From 9af76d26267abb25deafc625d2abc5e8377e71cc Mon Sep 17 00:00:00 2001 From: =?utf8?q?S=C3=A9bastien=20Han?= Date: Tue, 29 Nov 2016 11:24:38 +0100 Subject: [PATCH] doc: update cinder key permissions for mitaka MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit OpenStack Mitaka introduced the support of RBD snapshots while taking a snapshot of a Nova instance. For this to work we need to grant write access to the Glance pool to the Cinder key. Signed-off-by: Sébastien Han --- doc/rbd/rbd-openstack.rst | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/doc/rbd/rbd-openstack.rst b/doc/rbd/rbd-openstack.rst index 6248644d6c6a..264b3bc8dc84 100644 --- a/doc/rbd/rbd-openstack.rst +++ b/doc/rbd/rbd-openstack.rst @@ -124,10 +124,18 @@ Setup Ceph Client Authentication If you have `cephx authentication`_ enabled, create a new user for Nova/Cinder and Glance. Execute the following:: - ceph auth get-or-create client.cinder mon 'allow r' osd 'allow class-read object_prefix rbd_children, allow rwx pool=volumes, allow rwx pool=vms, allow rx pool=images' ceph auth get-or-create client.glance mon 'allow r' osd 'allow class-read object_prefix rbd_children, allow rwx pool=images' ceph auth get-or-create client.cinder-backup mon 'allow r' osd 'allow class-read object_prefix rbd_children, allow rwx pool=backups' +If you run an OpenStack version before Mitaka, create the following ``client.cinder`` key:: + + ceph auth get-or-create client.cinder mon 'allow r' osd 'allow class-read object_prefix rbd_children, allow rwx pool=volumes, allow rwx pool=vms, allow rx pool=images' + +Since Mitaka introduced the support of RBD snapshots while doing a snapshot of a Nova instance, +we need to allow the ``client.cinder`` key write access to the ``images`` pool; therefore, create the following key:: + + ceph auth get-or-create client.cinder mon 'allow r' osd 'allow class-read object_prefix rbd_children, allow rwx pool=volumes, allow rwx pool=vms, allow rwx pool=images' + Add the keyrings for ``client.cinder``, ``client.glance``, and ``client.cinder-backup`` to the appropriate nodes and change their ownership:: -- 2.47.3