From: Sridhar Seshasayee Date: Thu, 19 Aug 2021 13:52:02 +0000 (+0530) Subject: mon/MonCap: Update osd profile to allow cmd to set iops capacity on mon db X-Git-Tag: v17.1.0~913^2~1 X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=2cdbe81d7dd34b65e5c3c51005df5214a1e3a577;p=ceph.git mon/MonCap: Update osd profile to allow cmd to set iops capacity on mon db The default mon caps for osds is set to "allow profile osd", which allows only "rw" capability. Osds with mclock scheduler enabled store their max iops capacity on the mon config store. This can be achieved by executing the "config set" command. However, since the osd(s) by default do not have the execute permission, the command fails with "Permission denied" error. Therefore, modify the default osd profile to allow running the "config set" command with restriction to only set keys with name matching either (regex) "osd_mclock_max_capacity_iops_hdd" or "osd_mclock_max_capacity_iops_ssd" so that the osd has the permission to update the mon config store with the desired information. Fixes: https://tracker.ceph.com/issues/52329 Signed-off-by: Sridhar Seshasayee --- diff --git a/src/mon/MonCap.cc b/src/mon/MonCap.cc index f96deacd8e51..e1dc37239659 100644 --- a/src/mon/MonCap.cc +++ b/src/mon/MonCap.cc @@ -183,6 +183,9 @@ void MonCapGrant::expand_profile(const EntityName& name) const profile_grants.push_back(MonCapGrant("mon", MON_CAP_R)); profile_grants.push_back(MonCapGrant("pg", MON_CAP_R | MON_CAP_W)); profile_grants.push_back(MonCapGrant("log", MON_CAP_W)); + StringConstraint constraint(StringConstraint::MATCH_TYPE_REGEX, + string("osd_mclock_max_capacity_iops_(hdd|ssd)")); + profile_grants.push_back(MonCapGrant("config set", "name", constraint)); } if (profile == "mds") { profile_grants.push_back(MonCapGrant("mds", MON_CAP_ALL));