Actions
Bug #18090
openbootstrap-rgw does not allow creation of keys without write permissions to mons
Status:
New
Priority:
Normal
Assignee:
-
Target version:
-
% Done:
0%
Source:
Tags:
Backport:
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Pull request ID:
Crash signature (v1):
Crash signature (v2):
Description
Keys created with the boostrap-rgw profile only allow the creation of keys which are mon 'allow rw' and osd 'allow rwx'. They don't allow more restricted configurations where the radosgw daemons can't create pools themselves and can't access unrelated pools like RBD images.
For production deployments IMO you want to precreate the pools with the correct crush rule and PG num and create a key which only allows read acces to mons and only allow rwx access to the radosgw pools for osds.
Updated by Greg Farnum almost 7 years ago
- Project changed from Ceph to rgw
- Category deleted (
Monitor)
Actions