openstack/tripleo-heat-templates
Code Issues Proposed changes

Merge "Set restrictive file permissions on Ceph keyrings for non-containerized deployment"

Browse Source
This commit is contained in:
Zuul 2017-12-13 19:27:58 +00:00 committed by Gerrit Code Review
commit 5c4a5d2adb
1 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
puppet/services/ceph-base.yaml
View File

@ -137,7 +137,9 @@ outputs:
cap_mon: 'allow profile bootstrap-osd' cap_mon: 'allow profile bootstrap-osd'
CEPH_CLIENT_KEY: CEPH_CLIENT_KEY:
secret: {get_param: CephClientKey} secret: {get_param: CephClientKey}
mode: '0644' mode: '0640'
user: 'ceph'
group: 'ceph'
cap_mon: 'allow r' cap_mon: 'allow r'
cap_osd: cap_osd:
str_replace: str_replace:
@ -154,7 +156,9 @@ outputs:
# CinderRbdExtraPools is a list (do not indent further) # CinderRbdExtraPools is a list (do not indent further)
- {get_param: CinderRbdExtraPools} - {get_param: CinderRbdExtraPools}
MANILA_CLIENT_KEY: MANILA_CLIENT_KEY:
mode: '0644' mode: '0640'
user: 'ceph'
group: 'ceph'
secret: {get_param: CephManilaClientKey} secret: {get_param: CephManilaClientKey}
cap_mon: 'allow r, allow command \"auth del\", allow command \"auth caps\", allow command \"auth get\", allow command \"auth get-or-create\"' cap_mon: 'allow r, allow command \"auth del\", allow command \"auth caps\", allow command \"auth get\", allow command \"auth get-or-create\"'
cap_mds: 'allow *' cap_mds: 'allow *'