Merge "Change ceph_client caps to use profile rbd"

2019-10-10 10:43:28 +00:00 · 2019-10-10 10:43:28 +00:00 · 45c175c33e
commit 45c175c33e
parent 5973708f78 bdc8df0c90
4 changed files with 23 additions and 28 deletions
--- a/ansible/roles/cinder/defaults/main.yml
+++ b/ansible/roles/cinder/defaults/main.yml
@ -70,22 +70,20 @@ cinder_backup_pool_pg_num: "{{ ceph_pool_pg_num }}"
 cinder_backup_pool_pgp_num: "{{ ceph_pool_pgp_num }}"

 ceph_client_cinder_keyring_caps:
-  mon: 'allow r'
+  mon: 'profile rbd'
  osd: >-
-    allow class-read object_prefix rbd_children,
-    allow rwx pool={{ ceph_cinder_pool_name }},
-    allow rwx pool={{ ceph_cinder_pool_name }}-cache,
-    allow rwx pool={{ ceph_nova_pool_name }},
-    allow rwx pool={{ ceph_nova_pool_name }}-cache,
-    allow rx pool={{ ceph_glance_pool_name }},
-    allow rx pool={{ ceph_glance_pool_name }}-cache
+    profile rbd pool={{ ceph_cinder_pool_name }},
+    profile rbd pool={{ ceph_nova_pool_name }},
+    profile rbd pool={{ ceph_glance_pool_name }},
+    profile rbd pool={{ ceph_cinder_pool_name }}-cache,
+    profile rbd pool={{ ceph_nova_pool_name }}-cache,
+    profile rbd pool={{ ceph_glance_pool_name }}-cache

 ceph_client_cinder_backup_keyring_caps:
-  mon: 'allow r'
+  mon: 'profile rbd'
  osd: >-
-    allow class-read object_prefix rbd_children,
-    allow rwx pool={{ ceph_cinder_backup_pool_name }},
-    allow rwx pool={{ ceph_cinder_backup_pool_name }}-cache
+    profile rbd pool={{ ceph_cinder_backup_pool_name }},
+    profile rbd pool={{ ceph_cinder_backup_pool_name }}-cache


 ####################
--- a/ansible/roles/glance/defaults/main.yml
+++ b/ansible/roles/glance/defaults/main.yml
@ -81,11 +81,10 @@ glance_pool_pg_num: "{{ ceph_pool_pg_num }}"
 glance_pool_pgp_num: "{{ ceph_pool_pgp_num }}"

 ceph_client_glance_keyring_caps:
-  mon: 'allow r'
+  mon: 'profile rbd'
  osd: >-
-    allow class-read object_prefix rbd_children,
-    allow rwx pool={{ ceph_glance_pool_name }},
-    allow rwx pool={{ ceph_glance_pool_name }}-cache
+    profile rbd pool={{ ceph_glance_pool_name }},
+    profile rbd pool={{ ceph_glance_pool_name }}-cache


 ####################
--- a/ansible/roles/gnocchi/defaults/main.yml
+++ b/ansible/roles/gnocchi/defaults/main.yml
@ -51,11 +51,10 @@ gnocchi_pool_pg_num: "{{ ceph_pool_pg_num }}"
 gnocchi_pool_pgp_num: "{{ ceph_pool_pgp_num }}"

 ceph_client_gnocchi_keyring_caps:
-  mon: 'allow r'
+  mon: 'profile rbd'
  osd: >-
-    allow class-read object_prefix rbd_children,
-    allow rwx pool={{ ceph_gnocchi_pool_name }},
-    allow rwx pool={{ ceph_gnocchi_pool_name }}-cache
+    profile rbd pool={{ ceph_gnocchi_pool_name }},
+    profile rbd pool={{ ceph_gnocchi_pool_name }}-cache


 ####################
--- a/ansible/roles/nova/defaults/main.yml
+++ b/ansible/roles/nova/defaults/main.yml
@ -175,15 +175,14 @@ nova_pool_pgp_num: "{{ ceph_pool_pgp_num }}"
 nova_hw_disk_discard: "unmap"

 ceph_client_nova_keyring_caps:
-  mon: 'allow r, allow command "osd blacklist"'
+  mon: 'profile rbd'
  osd: >-
-    allow class-read object_prefix rbd_children,
-    allow rwx pool={{ ceph_cinder_pool_name }},
-    allow rwx pool={{ ceph_cinder_pool_name }}-cache,
-    allow rwx pool={{ ceph_nova_pool_name }},
-    allow rwx pool={{ ceph_nova_pool_name }}-cache,
-    allow rwx pool={{ ceph_glance_pool_name }},
-    allow rwx pool={{ ceph_glance_pool_name }}-cache
+    profile rbd pool={{ ceph_cinder_pool_name }},
+    profile rbd pool={{ ceph_cinder_pool_name }}-cache,
+    profile rbd pool={{ ceph_nova_pool_name }},
+    profile rbd pool={{ ceph_nova_pool_name }}-cache,
+    profile rbd pool={{ ceph_glance_pool_name }},
+    profile rbd pool={{ ceph_glance_pool_name }}-cache


 ####################