Merge "Restrict libvirt Ceph access scope to what is needed only."

This commit is contained in:
Zuul 2018-10-26 06:36:49 +00:00 committed by Gerrit Code Review
commit 2e239086e4
1 changed files with 4 additions and 5 deletions

View File

@ -26,12 +26,11 @@ cat > ${KEYRING} <<EOF
key = {{ .Values.conf.ceph.cinder.keyring }}
EOF
{{- else }}
if ! [ "x${CEPH_CINDER_USER}" == "xadmin"]; then
#NOTE(Portdirect): Determine proper privs to assign keyring
if ! [ "x${CEPH_CINDER_USER}" == "xadmin" ]; then
#NOTE(JCL): Restrict access to the cluster to only what is needed. MON Read only and RBD access.
ceph auth get-or-create client.${CEPH_CINDER_USER} \
mon "allow *" \
osd "allow *" \
mgr "allow *" \
mon "profile rbd" \
osd "profile rbd" \
-o ${KEYRING}
rm -f /etc/ceph/ceph.client.admin.keyring