diff --git a/ansible/roles/cinder/defaults/main.yml b/ansible/roles/cinder/defaults/main.yml index 5803f4d5d8..44f01eedac 100644 --- a/ansible/roles/cinder/defaults/main.yml +++ b/ansible/roles/cinder/defaults/main.yml @@ -70,22 +70,20 @@ cinder_backup_pool_pg_num: "{{ ceph_pool_pg_num }}" cinder_backup_pool_pgp_num: "{{ ceph_pool_pgp_num }}" ceph_client_cinder_keyring_caps: - mon: 'allow r' + mon: 'profile rbd' osd: >- - allow class-read object_prefix rbd_children, - allow rwx pool={{ ceph_cinder_pool_name }}, - allow rwx pool={{ ceph_cinder_pool_name }}-cache, - allow rwx pool={{ ceph_nova_pool_name }}, - allow rwx pool={{ ceph_nova_pool_name }}-cache, - allow rx pool={{ ceph_glance_pool_name }}, - allow rx pool={{ ceph_glance_pool_name }}-cache + profile rbd pool={{ ceph_cinder_pool_name }}, + profile rbd pool={{ ceph_nova_pool_name }}, + profile rbd pool={{ ceph_glance_pool_name }}, + profile rbd pool={{ ceph_cinder_pool_name }}-cache, + profile rbd pool={{ ceph_nova_pool_name }}-cache, + profile rbd pool={{ ceph_glance_pool_name }}-cache ceph_client_cinder_backup_keyring_caps: - mon: 'allow r' + mon: 'profile rbd' osd: >- - allow class-read object_prefix rbd_children, - allow rwx pool={{ ceph_cinder_backup_pool_name }}, - allow rwx pool={{ ceph_cinder_backup_pool_name }}-cache + profile rbd pool={{ ceph_cinder_backup_pool_name }}, + profile rbd pool={{ ceph_cinder_backup_pool_name }}-cache #################### diff --git a/ansible/roles/glance/defaults/main.yml b/ansible/roles/glance/defaults/main.yml index 1bd18accb7..c71f793874 100644 --- a/ansible/roles/glance/defaults/main.yml +++ b/ansible/roles/glance/defaults/main.yml @@ -81,11 +81,10 @@ glance_pool_pg_num: "{{ ceph_pool_pg_num }}" glance_pool_pgp_num: "{{ ceph_pool_pgp_num }}" ceph_client_glance_keyring_caps: - mon: 'allow r' + mon: 'profile rbd' osd: >- - allow class-read object_prefix rbd_children, - allow rwx pool={{ ceph_glance_pool_name }}, - allow rwx pool={{ ceph_glance_pool_name }}-cache + profile rbd pool={{ ceph_glance_pool_name }}, + profile rbd pool={{ ceph_glance_pool_name }}-cache #################### diff --git a/ansible/roles/gnocchi/defaults/main.yml b/ansible/roles/gnocchi/defaults/main.yml index e8ebc13501..0a1cb29ed6 100644 --- a/ansible/roles/gnocchi/defaults/main.yml +++ b/ansible/roles/gnocchi/defaults/main.yml @@ -51,11 +51,10 @@ gnocchi_pool_pg_num: "{{ ceph_pool_pg_num }}" gnocchi_pool_pgp_num: "{{ ceph_pool_pgp_num }}" ceph_client_gnocchi_keyring_caps: - mon: 'allow r' + mon: 'profile rbd' osd: >- - allow class-read object_prefix rbd_children, - allow rwx pool={{ ceph_gnocchi_pool_name }}, - allow rwx pool={{ ceph_gnocchi_pool_name }}-cache + profile rbd pool={{ ceph_gnocchi_pool_name }}, + profile rbd pool={{ ceph_gnocchi_pool_name }}-cache #################### diff --git a/ansible/roles/nova/defaults/main.yml b/ansible/roles/nova/defaults/main.yml index 8517eb8ec1..71cf51614c 100644 --- a/ansible/roles/nova/defaults/main.yml +++ b/ansible/roles/nova/defaults/main.yml @@ -175,15 +175,14 @@ nova_pool_pgp_num: "{{ ceph_pool_pgp_num }}" nova_hw_disk_discard: "unmap" ceph_client_nova_keyring_caps: - mon: 'allow r, allow command "osd blacklist"' + mon: 'profile rbd' osd: >- - allow class-read object_prefix rbd_children, - allow rwx pool={{ ceph_cinder_pool_name }}, - allow rwx pool={{ ceph_cinder_pool_name }}-cache, - allow rwx pool={{ ceph_nova_pool_name }}, - allow rwx pool={{ ceph_nova_pool_name }}-cache, - allow rwx pool={{ ceph_glance_pool_name }}, - allow rwx pool={{ ceph_glance_pool_name }}-cache + profile rbd pool={{ ceph_cinder_pool_name }}, + profile rbd pool={{ ceph_cinder_pool_name }}-cache, + profile rbd pool={{ ceph_nova_pool_name }}, + profile rbd pool={{ ceph_nova_pool_name }}-cache, + profile rbd pool={{ ceph_glance_pool_name }}, + profile rbd pool={{ ceph_glance_pool_name }}-cache ####################