0

I use ceph as glance backend but very often i'm not able to delete an image. In my logs I have this error : PermissionError: error unprotecting snapshot

So I tried to change user's permissions from: ceph auth caps client.glance mon 'allow r' osd 'allow class-read object_prefix rdb_children, allow rwx pool=glance-images' to ceph auth caps client.glance mon 'allow r' osd 'allow *'

Now it works, but I would like to set something less open.

Do you know how to set it?

Best regards,

Vender Aeloth
  • 690
  • 1
  • 12
  • 27

2 Answers2

1

You have a typo, it should be rbd_children not rdb_children. rbd is stands for "rados block device". The command will look like below:

ceph auth caps client.glance mon 'allow r' osd 'allow class-read object_prefix rbd_children, allow rwx pool=glance-images'
affan
  • 36
  • 1
1

The following fixed for me. Basically glance ceph user need read access on cinder volumes pool.

ceph auth caps client.glance mon 'allow r' osd 'allow class-read object_prefix rbd_children, allow rwx pool=glance-imagesm rx pool=volumes'


Pradeep B
  • 11
  • 3