[Bug 1424771] Fix merged to charm-ceph-mon (master)

OpenStack Infra 1424771 at bugs.launchpad.net
Mon Oct 17 12:46:08 UTC 2016 

Reviewed:  https://review.openstack.org/387250
Committed: https://git.openstack.org/cgit/openstack/charm-ceph-mon/commit/?id=526dc525d4525a70efdb9cf153da3720336dc556
Submitter: Jenkins
Branch:    master

commit 526dc525d4525a70efdb9cf153da3720336dc556
Author: James Page <james.page at ubuntu.com>
Date:   Mon Oct 17 09:22:15 2016 +0100

    Downgrade default key mon capabilities
    
    The 'w' capability for mon is no longer required by default, as
    the ceph broker in the ceph{-mon} charm is responsible for pool
    creation, not clients.
    
    Drop this permission (keys are automatically upgraded).
    
    Change-Id: I85ba55b7b929eb852046db354a745eb3beed2c51
    Depends-On: Iefffe047214555a15c4201fca605f07ac39c8f5c
    Partial-Bug: 1424771

-- 
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to cinder in Juju Charms Collection.
Matching subscriptions: charm-bugs
https://bugs.launchpad.net/bugs/1424771

Title:
  Excessive caps for CephX users glance, cinder, nova-compute

Status in charms.openstack:
  Triaged
Status in ceph package in Juju Charms Collection:
  Triaged
Status in ceph-mon package in Juju Charms Collection:
  Triaged
Status in cinder package in Juju Charms Collection:
  Triaged
Status in glance package in Juju Charms Collection:
  Triaged
Status in nova-compute package in Juju Charms Collection:
  Triaged

Bug description:
  The cephx identities, which the charms generate for glance, cinder and
  nova-compute, have excessive capabilities. They allow write access to
  mons, and unrestricted access to OSDs.

  The following caps should be sufficient:

  For client.glance:
  mon = "allow r"
  osd = "allow rw pool=glance"

  For client.cinder:
  mon = "allow r"
  osd = "allow rw pool=cinder"

  For client.nova-compute:
  mon = "allow r"
  osd = "allow rwx pool=cinder"

To manage notifications about this bug go to:
https://bugs.launchpad.net/charms.openstack/+bug/1424771/+subscriptions

More information about the Ubuntu-openstack-bugs mailing list