openstack/kolla-ansible
Code Issues Proposed changes

cephadm: Set auth_allow_insecure_global_id_reclaim to true

Browse Source 
Background in [1].
Ubuntu uses pre 15.2.11 client and new 15.2.11 installs default that to false,
therefore not allowing Ubuntu clients to connect.

[1]: https://docs.ceph.com/en/latest/security/CVE-2021-20288/

Change-Id: Ic251b447026262eab4b406b8432cc009ca97ae82
This commit is contained in:
Michał Nasiadka 2021-04-23 16:17:33 +02:00 committed by Mark Goddard
parent 058dd6828d
commit a967b9dd66
1 changed files with 11 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
roles/cephadm/tasks/main.yml
View File

@ -79,6 +79,17 @@
become: True become: True
loop: "{{ cephadm_ceph_osd_devices }}" loop: "{{ cephadm_ceph_osd_devices }}"
# NOTE(mnasiadka): Ubuntu uses pre 15.2.11 Octopus client code and suffers from
# https://docs.ceph.com/en/latest/security/CVE-2021-20288/
- name: Set auth_allow_insecure_global_id_reclaim to True
command:
cmd: >
cephadm shell --
ceph config set mon auth_allow_insecure_global_id_reclaim true
become: true
when: ansible_distribution == "Ubuntu"
- name: Create and initialise pools for OpenStack services - name: Create and initialise pools for OpenStack services
command: command:
cmd: > cmd: >