Restrict libvirt Ceph access scope to what is needed only.

Change-Id: I78bffe6764e9cbb16b2a615be766c910ba5d4e48

libvirt/templates/bin/_ceph-keyring.sh.tpl

@@ -27,11 +27,10 @@ cat > ${KEYRING} <<EOF
 EOF
 {{- else }}
 if ! [ "x${CEPH_CINDER_USER}" == "xadmin" ]; then
-  #NOTE(Portdirect): Determine proper privs to assign keyring
+  #NOTE(JCL): Restrict access to the cluster to only what is needed. MON Read only and RBD access.
   ceph auth get-or-create client.${CEPH_CINDER_USER} \
-    mon "allow *" \
-    osd "allow *" \
-    mgr "allow *" \
+    mon "profile rbd" \
+    osd "profile rbd" \
     -o ${KEYRING}
 
   rm -f /etc/ceph/ceph.client.admin.keyring