Set restrictive file permissions on Ceph keyrings for non-containerized deployment
Pass mode parameter 0600 and user and group ownership to puppet-ceph for
Ceph openstack client keyrings during non-containerized deployment.
Author: Keith Schincke <kschinck@redhat.com>
Co-Author: John Fulton <fulton@redhat.com>
Change-Id: Iccb24f5c2ee639ad2bc0869a37cec305f32b9fd1
Depends-On: I0c1bc3d2362c6500b1a515d99f641f8c1468754a
Partial-Bug: #1720787
(cherry picked from commit bdf1ade1b9
)
This commit is contained in:
parent
3d3ae25757
commit
1e52acae86
|
@ -129,7 +129,9 @@ outputs:
|
|||
cap_mon: 'allow profile bootstrap-osd'
|
||||
CEPH_CLIENT_KEY:
|
||||
secret: {get_param: CephClientKey}
|
||||
mode: '0644'
|
||||
mode: '0640'
|
||||
user: 'ceph'
|
||||
group: 'ceph'
|
||||
cap_mon: 'allow r'
|
||||
cap_osd:
|
||||
str_replace:
|
||||
|
@ -141,7 +143,9 @@ outputs:
|
|||
GLANCE_POOL: {get_param: GlanceRbdPoolName}
|
||||
GNOCCHI_POOL: {get_param: GnocchiRbdPoolName}
|
||||
MANILA_CLIENT_KEY:
|
||||
mode: '0644'
|
||||
mode: '0640'
|
||||
user: 'ceph'
|
||||
group: 'ceph'
|
||||
secret: {get_param: CephManilaClientKey}
|
||||
cap_mon: 'allow r, allow command \"auth del\", allow command \"auth caps\", allow command \"auth get\", allow command \"auth get-or-create\"'
|
||||
cap_mds: 'allow *'
|
||||
|
|
Loading…
Reference in New Issue