cephadm: Set auth_allow_insecure_global_id_reclaim to true
Background in [1]. Ubuntu uses pre 15.2.11 client and new 15.2.11 installs default that to false, therefore not allowing Ubuntu clients to connect. [1]: https://docs.ceph.com/en/latest/security/CVE-2021-20288/ Change-Id: Ic251b447026262eab4b406b8432cc009ca97ae82
This commit is contained in:

committed by
Mark Goddard

parent
058dd6828d
commit
a967b9dd66
@@ -79,6 +79,17 @@
|
|||||||
become: True
|
become: True
|
||||||
loop: "{{ cephadm_ceph_osd_devices }}"
|
loop: "{{ cephadm_ceph_osd_devices }}"
|
||||||
|
|
||||||
|
# NOTE(mnasiadka): Ubuntu uses pre 15.2.11 Octopus client code and suffers from
|
||||||
|
# https://docs.ceph.com/en/latest/security/CVE-2021-20288/
|
||||||
|
|
||||||
|
- name: Set auth_allow_insecure_global_id_reclaim to True
|
||||||
|
command:
|
||||||
|
cmd: >
|
||||||
|
cephadm shell --
|
||||||
|
ceph config set mon auth_allow_insecure_global_id_reclaim true
|
||||||
|
become: true
|
||||||
|
when: ansible_distribution == "Ubuntu"
|
||||||
|
|
||||||
- name: Create and initialise pools for OpenStack services
|
- name: Create and initialise pools for OpenStack services
|
||||||
command:
|
command:
|
||||||
cmd: >
|
cmd: >
|
||||||
|
Reference in New Issue
Block a user