cephadm: Set auth_allow_insecure_global_id_reclaim to true
Background in [1]. Ubuntu uses pre 15.2.11 client and new 15.2.11 installs default that to false, therefore not allowing Ubuntu clients to connect. [1]: https://docs.ceph.com/en/latest/security/CVE-2021-20288/ Change-Id: Ic251b447026262eab4b406b8432cc009ca97ae82
This commit is contained in:
		 Michał Nasiadka
					Michał Nasiadka
				
			
				
					committed by
					
						 Mark Goddard
						Mark Goddard
					
				
			
			
				
	
			
			
			 Mark Goddard
						Mark Goddard
					
				
			
						parent
						
							058dd6828d
						
					
				
				
					commit
					a967b9dd66
				
			| @@ -79,6 +79,17 @@ | ||||
|   become: True | ||||
|   loop: "{{ cephadm_ceph_osd_devices }}" | ||||
|  | ||||
| # NOTE(mnasiadka): Ubuntu uses pre 15.2.11 Octopus client code and suffers from | ||||
| #                  https://docs.ceph.com/en/latest/security/CVE-2021-20288/ | ||||
|  | ||||
| - name: Set auth_allow_insecure_global_id_reclaim to True | ||||
|   command: | ||||
|     cmd: > | ||||
|          cephadm shell -- | ||||
|          ceph config set mon auth_allow_insecure_global_id_reclaim true | ||||
|   become: true | ||||
|   when: ansible_distribution == "Ubuntu" | ||||
|  | ||||
| - name: Create and initialise pools for OpenStack services | ||||
|   command: | ||||
|     cmd: > | ||||
|   | ||||
		Reference in New Issue
	
	Block a user