From f9034731fa234a4b5efa1d2d6147fe1e798b6d36 Mon Sep 17 00:00:00 2001
From: Jasper Ras <jras@hostnet.nl>
Date: Fri, 4 Apr 2025 14:31:53 +0200
Subject: vault backup: 2025-04-04 14:31:53

---
 Gobs Ceph Client Key Access.md | 13 +++++++++++++
 1 file changed, 13 insertions(+)
 create mode 100644 Gobs Ceph Client Key Access.md

(limited to 'Gobs Ceph Client Key Access.md')

diff --git a/Gobs Ceph Client Key Access.md b/Gobs Ceph Client Key Access.md
new file mode 100644
index 0000000..d8f86c7
--- /dev/null
+++ b/Gobs Ceph Client Key Access.md	
@@ -0,0 +1,13 @@
+---
+tags:
+  - work
+  - gobs
+  - ceph
+  - openstack
+---
+[[Overview of Ceph]]
+
+Ceph credentials are typically stored in a keyring file under `/etc/ceph`. Nova has a a key there owned by nova/nova.
+Instead of adding a new key I've added the `goba` user to the `nova` group and modified our hieradata to specify a mode which allows the group to read the keyring.
+
+https://gitlab.group.one/groupvps/hieradata/-/merge_requests/499/diffs
-- 
cgit v1.2.3