Missing 'allow class-read object_prefix rbd_children' with restrict-ceph-pools is enabled
Bug #1696073 reported by
Ante Karamatić
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Ceph Monitor Charm |
Fix Released
|
High
|
Liam Young | ||
OpenStack Cinder Charm |
Fix Released
|
High
|
Liam Young | ||
OpenStack Cinder-Ceph charm |
Fix Released
|
High
|
Liam Young | ||
OpenStack Glance Charm |
Fix Released
|
High
|
Liam Young | ||
OpenStack Nova Compute Charm |
Fix Released
|
High
|
Unassigned |
Bug Description
When restrict-ceph-pools is set to True, once cannot delete images uploaded to glance. It seems that glance also needs, at least, read access for cinder-ceph pool. So, this works:
client.glance
key: nothingtoseehere
caps: [mon] allow r
caps: [osd] allow r pool=cinder-ceph; allow rwx pool=glance
Read-only access for cinder-ceph is enough for creating volumes from images. Obviously, this permissions need to be set on relation with cinder-ceph.
tags: | added: adrastea |
Changed in charm-glance: | |
status: | New → Triaged |
importance: | Undecided → High |
summary: |
- Can't delete glance images with restrict-ceph-pools set to True + Missing 'allow class-read object_prefix rbd_children' with restrict- + ceph-pools is enabled |
Changed in charm-nova-compute: | |
status: | New → Triaged |
Changed in charm-cinder-ceph: | |
status: | New → Triaged |
Changed in charm-cinder: | |
status: | New → Triaged |
importance: | Undecided → High |
Changed in charm-cinder-ceph: | |
importance: | Undecided → High |
Changed in charm-nova-compute: | |
importance: | Undecided → High |
Changed in charm-cinder: | |
milestone: | none → 18.02 |
Changed in charm-cinder-ceph: | |
milestone: | none → 18.02 |
Changed in charm-glance: | |
milestone: | none → 18.02 |
Changed in charm-nova-compute: | |
milestone: | none → 18.02 |
Changed in charm-cinder: | |
assignee: | nobody → Liam Young (gnuoy) |
Changed in charm-cinder-ceph: | |
assignee: | nobody → Liam Young (gnuoy) |
Changed in charm-glance: | |
assignee: | nobody → Liam Young (gnuoy) |
Changed in charm-nova-compute: | |
assignee: | nobody → Liam Young (gnuoy) |
tags: | added: cpe-onsite |
Changed in charm-ceph-mon: | |
status: | New → In Progress |
importance: | Undecided → High |
assignee: | nobody → James Page (james-page) |
milestone: | none → 18.02 |
assignee: | James Page (james-page) → Liam Young (gnuoy) |
Changed in charm-nova-compute: | |
milestone: | 18.02 → 18.05 |
Changed in charm-glance: | |
status: | Fix Committed → Fix Released |
Changed in charm-cinder: | |
status: | Fix Committed → Fix Released |
Changed in charm-cinder-ceph: | |
status: | Fix Committed → Fix Released |
Changed in charm-ceph-mon: | |
status: | Fix Committed → Fix Released |
Changed in charm-nova-compute: | |
assignee: | Liam Young (gnuoy) → nobody |
Changed in charm-nova-compute: | |
milestone: | 18.05 → 18.08 |
Changed in charm-nova-compute: | |
status: | Triaged → In Progress |
Changed in charm-nova-compute: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
For me caps: [osd] allow class-read object_prefix rbd_children, allow rwx pool=glance docs.ceph. com/docs/ master/ rbd/rbd- openstack/ #setup- ceph-client- authentication
was needed. This is the ceph suggested way os using cephx authentication.
http://