[Bug 1424771] Fix merged to charm-glance (master)

OpenStack Infra 1424771 at bugs.launchpad.net
Tue Feb 14 21:17:22 UTC 2017 

Reviewed:  https://review.openstack.org/433586
Committed: https://git.openstack.org/cgit/openstack/charm-glance/commit/?id=29da04b58bd0eac3125ebd95b85b237fd7789713
Submitter: Jenkins
Branch:    master

commit 29da04b58bd0eac3125ebd95b85b237fd7789713
Author: James Page <james.page at ubuntu.com>
Date:   Tue Feb 14 10:46:27 2017 +0000

    Add support for cephx pool grouping and permissions
    
    Sync charmhelpers and add configuration option to allow access
    to ceph pools to be limited based on grouping.
    
    Glance only requires rwx access to pools containing images.
    
    Change-Id: I72611b38887a686f6acaeffd70bc4705a425a07b
    Partial-Bug: 1424771

-- 
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to cinder in Juju Charms Collection.
Matching subscriptions: charm-bugs
https://bugs.launchpad.net/bugs/1424771

Title:
  Excessive caps for CephX users glance, cinder, nova-compute

Status in charms.openstack:
  In Progress
Status in ceph package in Juju Charms Collection:
  In Progress
Status in ceph-mon package in Juju Charms Collection:
  In Progress
Status in ceph-radosgw package in Juju Charms Collection:
  Fix Committed
Status in cinder package in Juju Charms Collection:
  Fix Committed
Status in cinder-ceph package in Juju Charms Collection:
  Fix Committed
Status in glance package in Juju Charms Collection:
  Fix Committed
Status in nova-compute package in Juju Charms Collection:
  Fix Committed

Bug description:
  The cephx identities, which the charms generate for glance, cinder and
  nova-compute, have excessive capabilities. They allow write access to
  mons, and unrestricted access to OSDs.

  The following caps should be sufficient:

  For client.glance:
  mon = "allow r"
  osd = "allow rw pool=glance"

  For client.cinder:
  mon = "allow r"
  osd = "allow rw pool=cinder"

  For client.nova-compute:
  mon = "allow r"
  osd = "allow rwx pool=cinder"

To manage notifications about this bug go to:
https://bugs.launchpad.net/charms.openstack/+bug/1424771/+subscriptions

More information about the Ubuntu-openstack-bugs mailing list