From: Sébastien Han Date: Tue, 29 Nov 2016 10:24:38 +0000 (+0100) Subject: doc: update cinder key permissions for mitaka X-Git-Tag: v11.1.0~21^2 X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=9af76d26267abb25deafc625d2abc5e8377e71cc;p=ceph.git doc: update cinder key permissions for mitaka OpenStack Mitaka introduced the support of RBD snapshots while taking a snapshot of a Nova instance. For this to work we need to grant write access to the Glance pool to the Cinder key. Signed-off-by: Sébastien Han --- diff --git a/doc/rbd/rbd-openstack.rst b/doc/rbd/rbd-openstack.rst index 6248644d6c6a..264b3bc8dc84 100644 --- a/doc/rbd/rbd-openstack.rst +++ b/doc/rbd/rbd-openstack.rst @@ -124,10 +124,18 @@ Setup Ceph Client Authentication If you have `cephx authentication`_ enabled, create a new user for Nova/Cinder and Glance. Execute the following:: - ceph auth get-or-create client.cinder mon 'allow r' osd 'allow class-read object_prefix rbd_children, allow rwx pool=volumes, allow rwx pool=vms, allow rx pool=images' ceph auth get-or-create client.glance mon 'allow r' osd 'allow class-read object_prefix rbd_children, allow rwx pool=images' ceph auth get-or-create client.cinder-backup mon 'allow r' osd 'allow class-read object_prefix rbd_children, allow rwx pool=backups' +If you run an OpenStack version before Mitaka, create the following ``client.cinder`` key:: + + ceph auth get-or-create client.cinder mon 'allow r' osd 'allow class-read object_prefix rbd_children, allow rwx pool=volumes, allow rwx pool=vms, allow rx pool=images' + +Since Mitaka introduced the support of RBD snapshots while doing a snapshot of a Nova instance, +we need to allow the ``client.cinder`` key write access to the ``images`` pool; therefore, create the following key:: + + ceph auth get-or-create client.cinder mon 'allow r' osd 'allow class-read object_prefix rbd_children, allow rwx pool=volumes, allow rwx pool=vms, allow rwx pool=images' + Add the keyrings for ``client.cinder``, ``client.glance``, and ``client.cinder-backup`` to the appropriate nodes and change their ownership::