From 9746e2f9bb7926c6a5ff3028d5ae496ba4836a49 Mon Sep 17 00:00:00 2001 From: Giulio Fidente Date: Mon, 18 Jun 2018 12:13:05 +0200 Subject: [PATCH] Do not grant caps if pool name is empty The openstack_keys map can have permissions for an empty pool which results in an invalid kerying. Co-Authored-By: Giulio Fidente Change-Id: Ic5ae53d9ab52ea5e7c3f75a240a7a7f4bb5632ba Closes-Bug: 1776987 --- docker/services/ceph-ansible/ceph-base.yaml | 34 ++++++++++----------- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/docker/services/ceph-ansible/ceph-base.yaml b/docker/services/ceph-ansible/ceph-base.yaml index c1caabd36f..209dd0d623 100644 --- a/docker/services/ceph-ansible/ceph-base.yaml +++ b/docker/services/ceph-ansible/ceph-base.yaml @@ -256,23 +256,23 @@ resources: mgr: "allow *" mon: "profile rbd" osd: - str_replace: - template: 'profile rbd pool=CEPH_CLIENT_POOLS' - params: - CEPH_CLIENT_POOLS: - list_join: - - ', profile rbd pool=' - - list_concat_unique: - - - {get_param: CinderRbdPoolName} - - {get_param: CinderBackupRbdPoolName} - - {get_param: NovaRbdPoolName} - - {get_param: GlanceRbdPoolName} - - {get_param: GnocchiRbdPoolName} - # CinderRbdExtraPools is a list (do not indent further) - - {get_param: CinderRbdExtraPools} - - yaql: - data: {get_param: CephPools} - expression: $.data.select($.name) + list_join: + - ', ' + - repeat: + template: 'profile rbd pool=<%pool%>' + for_each: + <%pool%>: + list_concat_unique: + - - {get_param: CinderRbdPoolName} + - {get_param: CinderBackupRbdPoolName} + - {get_param: NovaRbdPoolName} + - {get_param: GlanceRbdPoolName} + - {get_param: GnocchiRbdPoolName} + # CinderRbdExtraPools is a list (do not indent further) + - {get_param: CinderRbdExtraPools} + - yaql: + data: {get_param: CephPools} + expression: $.data.select($.name) mode: "0600" - name: list_join: