wrong ceph capabailities for manila user
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
tripleo |
Fix Released
|
High
|
Jan Provaznik |
Bug Description
After deploying overcloud with ceph-ansible with manila, manila ceph driver can not connect to the ceph cluster (access denied), the reason is that capabilities for manila user are misconfigured:
# ceph auth list
client.manila
key: AQCgNZ1ZAAAAABA
caps: [mds] allow *
caps: [mon] allow r, allow command auth del, allow command auth caps, allow command auth get, allow command auth get-or-create
caps: [osd] allow rw
but should be:
client.manila
key: AQCgNZ1ZAAAAABA
caps: [mds] allow *
caps: [mon] allow r, allow command="auth del", allow command="auth caps", allow command="auth get", allow command="auth get-or-create"
caps: [osd] allow class-read object_prefix rbd_children, allow rwx pool=cephfs_data, allow rwx pool=cephfs_
The problem will be in unescaped caps in THT:
https:/
should be same as here:
https:/
Changed in tripleo: | |
importance: | Undecided → Medium |
importance: | Medium → High |
assignee: | nobody → Jan Provaznik (jan-provaznik) |
Changed in tripleo: | |
status: | New → Confirmed |
Changed in tripleo: | |
milestone: | none → queens-1 |
status: | Confirmed → Triaged |
tags: | added: pike-backport-potential |
Changed in tripleo: | |
milestone: | queens-1 → queens-2 |
Changed in tripleo: | |
milestone: | queens-2 → queens-3 |
This issue was fixed by https:/ /review. openstack. org/#/c/ 499580/ and https:/ /review. openstack. org/#/c/ 500462/