CephX keyrings ACLs are not effective
Bug #1775549 reported by
Giulio Fidente
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
tripleo |
Fix Released
|
Critical
|
Giulio Fidente |
Bug Description
I believe that by setting mode to 0600 for the file, we're changing the ACLs mask preventing the "read" permission from being applied for the specific user (cinder).
This affects all (but only) the non-containerized services, so cinder-volume in the OSP12 default case.
I think the only solution is to set the ACLs mask from puppet-tripleo where we also set the ACLs for the openstack users... but if others have better ideas I'd like to get some feedback. We set the file mode to 0600 in the attmempt to increase the deployment security.
To post a comment you must log in.
Fix proposed to branch: master /review. openstack. org/573142
Review: https:/