Marking consuming charm tasks Fix Committed; charms have a new flag 'restrict-ceph-pools' which will enable restriction of access to underlying ceph pools using a grouping mechanism provided by the ceph broker in the ceph and ceph-mon charms.
Pools are groups into 'volumes', 'images', 'vms', 'objects' - example perms for a 'default' deployment:
Marking consuming charm tasks Fix Committed; charms have a new flag 'restrict- ceph-pools' which will enable restriction of access to underlying ceph pools using a grouping mechanism provided by the ceph broker in the ceph and ceph-mon charms.
Pools are groups into 'volumes', 'images', 'vms', 'objects' - example perms for a 'default' deployment:
client.cinder-ceph A2VnYZ+ lEXaFY0fn0bFg7F g== AQC8MjQ+ 5Aj/8YVZw7q3oZQ == ALeUWb0E9d2v6KI 8VQG+c0w= = radosgw. gateway Aqg9mm7CtP4WpDv GiVJvfEg= = rgw.buckets, ..., allow rwx pool=.rgw.root
key: AQBgGqNYTLTXOBA
caps: [mon] allow r
caps: [osd] allow rwx pool=cinder-ceph, allow rwx pool=glance, allow rwx pool=nova
client.glance
key: AQBKGaNYXBqvKBA
caps: [mon] allow r
caps: [osd] allow rwx pool=glance
client.nova-compute
key: AQA+GaNY1dZmGhA
caps: [mon] allow r
caps: [osd] allow rwx pool=cinder-ceph, allow rwx pool=glance, allow rwx pool=nova
client.
key: AQBxM6NY0al5AhA
caps: [mon] allow r
caps: [osd] allow rwx pool=default.