Bug 1996830
| Summary: | OCS external mode should allow specifying names for all Ceph auth principals | |||
|---|---|---|---|---|
| Product: | [Red Hat Storage] Red Hat OpenShift Data Foundation | Reporter: | Lars Kellogg-Stedman <lars> | |
| Component: | rook | Assignee: | Parth Arora <paarora> | |
| Status: | CLOSED ERRATA | QA Contact: | Neha Berry <nberry> | |
| Severity: | unspecified | Docs Contact: | ||
| Priority: | unspecified | |||
| Version: | 4.8 | CC: | madam, muagarwa, nberry, ocs-bugs, odf-bz-bot, paarora, sagrawal, shan, shmohan, tnielsen | |
| Target Milestone: | --- | |||
| Target Release: | ODF 4.11.0 | |||
| Hardware: | Unspecified | |||
| OS: | Unspecified | |||
| Whiteboard: | ||||
| Fixed In Version: | 4.10.0-113 | Doc Type: | No Doc Update | |
| Doc Text: | Story Points: | --- | ||
| Clone Of: | ||||
| : | 2069314 (view as bug list) | Environment: | ||
| Last Closed: | 2022-04-13 18:49:40 UTC | Type: | Bug | |
| Regression: | --- | Mount Type: | --- | |
| Documentation: | --- | CRM: | ||
| Verified Versions: | Category: | --- | ||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
| Cloudforms Team: | --- | Target Upstream Version: | ||
| Embargoed: | ||||
| Bug Depends On: | ||||
| Bug Blocks: | 2069314 | |||
|
Description
Lars Kellogg-Stedman
2021-08-23 18:49:36 UTC
AFAIK, this script is owned by rook. Please change the component if that is not correct. (In reply to Lars Kellogg-Stedman from comment #0) > The `ceph-external-cluster-details-exporter.py` script currently allows > setting the name of the `healthchecker` principal via the `--run-as-user` > option. This is inadequate for a Ceph cluster serving storage to multiple > OpenShift clusters, especially when those clusters (and of the Ceph cluster > itself) may be managed by different groups. > > The exporter script should either (a) permit the administrator to specify > principal names explicitly, or (b) should permit the administrator to apply > a suffix and/or prefix to be applied to every name, so that instead of: > > - client.healthchecker > - client.csi-rbd-provisioner > - client.csi-rbd-node > - Etc. > > We should have: > > - client.healthchecker-cluster1 This can be achieved by setting the `--run-as-user` option right? > - client.csi-rbd-provisioner-cluster1 > - client.csi-rbd-node-cluster1 > - client.healthchecker-cluster2 > - client.csi-rbd-provisioner-cluster2 > - client.csi-rbd-node-cluster2 > - Etc. Agreed, adding a suffix or the ability to change the name sounds good. > > This allows permissions to be scoped appropriately to each individual > cluster. Parth can you take a look at this one? Thanks! Too late for 4.9 Since we are doing doc changes, do we need to add doc text in the bug? Also, have we raised a doc bug? Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Important: Red Hat OpenShift Data Foundation 4.10.0 enhancement, security & bug fix update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2022:1372 The needinfo request[s] on this closed bug have been removed as they have been unresolved for 120 days |