce855710 -- 192.168.0.207:6800/29302 >>
> 192.168.0.211:6789/0 pipe(0x26cec80 sd=6 pgs=0 cs=0 l=0).fault first
> fault
> 2011-05-23 23:45:05.464941 7fb0cfd58710 mds-1.0 ms_handle_connect on
> 192.168.0.211:6789/0
> 2011-05-23 23:45:05.465405 7fb0cfd58710 cannot convert AES key for NSS: -8023
> 2011-05-23 23:45:05.465946 7fb0cfd58710 cannot convert AES key for NSS: -8023
> 2011-05-23 23:45:05.465969 7fb0cfd58710 error from decrypt -22
> 2011-05-23 23:45:05.465998 7fb0cfd58710 cephx:
> verify_service_ticket_reply failed decode_decrypt with secret
> AQB4R9pNEJ/lFRAAdsRa+EFMA00acC28x9Fj7A==
> 2011-05-23 23:45:05.466010 7fb0cfd58710 cephx client: could not verify
> service_ticket reply
>
> [root@ceph_osd0 ~]# tail /var/log/ceph/osd.0.log -f
> 2011-05-23 23:43:45.583183 7f5b2f383710 -- 192.168.0.208:6800/30745 >>
> 192.168.0.211:6789/0 pipe(0xf79280 sd=12 pgs=0 cs=0 l=0).fault first
> fault
> 2011-05-23 23:43:48.583357 7f5b32689710 -- 192.168.0.208:6800/30745 >>
> 192.168.0.211:6789/0 pipe(0xf79000 sd=12 pgs=0 cs=0 l=0).fault first
> fault
> 2011-05-23 23:43:51.583412 7f5b2f383710 -- 192.168.0.208:6800/30745 >>
> 192.168.0.211:6789/0 pipe(0xf79280 sd=13 pgs=0 cs=0 l=0).fault first
> fault
> 2011-05-23 23:43:54.583548 7f5b32689710 -- 192.168.0.208:6800/30745 >>
> 192.168.0.211:6789/0 pipe(0xf79000 sd=12 pgs=0 cs=0 l=0).fault first
> fault
> 2011-05-23 23:43:57.583842 7f5b2f383710 -- 192.168.0.208:6800/30745 >>
> 192.168.0.211:6789/0 pipe(0xf79280 sd=12 pgs=0 cs=0 l=0).fault first
> fault
> 2011-05-23 23:44:00.584629 7f5b34f8e710 cannot convert AES key for NSS: -8023
> 2011-05-23 23:44:00.585262 7f5b34f8e710 cannot convert AES key for NSS: -8023
> 2011-05-23 23:44:00.585290 7f5b34f8e710 error from decrypt -22
> 2011-05-23 23:44:00.585312 7f5b34f8e710 cephx:
> verify_service_ticket_reply failed decode_decrypt with secret
> AQAqR9pNUNJ2IBAAp16KszdsZHCwEf5IOcoSdw==
> 2011-05-23 23:44:00.585322 7f5b34f8e710 cephx client: could not verify
> service_ticket reply
>
> Do we have such problems? If you give me some help,
>
> thank you!
> --
> To unsubscribe from this list: send the line "unsubscribe ceph-devel" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
>
--
To unsubscribe from this list: send the line "unsubscribe ceph-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: ceph authenticate problem
2011-05-24 4:51 ` huang jun
@ 2011-05-24 6:03 ` biyan chen
0 siblings, 0 replies; 8+ messages in thread
From: biyan chen @ 2011-05-24 6:03 UTC (permalink / raw)
To: huang jun; +Cc: ceph-devel
;
; Sample ceph ceph.conf file.
;
; This file defines cluster membership, the various locations
; that Ceph stores data, and any other runtime options.
; If a 'host' is defined for a daemon, the start/stop script will
; verify that it matches the hostname (or else ignore it). If it is
; not defined, it is assumed that the daemon is intended to start on
; the current host (e.g., in a setup with a startup.conf on each
; node).
; global
[global]
; enable secure authentication
auth supported = cephx
keyring = /usr/local/etc/ceph/keyring.bin
; allow ourselves to open a lot of files
max open files = 131072
; set up logging
log file = /var/log/ceph/$name.log
; set up pid files
pid file = /var/run/ceph/$name.pid
; monitors
; You need at least one. You need at least three if you want to
; tolerate any node failures. Always create an odd number.
[mon]
mon data = /data/mon$id
; logging, for debugging monitor crashes, in order of
; their likelihood of being helpful :)
;debug ms = 1
;debug mon = 20
;debug paxos = 20
;debug auth = 20
[mon.0]
host = ceph_mon0
mon addr = 192.168.0.211:6789
; mds
; You need at least one. Define two to get a standby.
[mds]
; where the mds keeps it's secret encryption keys
keyring = /usr/local/etc/ceph/keyring.$name
; mds logging to debug issues.
;debug ms = 1
;debug mds = 20
[mds.alpha]
host = ceph_mds0
; osd
; You need at least one. Two if you want data to be replicated.
; Define as many as you like.
[osd]
; This is where the btrfs volume will be mounted.
osd data = /data/osd$id
keyring = /usr/local/etc/ceph/keyring.$name
; Ideally, make this a separate disk or partition. A few
; hundred MB should be enough; more if you have fast or many
; disks. You can use a file under the osd data dir if need be
; (e.g. /data/osd$id/journal), but it will be slower than a
; separate disk or partition.
; This is an example of a file-based journal.
osd journal = /data/osd$id/journal
osd journal size = 1000 ; journal size, in megabytes
; osd logging to debug osd issues, in order of likelihood of being
; helpful
;debug ms = 1
;debug osd = 20
;debug filestore = 20
;debug journal = 20
[osd.0]
host = ceph_osd0
; if 'btrfs devs' is not specified, you're responsible for
; setting up the 'osd data' dir. if it is not btrfs, things
; will behave up until you try to recover from a crash (which
; usually fine for basic testing).
btrfs devs = /dev/sda7
[osd.1]
host = ceph_osd1
btrfs devs = /dev/sda7
steps:
/etc/init.d/ceph -a stop
mkcephfs -c /usr/local/etc/ceph/ceph.conf --allhosts --mkbtrfs -k
/usr/local/etc/ceph/keyring.bin
/etc/init.d/ceph -a start
I start command is correct?
Thanks!
在 2011年5月24日 下午12:51,huang jun <hjwsm1989@gmail.com> 写道:
> hi
> there are two [global] sections in your ceph.conf
> i do not know why you didn't have admin_keyring.bin in you /data/mon0,
> maybe you should restart the whole cluster after you assured configure
> file is right
>
> 在 2011年5月23日 下午3:48,biyan chen <riby.chen@gmail.com> 写道:
>> ;
>> ; Sample ceph ceph.conf file.
>> ;
>> ; This file defines cluster membership, the various locations
>> ; that Ceph stores data, and any other runtime options.
>>
>> ; If a 'host' is defined for a daemon, the start/stop script will
>> ; verify that it matches the hostname (or else ignore it). If it is
>> ; not defined, it is assumed that the daemon is intended to start on
>> ; the current host (e.g., in a setup with a startup.conf on each
>> ; node).
>>
>> ; global
>> [global]
>> ; enable secure authentication
>> auth supported = cephx
>> keyring = /use/local/etc/ceph/keyring.bin
>>
>>
>> ; allow ourselves to open a lot of files
>> max open files = 131072
>>
>> ; set up logging
>> "/usr/local/etc/ceph/ceph.conf" 98L, 2601C
>> ;
>> ; Sample ceph ceph.conf file.
>> ;
>> ; This file defines cluster membership, the various locations
>> ; that Ceph stores data, and any other runtime options.
>>
>> ; If a 'host' is defined for a daemon, the start/stop script will
>> ; verify that it matches the hostname (or else ignore it). If it is
>> ; not defined, it is assumed that the daemon is intended to start on
>> ; the current host (e.g., in a setup with a startup.conf on each
>> ; node).
>>
>> ; global
>> [global]
>> ; enable secure authentication
>> auth supported = cephx
>> keyring = /use/local/etc/ceph/keyring.bin
>>
>>
>> ; allow ourselves to open a lot of files
>> max open files = 131072
>>
>> ; set up logging
>> log file = /var/log/ceph/$name.log
>>
>> ; set up pid files
>> pid file = /var/run/ceph/$name.pid
>>
>> ; monitors
>> ; You need at least one. You need at least three if you want to
>> ; tolerate any node failures. Always create an odd number.
>> [mon]
>> mon data = /data/mon$id
>>
>> ; logging, for debugging monitor crashes, in order of
>> ; their likelihood of being helpful :)
>> ;debug ms = 1
>> ;debug mon = 20
>> ;debug paxos = 20
>> ;debug auth = 20
>>
>> [mon.0]
>> host = ceph_mon0
>> mon addr = 192.168.0.211:6789
>>
>> ; mds
>> ; You need at least one. Define two to get a standby.
>> [mds]
>> ; where the mds keeps it's secret encryption keys
>> keyring = /usr/local/etc/ceph/keyring.$name
>>
>> ; mds logging to debug issues.
>> ;debug ms = 1
>> ;debug mds = 20
>>
>> [mds.alpha]
>> host = ceph_mds0
>>
>> ; osd
>> ; You need at least one. Two if you want data to be replicated.
>> ; Define as many as you like.
>> [osd]
>> ; This is where the btrfs volume will be mounted.
>> osd data = /data/osd$id
>> keyring = /usr/local/etc/ceph/keyring.$name
>>
>>
>> ; Ideally, make this a separate disk or partition. A few
>> ; hundred MB should be enough; more if you have fast or many
>> ; disks. You can use a file under the osd data dir if need be
>> ; (e.g. /data/osd$id/journal), but it will be slower than a
>> ; separate disk or partition.
>>
>> ; This is an example of a file-based journal.
>> osd journal = /data/osd$id/journal
>> osd journal size = 1000 ; journal size, in megabytes
>>
>> ; osd logging to debug osd issues, in order of likelihood of being
>> ; helpful
>> ;debug ms = 1
>> ;debug osd = 20
>> ;debug filestore = 20
>> ;debug journal = 20
>>
>> [osd.0]
>> host = ceph_osd0
>>
>> ; if 'btrfs devs' is not specified, you're responsible for
>> ; setting up the 'osd data' dir. if it is not btrfs, things
>> ; will behave up until you try to recover from a crash (which
>> ; usually fine for basic testing).
>> btrfs devs = /dev/sda7
>>
>>
>> [osd.1]
>> host = ceph_osd1
>> btrfs devs = /dev/sda7
>>
>>
>>
>> log:
>> [root@ceph_mon0 ~]# ceph mon stat -c /usr/local/etc/ceph/ceph.conf
>> 2011-05-23 11:44:47.078662 7fb266bf8720 unable to authenticate as client.admin
>> 2011-05-23 11:44:47.079037 7fb266bf8720 ceph_tool_common_init failed.
>>
>> [root@ceph_mds0 ~]# tail /var/log/ceph/mds.alpha.log -f
>> 2011-05-23 23:44:53.464262 7fb0ce956710 -- 192.168.0.207:6800/29302 >>
>> 192.168.0.211:6789/0 pipe(0x26c1a00 sd=5 pgs=0 cs=0 l=0).fault first
>> fault
>> 2011-05-23 23:44:56.464402 7fb0ce855710 -- 192.168.0.207:6800/29302 >>
>> 192.168.0.211:6789/0 pipe(0x26d3280 sd=5 pgs=0 cs=0 l=0).fault first
>> fault
>> 2011-05-23 23:44:59.464492 7fb0ce956710 -- 192.168.0.207:6800/29302 >>
>> 192.168.0.211:6789/0 pipe(0x26c3c80 sd=5 pgs=0 cs=0 l=0).fault first
>> fault
>> 2011-05-23 23:45:02.464787 7fb0ce855710 -- 192.168.0.207:6800/29302 >>
>> 192.168.0.211:6789/0 pipe(0x26cec80 sd=6 pgs=0 cs=0 l=0).fault first
>> fault
>> 2011-05-23 23:45:05.464941 7fb0cfd58710 mds-1.0 ms_handle_connect on
>> 192.168.0.211:6789/0
>> 2011-05-23 23:45:05.465405 7fb0cfd58710 cannot convert AES key for NSS: -8023
>> 2011-05-23 23:45:05.465946 7fb0cfd58710 cannot convert AES key for NSS: -8023
>> 2011-05-23 23:45:05.465969 7fb0cfd58710 error from decrypt -22
>> 2011-05-23 23:45:05.465998 7fb0cfd58710 cephx:
>> verify_service_ticket_reply failed decode_decrypt with secret
>> AQB4R9pNEJ/lFRAAdsRa+EFMA00acC28x9Fj7A==
>> 2011-05-23 23:45:05.466010 7fb0cfd58710 cephx client: could not verify
>> service_ticket reply
>>
>> [root@ceph_osd0 ~]# tail /var/log/ceph/osd.0.log -f
>> 2011-05-23 23:43:45.583183 7f5b2f383710 -- 192.168.0.208:6800/30745 >>
>> 192.168.0.211:6789/0 pipe(0xf79280 sd=12 pgs=0 cs=0 l=0).fault first
>> fault
>> 2011-05-23 23:43:48.583357 7f5b32689710 -- 192.168.0.208:6800/30745 >>
>> 192.168.0.211:6789/0 pipe(0xf79000 sd=12 pgs=0 cs=0 l=0).fault first
>> fault
>> 2011-05-23 23:43:51.583412 7f5b2f383710 -- 192.168.0.208:6800/30745 >>
>> 192.168.0.211:6789/0 pipe(0xf79280 sd=13 pgs=0 cs=0 l=0).fault first
>> fault
>> 2011-05-23 23:43:54.583548 7f5b32689710 -- 192.168.0.208:6800/30745 >>
>> 192.168.0.211:6789/0 pipe(0xf79000 sd=12 pgs=0 cs=0 l=0).fault first
>> fault
>> 2011-05-23 23:43:57.583842 7f5b2f383710 -- 192.168.0.208:6800/30745 >>
>> 192.168.0.211:6789/0 pipe(0xf79280 sd=12 pgs=0 cs=0 l=0).fault first
>> fault
>> 2011-05-23 23:44:00.584629 7f5b34f8e710 cannot convert AES key for NSS: -8023
>> 2011-05-23 23:44:00.585262 7f5b34f8e710 cannot convert AES key for NSS: -8023
>> 2011-05-23 23:44:00.585290 7f5b34f8e710 error from decrypt -22
>> 2011-05-23 23:44:00.585312 7f5b34f8e710 cephx:
>> verify_service_ticket_reply failed decode_decrypt with secret
>> AQAqR9pNUNJ2IBAAp16KszdsZHCwEf5IOcoSdw==
>> 2011-05-23 23:44:00.585322 7f5b34f8e710 cephx client: could not verify
>> service_ticket reply
>>
>> Do we have such problems? If you give me some help,
>>
>> thank you!
>> --
>> To unsubscribe from this list: send the line "unsubscribe ceph-devel" in
>> the body of a message to majordomo@vger.kernel.org
>> More majordomo info at http://vger.kernel.org/majordomo-info.html
>>
>
--
name:Riby
mobile:+86 15280267642
company: 百大龙一
--
To unsubscribe from this list: send the line "unsubscribe ceph-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2011-05-24 6:03 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2011-05-23 7:48 ceph authenticate problem biyan chen
2011-05-23 15:56 ` Tommi Virtanen
2011-05-24 1:50 ` biyan chen
2011-05-24 2:30 ` huang jun
2011-05-24 3:25 ` biyan chen
[not found] ` <BANLkTinWBurx+J10u063sPRnkqYp1BZHOQ@mail.gmail.com>
2011-05-24 3:25 ` biyan chen
2011-05-24 4:51 ` huang jun
2011-05-24 6:03 ` biyan chen
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.