[Bug 1424771] Re: Excessive caps for CephX users glance, cinder, nova-compute
James Page
james.page at ubuntu.com
Thu Feb 23 18:37:50 UTC 2017
** Changed in: charm-ceph
Importance: Undecided => Medium
** Changed in: charm-ceph
Status: New => Fix Committed
** Changed in: charm-ceph
Assignee: (unassigned) => Chris MacNaughton (chris.macnaughton)
** Changed in: ceph (Juju Charms Collection)
Status: Fix Committed => Invalid
** Changed in: charm-ceph-mon
Importance: Undecided => Medium
** Changed in: charm-ceph-mon
Status: New => Fix Committed
** Changed in: charm-ceph-mon
Assignee: (unassigned) => Chris MacNaughton (chris.macnaughton)
** Changed in: ceph-mon (Juju Charms Collection)
Status: Fix Committed => Invalid
** Changed in: charm-ceph-radosgw
Importance: Undecided => Medium
** Changed in: charm-ceph-radosgw
Status: New => Fix Committed
** Changed in: ceph-radosgw (Juju Charms Collection)
Status: Fix Committed => Invalid
** Changed in: charm-cinder
Importance: Undecided => Medium
** Changed in: charm-cinder
Status: New => Fix Committed
** Changed in: cinder (Juju Charms Collection)
Status: Fix Committed => Invalid
** Changed in: charm-cinder-ceph
Importance: Undecided => Medium
** Changed in: charm-cinder-ceph
Status: New => Fix Committed
** Changed in: cinder-ceph (Juju Charms Collection)
Status: Fix Committed => Invalid
** Changed in: charm-glance
Importance: Undecided => Medium
** Changed in: charm-glance
Status: New => Fix Committed
** Changed in: glance (Juju Charms Collection)
Status: Fix Committed => Invalid
--
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to cinder in Juju Charms Collection.
Matching subscriptions: charm-bugs
https://bugs.launchpad.net/bugs/1424771
Title:
Excessive caps for CephX users glance, cinder, nova-compute
Status in OpenStack ceph charm:
Fix Committed
Status in OpenStack ceph-mon charm:
Fix Committed
Status in OpenStack ceph-radosgw charm:
Fix Committed
Status in OpenStack cinder charm:
Fix Committed
Status in OpenStack cinder-ceph charm:
Fix Committed
Status in OpenStack glance charm:
Fix Committed
Status in OpenStack nova-compute charm:
Fix Committed
Status in charms.openstack:
Fix Released
Status in ceph package in Juju Charms Collection:
Invalid
Status in ceph-mon package in Juju Charms Collection:
Invalid
Status in ceph-radosgw package in Juju Charms Collection:
Invalid
Status in cinder package in Juju Charms Collection:
Invalid
Status in cinder-ceph package in Juju Charms Collection:
Invalid
Status in glance package in Juju Charms Collection:
Invalid
Status in nova-compute package in Juju Charms Collection:
Invalid
Bug description:
The cephx identities, which the charms generate for glance, cinder and
nova-compute, have excessive capabilities. They allow write access to
mons, and unrestricted access to OSDs.
The following caps should be sufficient:
For client.glance:
mon = "allow r"
osd = "allow rw pool=glance"
For client.cinder:
mon = "allow r"
osd = "allow rw pool=cinder"
For client.nova-compute:
mon = "allow r"
osd = "allow rwx pool=cinder"
To manage notifications about this bug go to:
https://bugs.launchpad.net/charm-ceph/+bug/1424771/+subscriptions
More information about the Ubuntu-openstack-bugs
mailing list