Thanks for your bug submission.
For your information, you can provide your own ceph configuration by filling the ceph_conf_file variable.
However I'm not really sure about what you mention as off-limits.
The ceph-client role is made in such way that nodes (compute nodes for example) will connect on the ceph cluster to fetch what's needed for its good behavior: it's not the deploy node that will fetch these secrets.
According to my understanding, no security is breached or off-limits: the compute nodes HAVE TO have access on the mons anyway -- at least to have a well functioning system later.
Hello,
Thanks for your bug submission.
For your information, you can provide your own ceph configuration by filling the ceph_conf_file variable.
However I'm not really sure about what you mention as off-limits.
The ceph-client role is made in such way that nodes (compute nodes for example) will connect on the ceph cluster to fetch what's needed for its good behavior: it's not the deploy node that will fetch these secrets.
According to my understanding, no security is breached or off-limits: the compute nodes HAVE TO have access on the mons anyway -- at least to have a well functioning system later.
Could you further explain?
Thank you in advance.