RBD volumes don't work with unprivileged RADOS users in Essex
Bug #975335 reported by
Josh Durgin
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| OpenStack Compute (nova) |
Fix Released
|
Medium
|
Josh Durgin | ||
| Essex |
Fix Released
|
Medium
|
Josh Durgin | ||
Bug Description
The default RADOS user (admin) is not overrideable in Essex. The admin user has access to anything in a RADOS cluster, so this prevents privilege separation (i.e. restricting reading and writing by Nova's RBD driver to a specific RADOS pool.) This is fixed in master commit 01f24caba86c987
| Changed in nova: | |
| assignee: | nobody → Josh Durgin (jdurgin) |
| importance: | Undecided → Medium |
| status: | New → Fix Committed |
Revision history for this message
| OpenStack Infra (hudson-openstack) wrote Fix merged to nova (stable/essex) | #1 |
| tags: | added: in-stable-essex |
| Changed in nova: | |
| milestone: | none → folsom-1 |
| Changed in nova: | |
| status: | Fix Committed → Fix Released |
| Changed in nova: | |
| milestone: | folsom-1 → 2012.2 |
To post a comment you must log in.
Reviewed: https:/
Committed: http://
Submitter: Jenkins
Branch: stable/essex
commit d4e96fe0294bd3d
Author: Josh Durgin <email address hidden>
Date: Wed Apr 4 00:38:59 2012 -0700
Allow unprivileged RADOS users to access rbd volumes.
This makes it possible to access rbd volumes with RADOS users with
restricted privileges. Previously, the admin user was always used.
This requires libvirt 0.9.8 or higher.
This is a backport of commit 01f24caba86c987
from master.
Fixes bug 975335.
Change-Id: I3fbb2c03e5f639