Restrict libvirt Ceph access scope to what is needed only.
Change-Id: I78bffe6764e9cbb16b2a615be766c910ba5d4e48
This commit is contained in:
parent
4835aa637a
commit
566a489bbe
@ -26,12 +26,11 @@ cat > ${KEYRING} <<EOF
|
|||||||
key = {{ .Values.conf.ceph.cinder.keyring }}
|
key = {{ .Values.conf.ceph.cinder.keyring }}
|
||||||
EOF
|
EOF
|
||||||
{{- else }}
|
{{- else }}
|
||||||
if ! [ "x${CEPH_CINDER_USER}" == "xadmin"]; then
|
if ! [ "x${CEPH_CINDER_USER}" == "xadmin" ]; then
|
||||||
#NOTE(Portdirect): Determine proper privs to assign keyring
|
#NOTE(JCL): Restrict access to the cluster to only what is needed. MON Read only and RBD access.
|
||||||
ceph auth get-or-create client.${CEPH_CINDER_USER} \
|
ceph auth get-or-create client.${CEPH_CINDER_USER} \
|
||||||
mon "allow *" \
|
mon "profile rbd" \
|
||||||
osd "allow *" \
|
osd "profile rbd" \
|
||||||
mgr "allow *" \
|
|
||||||
-o ${KEYRING}
|
-o ${KEYRING}
|
||||||
|
|
||||||
rm -f /etc/ceph/ceph.client.admin.keyring
|
rm -f /etc/ceph/ceph.client.admin.keyring
|
||||||
|
Loading…
Reference in New Issue
Block a user