Merge "Set restrictive file permissions on Ceph keyrings for non-containerized deployment"

This commit is contained in:
Zuul 2017-12-13 19:27:58 +00:00 committed by Gerrit Code Review
commit 5c4a5d2adb

View File

@ -137,7 +137,9 @@ outputs:
cap_mon: 'allow profile bootstrap-osd'
CEPH_CLIENT_KEY:
secret: {get_param: CephClientKey}
mode: '0644'
mode: '0640'
user: 'ceph'
group: 'ceph'
cap_mon: 'allow r'
cap_osd:
str_replace:
@ -154,7 +156,9 @@ outputs:
# CinderRbdExtraPools is a list (do not indent further)
- {get_param: CinderRbdExtraPools}
MANILA_CLIENT_KEY:
mode: '0644'
mode: '0640'
user: 'ceph'
group: 'ceph'
secret: {get_param: CephManilaClientKey}
cap_mon: 'allow r, allow command \"auth del\", allow command \"auth caps\", allow command \"auth get\", allow command \"auth get-or-create\"'
cap_mds: 'allow *'