After deploying overcloud with ceph-ansible with manila, manila ceph driver can not connect to the ceph cluster (access denied), the reason is that capabilities for manila user are misconfigured:
# ceph auth list
client.manila
key: AQCgNZ1ZAAAAABAAvOESAeVm1nnEV2QERRX47Q==
caps: [mds] allow *
caps: [mon] allow r, allow command auth del, allow command auth caps, allow command auth get, allow command auth get-or-create
caps: [osd] allow rw
but should be:
client.manila
key: AQCgNZ1ZAAAAABAAvOESAeVm1nnEV2QERRX47Q==
caps: [mds] allow *
caps: [mon] allow r, allow command="auth del", allow command="auth caps", allow command="auth get", allow command="auth get-or-create"
caps: [osd] allow class-read object_prefix rbd_children, allow rwx pool=cephfs_data, allow rwx pool=cephfs_metadata
The problem will be in unescaped caps in THT:
https://github.com/openstack/tripleo-heat-templates/blob/master/docker/services/ceph-ansible/ceph-base.yaml#L243
should be same as here:
https://github.com/openstack/tripleo-heat-templates/blob/master/puppet/services/ceph-base.yaml#L147
This issue was fixed by https:/