From 73c1d300df0bf66ab5ce1573da65acc89b6de64e Mon Sep 17 00:00:00 2001
From: Francesco Pantano <fpantano@redhat.com>
Date: Fri, 23 Apr 2021 11:13:57 +0200
Subject: [PATCH] Disable global_id reclaim for Ceph mons in scenario001

As per [1], patched monitors raise the AUTH_INSECURE_GLOBAL_ID_RECLAIM_ALLOWED
health alert if auth_allow_insecure_global_id_reclaim is enabled.
This is ok for general deployments, but it's not required in CI deployments.
Adding this option to the mon section using the CephConfigOverrides
approach ensures the cluster stay in health_ok.

[1] https://docs.ceph.com/en/latest/security/CVE-2021-20288/

Change-Id: Ib8d3f62d233ce5a42e9923547c08add6e5859cfb
---
 ci/environments/scenario001-standalone.yaml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/ci/environments/scenario001-standalone.yaml b/ci/environments/scenario001-standalone.yaml
index 9c79344f7a..ce2ab86591 100644
--- a/ci/environments/scenario001-standalone.yaml
+++ b/ci/environments/scenario001-standalone.yaml
@@ -181,6 +181,7 @@ parameter_defaults:
     foo: bar
     mon:
       mon_warn_on_pool_no_redundancy: false
+      mon_warn_on_insecure_global_id_reclaim_allowed: false
   NfsUrl: 127.0.0.1
   CephMsgrSecureMode: true
   CephAnsibleSkipClient: false