Project

General

Profile

Actions
Copy link

Bug #18090

open

bootstrap-rgw does not allow creation of keys without write permissions to mons

Added by Gaudenz Steinlin over 7 years ago. Updated almost 7 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Target version:
-
% Done:

0%

Source:
Tags:
Backport:
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Pull request ID:
Crash signature (v1):
Crash signature (v2):

Description

Keys created with the boostrap-rgw profile only allow the creation of keys which are mon 'allow rw' and osd 'allow rwx'. They don't allow more restricted configurations where the radosgw daemons can't create pools themselves and can't access unrelated pools like RBD images.

For production deployments IMO you want to precreate the pools with the correct crush rule and PG num and create a key which only allows read acces to mons and only allow rwx access to the radosgw pools for osds.

Actions
Copy link
 #1

Updated by Greg Farnum almost 7 years ago

  • Category set to Monitor
Actions
Copy link
 #2

Updated by Greg Farnum almost 7 years ago

  • Project changed from Ceph to rgw
  • Category deleted (Monitor)
Actions
Copy link

Also available in: Atom PDF