Skip to content

Commit

Permalink
systemd/[email protected]: fix mgr mon cap
Browse files Browse the repository at this point in the history
Signed-off-by: Sage Weil <[email protected]>
  • Loading branch information
liewegas committed Mar 29, 2017
1 parent 5906e35 commit 6625fcd
Showing 1 changed file with 3 additions and 1 deletion.
4 changes: 3 additions & 1 deletion systemd/[email protected]
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ LimitNOFILE=1048576
LimitNPROC=1048576
EnvironmentFile=-/etc/sysconfig/ceph
Environment=CLUSTER=ceph

# This ExecStartPre business is a hack to inject a key for the mgr daemon,
# using whatever key already exists on the mon on this node to gain sufficient
# permissions to create the mgr key. Failure is ignored at every step (the
Expand All @@ -19,7 +20,8 @@ Environment=CLUSTER=ceph
ExecStartPre=-/bin/sh -c "exec mkdir -p /var/lib/ceph/mgr/${CLUSTER}-%i"
ExecStartPre=-/bin/sh -c "[ -f /var/lib/ceph/mgr/${CLUSTER}-%i/keyring ] || /usr/bin/ceph-authtool --create-keyring --gen-key --name=mgr.%i /var/lib/ceph/mgr/${CLUSTER}-%i/keyring"
ExecStartPre=-/bin/sh -c "exec chown -R ceph.ceph /var/lib/ceph/mgr/${CLUSTER}-%i"
ExecStartPre=-/usr/bin/ceph -i /var/lib/ceph/mgr/${CLUSTER}-%i/keyring auth add mgr.%i mon 'allow *' --keyring=/var/lib/ceph/mon/${CLUSTER}-%i/keyring --name=mon.
ExecStartPre=-/usr/bin/ceph -i /var/lib/ceph/mgr/${CLUSTER}-%i/keyring auth add mgr.%i mon 'allow profile mgr' --keyring=/var/lib/ceph/mon/${CLUSTER}-%i/keyring --name=mon.

ExecStart=/usr/bin/ceph-mgr -f --cluster ${CLUSTER} --id %i --setuser ceph --setgroup ceph
ExecReload=/bin/kill -HUP $MAINPID
Restart=on-failure
Expand Down

0 comments on commit 6625fcd

Please sign in to comment.