Disable global_id reclaim for Ceph mons in scenario001

As per [1], patched monitors raise the AUTH_INSECURE_GLOBAL_ID_RECLAIM_ALLOWED
health alert if auth_allow_insecure_global_id_reclaim is enabled.
This is ok for general deployments, but it's not required in CI deployments.
Adding this option to the mon section using the CephConfigOverrides
approach ensures the cluster stay in health_ok.

[1] https://docs.ceph.com/en/latest/security/CVE-2021-20288/

Change-Id: Ib8d3f62d233ce5a42e9923547c08add6e5859cfb
This commit is contained in:
Francesco Pantano 2021-04-23 11:13:57 +02:00
parent b397b0acfd
commit 73c1d300df
1 changed files with 1 additions and 0 deletions

View File

@ -181,6 +181,7 @@ parameter_defaults:
foo: bar foo: bar
mon: mon:
mon_warn_on_pool_no_redundancy: false mon_warn_on_pool_no_redundancy: false
mon_warn_on_insecure_global_id_reclaim_allowed: false
NfsUrl: 127.0.0.1 NfsUrl: 127.0.0.1
CephMsgrSecureMode: true CephMsgrSecureMode: true
CephAnsibleSkipClient: false CephAnsibleSkipClient: false