From 70cb017808e2f783bcb7fdeb782ef5553036e6eb Mon Sep 17 00:00:00 2001
From: Tobias Urdin <tobias@busybox.se>
Date: Tue, 26 Jun 2018 17:35:02 +0200
Subject: [PATCH] Change ceph caps to profile rbd

Based on the documentation [1] and this
bug [2] we should set caps for ceph keys
that use RBD to use the profile.

As we can see in the bug [2] setting it to wrong
can have cause very bad issues, this should direct
as a guideline since we will not hit this in CI.

[1] http://docs.ceph.com/docs/luminous/rbd/rbd-openstack/#setup-ceph-client-authentication
[2] https://bugs.launchpad.net/nova/+bug/1773449

Change-Id: I3767645807279afac77c1c367a70af6f0f9f4084
---
 manifests/ceph.pp | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/manifests/ceph.pp b/manifests/ceph.pp
index 891db7a17..48790815a 100644
--- a/manifests/ceph.pp
+++ b/manifests/ceph.pp
@@ -52,8 +52,8 @@ class openstack_integration::ceph (
       'client.openstack'     => {
         'secret'  => 'AQD7kyJQQGoOBhAAqrPAqSopSwPrrfMMomzVdw==',
         'mode'    => '0644',
-        'cap_mon' => 'allow r',
-        'cap_osd' => 'allow class-read object_prefix rbd_children, allow rwx pool=cinder, allow rwx pool=nova, allow rwx pool=glance, allow rwx pool=gnocchi',
+        'cap_mon' => 'profile rbd',
+        'cap_osd' => 'profile rbd pool=cinder, profile rbd pool=nova, profile rbd pool=glance, profile rbd pool=gnocchi',
       },
     },
     osds                         => {