* MON config-key prefix for storing optional remote cluster connectivity
* parameters
*/
- #define RBD_MIRROR_PEER_CONFIG_KEY_PREFIX "rbd/mirror/peer/"
+ #define RBD_MIRROR_CONFIG_KEY_PREFIX "rbd/mirror/"
+ #define RBD_MIRROR_SITE_NAME_CONFIG_KEY RBD_MIRROR_CONFIG_KEY_PREFIX "site_name"
+ #define RBD_MIRROR_PEER_CLIENT_ID_CONFIG_KEY RBD_MIRROR_CONFIG_KEY_PREFIX "peer_client_id"
+ #define RBD_MIRROR_PEER_CONFIG_KEY_PREFIX RBD_MIRROR_CONFIG_KEY_PREFIX "peer/"
struct rbd_info {
- __le64 max_id;
+ ceph_le64 max_id;
} __attribute__ ((packed));
struct rbd_obj_snap_ondisk {
StringConstraint constraint(StringConstraint::MATCH_TYPE_PREFIX,
"rbd/mirror/");
profile_grants.push_back(MonCapGrant("config-key get", "key", constraint));
+ } else if (profile == "rbd-mirror-peer") {
+ StringConstraint constraint(StringConstraint::MATCH_TYPE_REGEX,
+ "rbd/mirror/[^/]+");
+ profile_grants.push_back(MonCapGrant("config-key get", "key", constraint));
+
+ constraint = StringConstraint(StringConstraint::MATCH_TYPE_PREFIX,
+ "rbd/mirror/peer/");
+ profile_grants.push_back(MonCapGrant("config-key set", "key", constraint));
}
-
+ else if (profile == "crash") {
+ // TODO: we could limit this to getting the monmap and mgrmap...
+ profile_grants.push_back(MonCapGrant("mon", MON_CAP_R));
+ }
if (profile == "role-definer") {
// grants ALL caps to the auth subsystem, read-only on the
// monitor subsystem and nothing else.
projects / ceph.git / commitdiff