From 1fbfa1ce1a1850485420525d876aac72cb292c1f Mon Sep 17 00:00:00 2001 From: Dimitri Savineau Date: Mon, 26 Aug 2019 15:35:19 -0400 Subject: [PATCH] ceph-client: Use profile rbd in keyring caps Like the OpenStack keyrings, we can use the profile rbd for the clients keyring (both mon and osd). Signed-off-by: Dimitri Savineau (cherry picked from commit 49aa05b96c6614a07127238fe157c2bf87315618) --- group_vars/clients.yml.sample | 5 +++-- group_vars/osds.yml.sample | 1 + roles/ceph-client/defaults/main.yml | 4 ++-- 3 files changed, 6 insertions(+), 4 deletions(-) diff --git a/group_vars/clients.yml.sample b/group_vars/clients.yml.sample index f1c8132a8..f98167a3a 100644 --- a/group_vars/clients.yml.sample +++ b/group_vars/clients.yml.sample @@ -54,7 +54,8 @@ dummy: # - { name: client.test, key: "AQAin8tUMICVFBAALRHNrV0Z4MXupRw4v9JQ6Q==" ... #keys: -# - { name: client.test, caps: { mon: "allow r", osd: "allow class-read object_prefix rbd_children, allow rwx pool=test" }, mode: "{{ ceph_keyring_permissions }}" } -# - { name: client.test2, caps: { mon: "allow r", osd: "allow class-read object_prefix rbd_children, allow rwx pool=test2" }, mode: "{{ ceph_keyring_permissions }}" } +# - { name: client.test, caps: { mon: "profile rbd", osd: "allow class-read object_prefix rbd_children, profile rbd pool=test" }, mode: "{{ ceph_keyring_permissions }}" } +# - { name: client.test2, caps: { mon: "profile rbd", osd: "allow class-read object_prefix rbd_children, profile rbd pool=test2" }, mode: "{{ ceph_keyring_permissions }}" } #ceph_nfs_ceph_user: { name: client.rgw.nfs0, key: 'SECRET==', caps: { mon: "allow rw", osd: "allow rwx" }, mode: "{{ ceph_keyring_permissions }}" } + diff --git a/group_vars/osds.yml.sample b/group_vars/osds.yml.sample index 6c3e114d5..255a61f4a 100644 --- a/group_vars/osds.yml.sample +++ b/group_vars/osds.yml.sample @@ -163,3 +163,4 @@ dummy: #nb_retry_wait_osd_up: 60 #delay_wait_osd_up: 10 + diff --git a/roles/ceph-client/defaults/main.yml b/roles/ceph-client/defaults/main.yml index d8e893b72..ed18fb620 100644 --- a/roles/ceph-client/defaults/main.yml +++ b/roles/ceph-client/defaults/main.yml @@ -46,7 +46,7 @@ pools: # - { name: client.test, key: "AQAin8tUMICVFBAALRHNrV0Z4MXupRw4v9JQ6Q==" ... keys: - - { name: client.test, caps: { mon: "allow r", osd: "allow class-read object_prefix rbd_children, allow rwx pool=test" }, mode: "{{ ceph_keyring_permissions }}" } - - { name: client.test2, caps: { mon: "allow r", osd: "allow class-read object_prefix rbd_children, allow rwx pool=test2" }, mode: "{{ ceph_keyring_permissions }}" } + - { name: client.test, caps: { mon: "profile rbd", osd: "allow class-read object_prefix rbd_children, profile rbd pool=test" }, mode: "{{ ceph_keyring_permissions }}" } + - { name: client.test2, caps: { mon: "profile rbd", osd: "allow class-read object_prefix rbd_children, profile rbd pool=test2" }, mode: "{{ ceph_keyring_permissions }}" } #ceph_nfs_ceph_user: { name: client.rgw.nfs0, key: 'SECRET==', caps: { mon: "allow rw", osd: "allow rwx" }, mode: "{{ ceph_keyring_permissions }}" } \ No newline at end of file -- 2.39.5