I was aware that was possible; however I'm deploying openstack automatically and I don't really want to pass the uuid around between nova-volume and nova-compute nodes.
I simply want to provide each of the compute nodes with the cephx key it needs to use and a generated username - and it will just configure its own set of secrets and configure nova appropriately, overriding the config that nova-volume may/will have sent.
My finer grained access control requirement was really around having different keys for volume/cinder and compute - so if I add/remove additional compute farms I can easily manage the keys on a per role basis.
I guess I was just being hyper-cautious with the rbd check in the patch :-)
Hi Josh
I was aware that was possible; however I'm deploying openstack automatically and I don't really want to pass the uuid around between nova-volume and nova-compute nodes.
I simply want to provide each of the compute nodes with the cephx key it needs to use and a generated username - and it will just configure its own set of secrets and configure nova appropriately, overriding the config that nova-volume may/will have sent.
My finer grained access control requirement was really around having different keys for volume/cinder and compute - so if I add/remove additional compute farms I can easily manage the keys on a per role basis.
I guess I was just being hyper-cautious with the rbd check in the patch :-)