mgr/cephadm: make nvme-of auth keyring more restricted
Rather than giving full admin privileges,
try to be a bit more strict by limiting it
to profile rbd mon caps and full OSD
privileges for rbd tagged pools. I also wanted
to include an OSD cap like
allow all pool="*" object_prefix "nvmeof.state"
but this caused a failure in the nvme-of daemon
RADOS permission error (Failed to operate write op for oid nvmeof.None.state)
Signed-off-by: Adam King <adking@redhat.com>
(cherry picked from commit
6aa14a228d47cfccbc2c11a9abdd3e513570af25)
projects / ceph.git / commit