[Bug 1424771] Fix merged to charm-ceph-mon (master)
OpenStack Infra
1424771 at bugs.launchpad.net
Tue Feb 14 22:34:00 UTC 2017
Reviewed: https://review.openstack.org/433871
Committed: https://git.openstack.org/cgit/openstack/charm-ceph-mon/commit/?id=dfd070202bcca626f6fa67ba36de5146174196eb
Submitter: Jenkins
Branch: master
commit dfd070202bcca626f6fa67ba36de5146174196eb
Author: Chris MacNaughton <chris.macnaughton at canonical.com>
Date: Tue Feb 14 13:23:21 2017 -0600
Sync back in charms.ceph
Change-Id: I5d8956792a2de53d9d0f34b241206cb62295dcac
Partial-Bug: 1424771
--
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to cinder in Juju Charms Collection.
Matching subscriptions: charm-bugs
https://bugs.launchpad.net/bugs/1424771
Title:
Excessive caps for CephX users glance, cinder, nova-compute
Status in charms.openstack:
Fix Released
Status in ceph package in Juju Charms Collection:
In Progress
Status in ceph-mon package in Juju Charms Collection:
In Progress
Status in ceph-radosgw package in Juju Charms Collection:
Fix Committed
Status in cinder package in Juju Charms Collection:
Fix Committed
Status in cinder-ceph package in Juju Charms Collection:
Fix Committed
Status in glance package in Juju Charms Collection:
Fix Committed
Status in nova-compute package in Juju Charms Collection:
Fix Committed
Bug description:
The cephx identities, which the charms generate for glance, cinder and
nova-compute, have excessive capabilities. They allow write access to
mons, and unrestricted access to OSDs.
The following caps should be sufficient:
For client.glance:
mon = "allow r"
osd = "allow rw pool=glance"
For client.cinder:
mon = "allow r"
osd = "allow rw pool=cinder"
For client.nova-compute:
mon = "allow r"
osd = "allow rwx pool=cinder"
To manage notifications about this bug go to:
https://bugs.launchpad.net/charms.openstack/+bug/1424771/+subscriptions
More information about the Ubuntu-openstack-bugs
mailing list