virsh rbd secret setting assumes client.admin privileges
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
puppet-nova |
Fix Released
|
Undecided
|
Giulio Fidente | ||
tripleo |
Fix Released
|
Medium
|
Jiří Stránský |
Bug Description
One of the steps performed to set the cephx key for the virsh secret assumes we have client.admin privileges
The offending line is: https:/
To run $(ceph auth get-key) successfully we need access to client.admin, which shouldn't be needed on compute nodes.
In addition to that, it also assumes the ceph cluster is already up and running, which isn't necessarily the case during the first deployment of the ceph nodes.
One option would be to enforce passing the rbd_key as param but this would make it backward incompatible, another to extract the key from the rbd_keyring which also needs to be provided as param but we shouldn't make assumptions about there the keyring is located, as we don't know, its customizable in ceph.conf
Changed in tripleo: | |
assignee: | Jiří Stránský (jistr) → Giulio Fidente (gfidente) |
Changed in tripleo: | |
assignee: | Giulio Fidente (gfidente) → Jiří Stránský (jistr) |
Changed in tripleo: | |
status: | In Progress → Fix Committed |
Changed in tripleo: | |
status: | Fix Committed → Fix Released |
Changed in puppet-nova: | |
status: | Fix Committed → Fix Released |
Fix proposed to branch: master /review. openstack. org/170407
Review: https:/