I use ceph as glance backend but very often i'm not able to delete an image. In my logs I have this error :
PermissionError: error unprotecting snapshot
So I tried to change user's permissions from:
ceph auth caps client.glance mon 'allow r' osd 'allow class-read object_prefix rdb_children, allow rwx pool=glance-images'
to
ceph auth caps client.glance mon 'allow r' osd 'allow *'
Now it works, but I would like to set something less open.
Do you know how to set it?
Best regards,
You have a typo, it should be rbd_children not rdb_children. rbd is stands for "rados block device". The command will look like below:
ceph auth caps client.glance mon 'allow r' osd 'allow class-read object_prefix rbd_children, allow rwx pool=glance-images'