From 2cdbe81d7dd34b65e5c3c51005df5214a1e3a577 Mon Sep 17 00:00:00 2001 From: Sridhar Seshasayee Date: Thu, 19 Aug 2021 19:22:02 +0530 Subject: [PATCH] mon/MonCap: Update osd profile to allow cmd to set iops capacity on mon db The default mon caps for osds is set to "allow profile osd", which allows only "rw" capability. Osds with mclock scheduler enabled store their max iops capacity on the mon config store. This can be achieved by executing the "config set" command. However, since the osd(s) by default do not have the execute permission, the command fails with "Permission denied" error. Therefore, modify the default osd profile to allow running the "config set" command with restriction to only set keys with name matching either (regex) "osd_mclock_max_capacity_iops_hdd" or "osd_mclock_max_capacity_iops_ssd" so that the osd has the permission to update the mon config store with the desired information. Fixes: https://tracker.ceph.com/issues/52329 Signed-off-by: Sridhar Seshasayee --- src/mon/MonCap.cc | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/mon/MonCap.cc b/src/mon/MonCap.cc index f96deacd8e5..e1dc3723965 100644 --- a/src/mon/MonCap.cc +++ b/src/mon/MonCap.cc @@ -183,6 +183,9 @@ void MonCapGrant::expand_profile(const EntityName& name) const profile_grants.push_back(MonCapGrant("mon", MON_CAP_R)); profile_grants.push_back(MonCapGrant("pg", MON_CAP_R | MON_CAP_W)); profile_grants.push_back(MonCapGrant("log", MON_CAP_W)); + StringConstraint constraint(StringConstraint::MATCH_TYPE_REGEX, + string("osd_mclock_max_capacity_iops_(hdd|ssd)")); + profile_grants.push_back(MonCapGrant("config set", "name", constraint)); } if (profile == "mds") { profile_grants.push_back(MonCapGrant("mds", MON_CAP_ALL)); -- 2.47.3