From a2d19d37ea2caeae96b435d0e666c8fc941d2c62 Mon Sep 17 00:00:00 2001 From: James Page Date: Mon, 17 Oct 2016 09:18:38 +0100 Subject: [PATCH] Downgrade default key mon capabilities The 'w' capability for mon is no longer required by default, as the ceph broker in the ceph{-mon} charm is responsible for pool creation, not clients. Drop this permission (keys are automatically upgraded). Change-Id: I23a75bc4d3737f9181b48d0affb046349be4153b Depends-On: Iefffe047214555a15c4201fca605f07ac39c8f5c Partial-Bug: 1424771 --- lib/ceph/__init__.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/ceph/__init__.py b/lib/ceph/__init__.py index 4afe5eb..b95a826 100644 --- a/lib/ceph/__init__.py +++ b/lib/ceph/__init__.py @@ -949,7 +949,7 @@ def get_mds_bootstrap_key(): _default_caps = collections.OrderedDict([ - ('mon', ['allow rw']), + ('mon', ['allow r']), ('osd', ['allow rwx']), ])