Permissions for glance user in Ceph

Question

I use ceph as glance backend but very often i'm not able to delete an image. In my logs I have this error : PermissionError: error unprotecting snapshot

So I tried to change user's permissions from: ceph auth caps client.glance mon 'allow r' osd 'allow class-read object_prefix rdb_children, allow rwx pool=glance-images' to ceph auth caps client.glance mon 'allow r' osd 'allow *'

Now it works, but I would like to set something less open.

Do you know how to set it?

Best regards,

score 1 · Accepted Answer · answered Oct 30 '18 at 00:43

You have a typo, it should be rbd_children not rdb_children. rbd is stands for "rados block device". The command will look like below:

ceph auth caps client.glance mon 'allow r' osd 'allow class-read object_prefix rbd_children, allow rwx pool=glance-images'

score 1 · Answer 2 · answered Mar 08 '19 at 03:56

1

The following fixed for me. Basically glance ceph user need read access on cinder volumes pool.

ceph auth caps client.glance mon 'allow r' osd 'allow class-read object_prefix rbd_children, allow rwx pool=glance-imagesm rx pool=volumes'

answered Mar 08 '19 at 03:56

Pradeep B

11
3

Permissions for glance user in Ceph

2 Answers2