RBD volumes don't work with unprivileged RADOS users in Essex
Bug #975335 reported by
Josh Durgin
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Compute (nova) |
Fix Released
|
Medium
|
Josh Durgin | ||
Essex |
Fix Released
|
Medium
|
Josh Durgin |
Bug Description
The default RADOS user (admin) is not overrideable in Essex. The admin user has access to anything in a RADOS cluster, so this prevents privilege separation (i.e. restricting reading and writing by Nova's RBD driver to a specific RADOS pool.) This is fixed in master commit 01f24caba86c987
Changed in nova: | |
assignee: | nobody → Josh Durgin (jdurgin) |
importance: | Undecided → Medium |
status: | New → Fix Committed |
Changed in nova: | |
milestone: | none → folsom-1 |
Changed in nova: | |
status: | Fix Committed → Fix Released |
Changed in nova: | |
milestone: | folsom-1 → 2012.2 |
To post a comment you must log in.
Reviewed: https:/ /review. openstack. org/6288 github. com/openstack/ nova/commit/ d4e96fe0294bd3d 6e84a1d0a7e7546 62b23f8d13
Committed: http://
Submitter: Jenkins
Branch: stable/essex
commit d4e96fe0294bd3d 6e84a1d0a7e7546 62b23f8d13
Author: Josh Durgin <email address hidden>
Date: Wed Apr 4 00:38:59 2012 -0700
Allow unprivileged RADOS users to access rbd volumes.
This makes it possible to access rbd volumes with RADOS users with
restricted privileges. Previously, the admin user was always used.
This requires libvirt 0.9.8 or higher.
This is a backport of commit 01f24caba86c987 b0109f743979a4e 99e8afed11
from master.
Fixes bug 975335.
Change-Id: I3fbb2c03e5f639 40c3a42f2d4f8d0 3ee16b30f7e