Change ceph caps to profile rbd

Based on the documentation [1] and this bug [2] we should set caps for ceph keys that use RBD to use the profile. As we can see in the bug [2] setting it to wrong can have cause very bad issues, this should direct as a guideline since we will not hit this in CI. [1] http://docs.ceph.com/docs/luminous/rbd/rbd-openstack/#setup-ceph-client-authentication [2] https://bugs.launchpad.net/nova/+bug/1773449 Change-Id: I3767645807279afac77c1c367a70af6f0f9f4084
2018-06-26 17:35:02 +02:00 · 2018-06-26 17:35:02 +02:00 · 70cb017808
parent ca03d56182
commit 70cb017808
1 changed files with 2 additions and 2 deletions
--- a/manifests/ceph.pp
+++ b/manifests/ceph.pp
@ -52,8 +52,8 @@ class openstack_integration::ceph (
      'client.openstack'     => {
        'secret'  => 'AQD7kyJQQGoOBhAAqrPAqSopSwPrrfMMomzVdw==',
        'mode'    => '0644',
-        'cap_mon' => 'allow r',
-        'cap_osd' => 'allow class-read object_prefix rbd_children, allow rwx pool=cinder, allow rwx pool=nova, allow rwx pool=glance, allow rwx pool=gnocchi',
+        'cap_mon' => 'profile rbd',
+        'cap_osd' => 'profile rbd pool=cinder, profile rbd pool=nova, profile rbd pool=glance, profile rbd pool=gnocchi',
      },
    },
    osds                         => {