Fix manila ceph caps
Now that we issue mgr/volume commands and rados get/put on pool with "ganesha_rados_store_pool_name" name via a rados client, the auth ID used by the driver/rados client would need different capabilities. The auth ID will now require: mon 'allow r' mgr 'allow rw' osd 'allow rw pool=<ganesha_rados_store_pool_name>" The driver's auth ID does not need any MDS capability, requires reduced MON and OSD capability, and extra write capability for MGR. Closes-Bug: #1925525 Change-Id: Ib3015442eb4633fb208eb10af1f4150f189c3e14
This commit is contained in:
Victoria Martinez de la Cruz
parent
2aa71dfebc
commit
9f8c83f663
|
|
@ -54,5 +54,5 @@ openstack_keys:
|
|||
- { name: client.cinder, caps: { mon: "profile rbd", osd: "allow class-read object_prefix rbd_children, profile rbd pool={{ openstack_cinder_pool.name }}, profile rbd pool={{ openstack_nova_pool.name }}, profile rbd pool={{ openstack_glance_pool.name }}"}, mode: "0600" }
|
||||
- { name: client.cinder-backup, caps: { mon: "profile rbd", osd: "profile rbd pool={{ openstack_cinder_backup_pool.name }}"}, mode: "0600" }
|
||||
- { name: client.gnocchi, caps: { mon: "profile rbd", osd: "profile rbd pool={{ openstack_gnocchi_pool.name }}"}, mode: "0600", }
|
||||
- { name: client.manila, caps: { mon: "allow r, allow command 'auth del', allow command 'auth caps', allow command 'auth get', allow command 'auth get-or-create'", mgr: "allow r", mds: "allow *", osd: "allow rw"}, mode: "0600", }
|
||||
- { name: client.manila, caps: { mon: "allow r", mgr: "allow rw", osd: "allow rw pool={{ openstack_cephfs_data_pool.name }}"}, mode: "0600", }
|
||||
- { name: client.openstack, caps: { mon: "profile rbd", osd: "profile rbd pool={{ openstack_glance_pool.name }}, profile rbd pool={{ openstack_nova_pool.name }}, profile rbd pool={{ openstack_cinder_pool.name }}, profile rbd pool={{ openstack_cinder_backup_pool.name }}"}, mode: "0600" }
|
||||
|
|
|
|||
Loading…
Reference in New Issue