1802814 – Ceph manila keys are created and added to the auth list of Ceph even when not deploying Manila

Bug 1802814 - Ceph manila keys are created and added to the auth list of Ceph even when not deploying Manila

Summary: Ceph manila keys are created and added to the auth list of Ceph even when not...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat OpenStack
Classification:	Red Hat
Component:	openstack-tripleo-heat-templates
Sub Component:
Version:	16.0 (Train)
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	medium
Target Milestone:	z2
Target Release:	16.0 (Train on RHEL 8.1)
Assignee:	Francesco Pantano
QA Contact:	Nathan Weinberg
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2020-02-13 22:51 UTC by Darin Sorrentino
Modified:	2020-05-14 12:16 UTC (History)
CC List:	8 users (show)
Fixed In Version:	openstack-tripleo-heat-templates-11.3.2-0.20200324120625.c3a8eb4.el8ost
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2020-05-14 12:15:31 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
OpenStack gerrit	709083	None	MERGED	Add a new set of tasks to build the openstack pool and key list	2020-05-14 11:25:50 UTC
OpenStack gerrit	709297	None	MERGED	Add CephBasePoolVars and CephKeyVars structures	2020-05-14 11:25:50 UTC
OpenStack gerrit	712131	None	MERGED	Add CephBasePoolVars and CephKeyVars structures	2020-05-14 11:25:50 UTC
OpenStack gerrit	713106	None	MERGED	Add a new set of tasks to build the openstack pool and key list	2020-05-14 11:25:50 UTC
Red Hat Product Errata	RHBA-2020:2114	None	None	None	2020-05-14 12:16:01 UTC

Description Darin Sorrentino 2020-02-13 22:51:22 UTC

Description of problem:

When deploying an overcloud that includes a Ceph deployment, the /etc/ceph/ceph.client.manila.keyring is being created and the client is being added to the auth list with permissions that are not scoped to specific pools:

'caps': {'mgr': 'allow *', 'mon': 'allow rw', 'osd': 'allow rwx'}

This client should not be created if not deploying manila


Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:

Comment 1 Darin Sorrentino 2020-02-13 22:52:09 UTC

Sorry, if I wasn't clear in the description, Manila is NOT being deployed in this scenario but the client is created anyway.

Comment 11 errata-xmlrpc 2020-05-14 12:15:31 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:2114

Note You need to log in before you can comment on or make changes to this bug.