From 2aae15c93f4383c0a38dff276700c762e56a7134 Mon Sep 17 00:00:00 2001
From: Tobias Urdin <tobias.urdin@binero.com>
Date: Tue, 6 May 2025 08:54:39 +0200
Subject: [PATCH] Use profile rbd for Ceph authx for cinder-backup

Use the RBD profile instead of setting explicit
permissions.

Change-Id: Idc2258e3b69df3df57894c17018a2a35043c8fa9
Signed-off-by: Tobias Urdin <tobias.urdin@binero.com>
---
 lib/cinder_backups/ceph | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/cinder_backups/ceph b/lib/cinder_backups/ceph
index 4b180490d7..c46b90c5b9 100644
--- a/lib/cinder_backups/ceph
+++ b/lib/cinder_backups/ceph
@@ -32,7 +32,7 @@ function configure_cinder_backup_ceph {
         if [[ "$REMOTE_CEPH" = "False" && "$CEPH_REPLICAS" -ne 1 ]]; then
             sudo ceph -c ${CEPH_CONF_FILE} osd pool set ${CINDER_BAK_CEPH_POOL} crush_ruleset ${RULE_ID}
         fi
-        sudo ceph -c ${CEPH_CONF_FILE} auth get-or-create client.${CINDER_BAK_CEPH_USER} mon "allow r" osd "allow class-read object_prefix rbd_children, allow rwx pool=${CINDER_BAK_CEPH_POOL}, allow rwx pool=${CINDER_CEPH_POOL}" | sudo tee ${CEPH_CONF_DIR}/ceph.client.${CINDER_BAK_CEPH_USER}.keyring
+        sudo ceph -c ${CEPH_CONF_FILE} auth get-or-create client.${CINDER_BAK_CEPH_USER} mon "profile rbd" osd "profile rbd pool=${CINDER_BAK_CEPH_POOL}, profile rbd pool=${CINDER_CEPH_POOL}" | sudo tee ${CEPH_CONF_DIR}/ceph.client.${CINDER_BAK_CEPH_USER}.keyring
         sudo chown $(whoami):$(whoami) ${CEPH_CONF_DIR}/ceph.client.${CINDER_BAK_CEPH_USER}.keyring
     fi