git.apps.os.sepia.ceph.com Git - ceph-ci.git/commit

]> git.apps.os.sepia.ceph.com Git - ceph-ci.git/commit

author	Adam King <adking@redhat.com>
	Fri, 28 Jul 2023 20:59:42 +0000 (16:59 -0400)
committer	Adam King <adking@redhat.com>
	Tue, 8 Aug 2023 14:50:16 +0000 (10:50 -0400)
commit	6aa14a228d47cfccbc2c11a9abdd3e513570af25
tree	fd8f6585e2348217774728c76522c29dce1b8d3b	tree \| snapshot
parent	f97f242eee758d98d1749e8796db5b0b0392b6ad	commit \| diff

mgr/cephadm: make nvme-of auth keyring more restricted

Rather than giving full admin privileges,
try to be a bit more strict by limiting it
to profile rbd mon caps and full OSD
privileges for rbd tagged pools. I also wanted
to include an OSD cap like

allow all pool="*" object_prefix "nvmeof.state"

but this caused a failure in the nvme-of daemon

RADOS permission error (Failed to operate write op for oid nvmeof.None.state)

Signed-off-by: Adam King <adking@redhat.com>

src/pybind/mgr/cephadm/services/nvmeof.py

diff | blob | history

Unnamed repository; edit this file 'description' to name the repository.

RSS Atom