From 48e9898abd3fb74b294906d5944dafbb7cf07ce0 Mon Sep 17 00:00:00 2001
From: Jorge Niedbalski <jorge.niedbalski@linaro.org>
Date: Tue, 2 Oct 2018 18:15:52 -0300
Subject: [PATCH] [nova] Fix missing blacklist permission.

The cephx keys are missing a default permission
to allow to see blacklisted clients.

This permission ensures that in the event of a client
crash (kill -9/hard shutdown/power outage) the client
can re-connect and write to any devices after reboot.

Closes-Bug: 1773449

Change-Id: I44d3982233f892d2c0ce3b9964194d8098453978
Signed-off-by: Jorge Niedbalski <jorge.niedbalski@linaro.org>
---
 ansible/roles/nova/defaults/main.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ansible/roles/nova/defaults/main.yml b/ansible/roles/nova/defaults/main.yml
index 1ab5eb0cfc..71ad943480 100644
--- a/ansible/roles/nova/defaults/main.yml
+++ b/ansible/roles/nova/defaults/main.yml
@@ -252,7 +252,7 @@ nova_pool_pgp_num: "{{ ceph_pool_pgp_num }}"
 nova_hw_disk_discard: "unmap"
 
 ceph_client_nova_keyring_caps:
-  mon: 'allow r'
+  mon: 'allow r, allow command "osd blacklist"'
   osd: >-
     allow class-read object_prefix rbd_children,
     allow rwx pool={{ ceph_cinder_pool_name }},