From 43d26b914750513736918d52d45d2a42cdcc29e7 Mon Sep 17 00:00:00 2001 From: John Spray Date: Fri, 21 Apr 2017 07:20:59 -0400 Subject: systemd: update mgr auth caps Granting it 'allow *' on mon and osd so that it can use MCommand to remote control daemons. Signed-off-by: John Spray --- systemd/ceph-mgr@.service | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'systemd') diff --git a/systemd/ceph-mgr@.service b/systemd/ceph-mgr@.service index b6e9fb687f2..42186016313 100644 --- a/systemd/ceph-mgr@.service +++ b/systemd/ceph-mgr@.service @@ -20,7 +20,7 @@ Environment=CLUSTER=ceph ExecStartPre=-/bin/sh -c "exec mkdir -p /var/lib/ceph/mgr/${CLUSTER}-%i" ExecStartPre=-/bin/sh -c "[ -f /var/lib/ceph/mgr/${CLUSTER}-%i/keyring ] || /usr/bin/ceph-authtool --create-keyring --gen-key --name=mgr.%i /var/lib/ceph/mgr/${CLUSTER}-%i/keyring" ExecStartPre=-/bin/sh -c "exec chown -R ceph.ceph /var/lib/ceph/mgr/${CLUSTER}-%i" -ExecStartPre=-/usr/bin/ceph -i /var/lib/ceph/mgr/${CLUSTER}-%i/keyring auth add mgr.%i mon 'allow profile mgr' --keyring=/var/lib/ceph/mon/${CLUSTER}-%i/keyring --name=mon. +ExecStartPre=-/usr/bin/ceph -i /var/lib/ceph/mgr/${CLUSTER}-%i/keyring auth add mgr.%i mon 'allow profile mgr' osd 'allow *' mds 'allow *' --keyring=/var/lib/ceph/mon/${CLUSTER}-%i/keyring --name=mon. ExecStart=/usr/bin/ceph-mgr -f --cluster ${CLUSTER} --id %i --setuser ceph --setgroup ceph ExecReload=/bin/kill -HUP $MAINPID -- cgit v1.2.3