Merge "Set restrictive file permissions on Ceph keyrings for non-containerized deployment"
This commit is contained in:
commit
5c4a5d2adb
@ -137,7 +137,9 @@ outputs:
|
||||
cap_mon: 'allow profile bootstrap-osd'
|
||||
CEPH_CLIENT_KEY:
|
||||
secret: {get_param: CephClientKey}
|
||||
mode: '0644'
|
||||
mode: '0640'
|
||||
user: 'ceph'
|
||||
group: 'ceph'
|
||||
cap_mon: 'allow r'
|
||||
cap_osd:
|
||||
str_replace:
|
||||
@ -154,7 +156,9 @@ outputs:
|
||||
# CinderRbdExtraPools is a list (do not indent further)
|
||||
- {get_param: CinderRbdExtraPools}
|
||||
MANILA_CLIENT_KEY:
|
||||
mode: '0644'
|
||||
mode: '0640'
|
||||
user: 'ceph'
|
||||
group: 'ceph'
|
||||
secret: {get_param: CephManilaClientKey}
|
||||
cap_mon: 'allow r, allow command \"auth del\", allow command \"auth caps\", allow command \"auth get\", allow command \"auth get-or-create\"'
|
||||
cap_mds: 'allow *'
|
||||
|
Loading…
Reference in New Issue
Block a user