Update CephX client.openstack keyring to use 'profile rbd'
The minimum set of permissions necessary to operate on the Ceph pools changed with Luminous and the 'profile rbd' setting ensures the necessary additional operations are granted. See Luminous [1] vs Jewel [2] settings. Closes-Bug: 1773449 1. http://docs.ceph.com/docs/luminous/rbd/rbd-openstack/#setup-ceph-client-authentication 2. http://docs.ceph.com/docs/jewel/rbd/rbd-openstack/#setup-ceph-client-authentication Change-Id: I9639d606bd538f6776c368a4f34aa6783ab91abb
This commit is contained in:
parent
b7dcbd8da7
commit
e65889dff2
@ -254,14 +254,14 @@ resources:
|
||||
key: {get_param: CephClientKey}
|
||||
caps:
|
||||
mgr: "allow *"
|
||||
mon: "allow r"
|
||||
mon: "profile rbd"
|
||||
osd:
|
||||
str_replace:
|
||||
template: 'allow class-read object_prefix rbd_children, allow rwx pool=CEPH_CLIENT_POOLS'
|
||||
template: 'profile rbd pool=CEPH_CLIENT_POOLS'
|
||||
params:
|
||||
CEPH_CLIENT_POOLS:
|
||||
list_join:
|
||||
- ', allow rwx pool='
|
||||
- ', profile rbd pool='
|
||||
- list_concat_unique:
|
||||
- - {get_param: CinderRbdPoolName}
|
||||
- {get_param: CinderBackupRbdPoolName}
|
||||
|
Loading…
Reference in New Issue
Block a user