External Ceph: keys as variables

Introduce user modifiable variables instead of fixed-names
of Ceph keyring files for external Ceph functionality.

Change-Id: I1a33b3f9d6eca5babf53b91187461e43aef865ce
This commit is contained in:
Michal Nasiadka 2019-09-26 12:41:18 +02:00
parent 7671384919
commit 1f929336e3
14 changed files with 206 additions and 208 deletions

View File

@ -1028,6 +1028,14 @@ ceph_mgr_host_type: "INVENTORY"
ceph_osd_host_type: "IP" ceph_osd_host_type: "IP"
ceph_mds_host_type: "INVENTORY" ceph_mds_host_type: "INVENTORY"
# External Ceph keyrings
ceph_cinder_keyring: "ceph.client.cinder.keyring"
ceph_cinder_backup_keyring: "ceph.client.cinder-backup.keyring"
ceph_glance_keyring: "ceph.client.glance.keyring"
ceph_gnocchi_keyring: "ceph.client.gnocchi.keyring"
ceph_manila_keyring: "ceph.client.manila.keyring"
ceph_nova_keyring: "{% if enable_ceph | bool %}ceph.client.nova.keyring{% else %}{{ ceph_cinder_keyring }}{% endif %}"
##################### #####################
# VMware support # VMware support
###################### ######################

View File

@ -21,12 +21,10 @@
- name: Copy over Ceph keyring files for cinder-volume - name: Copy over Ceph keyring files for cinder-volume
copy: copy:
src: "{{ item }}" src: "{{ node_custom_config }}/cinder/cinder-volume/{{ ceph_cinder_keyring }}"
dest: "{{ node_config_directory }}/cinder-volume/" dest: "{{ node_config_directory }}/cinder-volume/"
mode: "0660" mode: "0660"
become: true become: true
with_fileglob:
- "{{ node_custom_config }}/cinder/cinder-volume/ceph.client*"
when: when:
- external_ceph_cephx_enabled | bool - external_ceph_cephx_enabled | bool
- inventory_hostname in groups['cinder-volume'] - inventory_hostname in groups['cinder-volume']
@ -36,13 +34,14 @@
- name: Copy over Ceph keyring files for cinder-backup - name: Copy over Ceph keyring files for cinder-backup
copy: copy:
src: "{{ item }}" src: "{{ node_custom_config }}/cinder/{{ item }}"
dest: "{{ node_config_directory }}/cinder-backup/" dest: "{{ node_config_directory }}/cinder-backup/"
mode: "0660" mode: "0660"
become: true become: true
register: cinder_backup_ceph_keyring register: cinder_backup_ceph_keyring
with_fileglob: with_items:
- "{{ node_custom_config }}/cinder/cinder-backup/ceph.client*" - "cinder-backup/{{ ceph_cinder_keyring }}"
- "cinder-backup/{{ ceph_cinder_backup_keyring }}"
when: when:
- external_ceph_cephx_enabled | bool - external_ceph_cephx_enabled | bool
- inventory_hostname in groups['cinder-backup'] - inventory_hostname in groups['cinder-backup']

View File

@ -14,10 +14,24 @@
"perm": "0600" "perm": "0600"
}{% endif %}{% if cinder_backend_ceph | bool %}, }{% endif %}{% if cinder_backend_ceph | bool %},
{ {
"source": "{{ container_config_directory }}/ceph.*", "source": "{{ container_config_directory }}/ceph.conf",
"dest": "/etc/ceph/", "dest": "/etc/ceph/ceph.conf",
"owner": "cinder", "owner": "cinder",
"perm": "0700", "perm": "0600",
"optional": {{ (not cinder_backend_ceph | bool) | string | lower }}
},
{
"source": "{{ container_config_directory }}/{{ ceph_cinder_keyring }}",
"dest": "/etc/ceph/{{ ceph_cinder_keyring }}",
"owner": "cinder",
"perm": "0600",
"optional": {{ (not cinder_backend_ceph | bool) | string | lower }}
},
{
"source": "{{ container_config_directory }}/{{ ceph_cinder_backup_keyring }}",
"dest": "/etc/ceph/{{ ceph_cinder_backup_keyring }}",
"owner": "cinder",
"perm": "0600",
"optional": {{ (not cinder_backend_ceph | bool) | string | lower }} "optional": {{ (not cinder_backend_ceph | bool) | string | lower }}
}{% endif %} }{% endif %}
], ],

View File

@ -8,10 +8,10 @@
"perm": "0600" "perm": "0600"
}, },
{ {
"source": "{{ container_config_directory }}/ceph.*", "source": "{{ container_config_directory }}/{{ ceph_cinder_keyring }}",
"dest": "/etc/ceph/", "dest": "/etc/ceph/{{ ceph_cinder_keyring }}",
"owner": "cinder", "owner": "cinder",
"perm": "0700", "perm": "0600",
"optional": {{ (not cinder_backend_ceph | bool) | string | lower }} "optional": {{ (not cinder_backend_ceph | bool) | string | lower }}
}, },
{ {

View File

@ -1,27 +1,29 @@
--- ---
- name: Copy over ceph files - name: Copy over ceph.conf for Glance
copy: template:
src: "{{ item }}" src: "{{ node_custom_config }}/glance/ceph.conf"
dest: "{{ node_config_directory }}/glance-api/" dest: "{{ node_config_directory }}/glance-api/ceph.conf"
mode: "0660" mode: "0660"
become: true become: true
when: when: inventory_hostname in groups['glance-api']
- glance_services['glance-api'].host_in_groups | bool notify:
- glance_services['glance-api'].enabled | bool - Restart glance-api container
with_fileglob:
- "{{ node_custom_config }}/glance/ceph*" - name: Copy over ceph Glance keyring
copy:
src: "{{ node_custom_config }}/glance/{{ ceph_glance_keyring }}"
dest: "{{ node_config_directory }}/glance-api/{{ ceph_glance_keyring }}"
mode: "0660"
become: true
when: inventory_hostname in groups['glance-api']
notify: notify:
- Restart glance-api container - Restart glance-api container
- name: Ensuring config directory has correct owner and permission - name: Ensuring config directory has correct owner and permission
file: file:
path: "{{ node_config_directory }}/{{ item }}" path: "{{ node_config_directory }}/glance-api"
recurse: yes recurse: yes
owner: "{{ config_owner_user }}" owner: "{{ config_owner_user }}"
group: "{{ config_owner_group }}" group: "{{ config_owner_group }}"
become: true become: true
when: when: inventory_hostname in groups['glance-api']
- glance_services[item].host_in_groups | bool
- glance_services[item].enabled | bool
with_items:
- "glance-api"

View File

@ -14,10 +14,16 @@
"perm": "0600" "perm": "0600"
}{% endif %}{% if glance_backend_ceph | bool %}, }{% endif %}{% if glance_backend_ceph | bool %},
{ {
"source": "{{ container_config_directory }}/ceph.*", "source": "{{ container_config_directory }}/{{ ceph_glance_keyring }}",
"dest": "/etc/ceph/", "dest": "/etc/ceph/{{ ceph_glance_keyring }}",
"owner": "glance", "owner": "glance",
"perm": "0700" "perm": "0600"
},
{
"source": "{{ container_config_directory }}/ceph.conf",
"dest": "/etc/ceph/ceph.conf",
"owner": "glance",
"perm": "0600"
}{% endif %}{% if glance_backend_swift | bool %}, }{% endif %}{% if glance_backend_swift | bool %},
{ {
"source": "{{ container_config_directory }}/glance-swift.conf", "source": "{{ container_config_directory }}/glance-swift.conf",

View File

@ -15,8 +15,8 @@
- name: Copy over ceph gnocchi keyring - name: Copy over ceph gnocchi keyring
copy: copy:
src: "{{ node_custom_config }}/gnocchi/ceph.client.gnocchi.keyring" src: "{{ node_custom_config }}/gnocchi/{{ ceph_gnocchi_keyring }}"
dest: "{{ node_config_directory }}/{{ item }}/ceph.client.gnocchi.keyring" dest: "{{ node_config_directory }}/{{ item }}/{{ ceph_gnocchi_keyring }}"
mode: "0660" mode: "0660"
become: true become: true
when: inventory_hostname in groups[item] when: inventory_hostname in groups[item]

View File

@ -28,8 +28,8 @@
"perm": "0600" "perm": "0600"
}, },
{ {
"source": "{{ container_config_directory }}/ceph.client.gnocchi.keyring", "source": "{{ container_config_directory }}/{{ ceph_gnocchi_keyring }}",
"dest": "/etc/ceph/ceph.client.gnocchi.keyring", "dest": "/etc/ceph/{{ ceph_gnocchi_keyring }}",
"owner": "gnocchi", "owner": "gnocchi",
"perm": "0600" "perm": "0600"
}{% endif %} }{% endif %}

View File

@ -12,12 +12,10 @@
- name: Copy over Ceph keyring files for manila - name: Copy over Ceph keyring files for manila
copy: copy:
src: "{{ item }}" src: "{{ node_custom_config }}/manila/{{ ceph_manila_keyring }}"
dest: "{{ node_config_directory }}/manila-share/" dest: "{{ node_config_directory }}/manila-share/{{ ceph_manila_keyring }}"
mode: "0600" mode: "0600"
become: true become: true
with_fileglob:
- "{{ node_custom_config }}/manila/ceph.client*"
when: when:
- inventory_hostname in groups['manila-share'] - inventory_hostname in groups['manila-share']
notify: notify:

View File

@ -8,8 +8,14 @@
"perm": "0600" "perm": "0600"
}{% if enable_manila_backend_cephfs_native | bool or enable_manila_backend_cephfs_nfs | bool %}, }{% if enable_manila_backend_cephfs_native | bool or enable_manila_backend_cephfs_nfs | bool %},
{ {
"source": "{{ container_config_directory }}/ceph.*", "source": "{{ container_config_directory }}/ceph.conf",
"dest": "/etc/ceph/", "dest": "/etc/ceph/ceph.conf",
"owner": "manila",
"perm": "0600"
},
{
"source": "{{ container_config_directory }}/{{ ceph_manila_keyring }}",
"dest": "/etc/ceph/{{ ceph_manila_keyring }}",
"owner": "manila", "owner": "manila",
"perm": "0600" "perm": "0600"
}{% endif %}{% if manila_policy_file is defined %}, }{% endif %}{% if manila_policy_file is defined %},

View File

@ -11,7 +11,7 @@
- name: Check nova keyring file - name: Check nova keyring file
stat: stat:
path: "{{ node_custom_config }}/nova/ceph.client.nova.keyring" path: "{{ node_custom_config }}/nova/{{ ceph_nova_keyring }}"
delegate_to: localhost delegate_to: localhost
run_once: True run_once: True
register: nova_cephx_keyring_file register: nova_cephx_keyring_file
@ -22,7 +22,7 @@
- name: Check cinder keyring file - name: Check cinder keyring file
stat: stat:
path: "{{ node_custom_config }}/nova/ceph.client.cinder.keyring" path: "{{ node_custom_config }}/nova/{{ ceph_cinder_keyring }}"
delegate_to: localhost delegate_to: localhost
run_once: True run_once: True
register: cinder_cephx_keyring_file register: cinder_cephx_keyring_file
@ -39,7 +39,6 @@
become: true become: true
with_items: with_items:
- nova-compute - nova-compute
- nova-libvirt
when: when:
- inventory_hostname in groups[nova_cell_compute_group] - inventory_hostname in groups[nova_cell_compute_group]
- nova_backend == "rbd" - nova_backend == "rbd"

View File

@ -14,10 +14,16 @@
"perm": "0600" "perm": "0600"
}{% endif %}{% if nova_backend == "rbd" %}, }{% endif %}{% if nova_backend == "rbd" %},
{ {
"source": "{{ container_config_directory }}/ceph.*", "source": "{{ container_config_directory }}/{{ ceph_nova_keyring }}",
"dest": "/etc/ceph/", "dest": "/etc/ceph/{{ ceph_nova_keyring }}",
"owner": "nova", "owner": "nova",
"perm": "0700" "perm": "0600"
},
{
"source": "{{ container_config_directory }}/ceph.conf",
"dest": "/etc/ceph/ceph.conf",
"owner": "nova",
"perm": "0600"
}{% endif %}{% if nova_compute_virt_type == "vmware" and not vmware_vcenter_insecure | bool %}, }{% endif %}{% if nova_compute_virt_type == "vmware" and not vmware_vcenter_insecure | bool %},
{ {
"source": "{{ container_config_directory }}/vmware_ca", "source": "{{ container_config_directory }}/vmware_ca",

View File

@ -64,229 +64,176 @@ Configuring External Ceph
Glance Glance
------ ------
Configuring Glance for Ceph includes three steps: Configuring Glance for Ceph includes the following steps:
#. Configure RBD back end in ``glance-api.conf`` #. Configure RBD back end in ``glance-api.conf``
#. Create Ceph configuration file in ``/etc/ceph/ceph.conf``
#. Create Ceph keyring file in ``/etc/ceph/ceph.client.<username>.keyring``
Step 1 is done by using Kolla's INI merge mechanism: Create a file in .. path /etc/kolla/config/glance/glance-api.conf
``/etc/kolla/config/glance/glance-api.conf`` with the following contents: .. code-block:: ini
.. code-block:: ini [glance_store]
stores = rbd
default_store = rbd
rbd_store_pool = images
rbd_store_user = glance
rbd_store_ceph_conf = /etc/ceph/ceph.conf
[glance_store] #. Copy Ceph configuration file to ``/etc/kolla/config/glance/ceph.conf``
stores = rbd
default_store = rbd
rbd_store_pool = images
rbd_store_user = glance
rbd_store_ceph_conf = /etc/ceph/ceph.conf
Now put ceph.conf and the keyring file (name depends on the username created in .. path /etc/kolla/config/glance/ceph.conf
Ceph) into the same directory, for example: .. code-block:: ini
.. path /etc/kolla/config/glance/ceph.conf [global]
.. code-block:: ini fsid = 1d89fec3-325a-4963-a950-c4afedd37fe3
mon_initial_members = ceph-0
mon_host = 192.168.0.56
auth_cluster_required = cephx
auth_service_required = cephx
auth_client_required = cephx
[global] #. Configure Ceph authentication details in ``/etc/kolla/globals.yml``:
fsid = 1d89fec3-325a-4963-a950-c4afedd37fe3
mon_initial_members = ceph-0
mon_host = 192.168.0.56
auth_cluster_required = cephx
auth_service_required = cephx
auth_client_required = cephx
.. code-block:: console * ``ceph_glance_keyring`` (default: ``ceph.client.glance.keyring``)
$ cat /etc/kolla/config/glance/ceph.client.glance.keyring #. Copy Ceph keyring to ``/etc/kolla/config/glance/<ceph_glance_keyring>``
[client.glance]
key = AQAg5YRXS0qxLRAAXe6a4R1a15AoRx7ft80DhA==
Kolla will pick up all files named ``ceph.*`` in this directory and copy them
to the ``/etc/ceph/`` directory of the container.
Cinder Cinder
------ ------
Configuring external Ceph for Cinder works very similar to Configuring Cinder for Ceph includes following steps:
Glance.
Modify ``/etc/kolla/config/cinder/cinder-volume.conf`` file according to #. Configure RBD backend in ``cinder-volume.conf`` and ``cinder-backup.conf``
the following configuration:
.. code-block:: ini .. path /etc/kolla/config/cinder/cinder-volume.conf
.. code-block:: ini
[DEFAULT] [DEFAULT]
enabled_backends=rbd-1 enabled_backends=rbd-1
[rbd-1] [rbd-1]
rbd_ceph_conf=/etc/ceph/ceph.conf rbd_ceph_conf=/etc/ceph/ceph.conf
rbd_user=cinder rbd_user=cinder
backend_host=rbd:volumes backend_host=rbd:volumes
rbd_pool=volumes rbd_pool=volumes
volume_backend_name=rbd-1 volume_backend_name=rbd-1
volume_driver=cinder.volume.drivers.rbd.RBDDriver volume_driver=cinder.volume.drivers.rbd.RBDDriver
rbd_secret_uuid = {{ cinder_rbd_secret_uuid }} rbd_secret_uuid = {{ cinder_rbd_secret_uuid }}
.. note:: .. note::
``cinder_rbd_secret_uuid`` can be found in ``/etc/kolla/passwords.yml`` file. ``cinder_rbd_secret_uuid`` can be found in ``/etc/kolla/passwords.yml``.
Modify ``/etc/kolla/config/cinder/cinder-backup.conf`` file according to .. path /etc/kolla/config/cinder/cinder-backup.conf
the following configuration: .. code-block:: ini
.. code-block:: ini [DEFAULT]
backup_ceph_conf=/etc/ceph/ceph.conf
backup_ceph_user=cinder-backup
backup_ceph_chunk_size = 134217728
backup_ceph_pool=backups
backup_driver = cinder.backup.drivers.ceph.CephBackupDriver
backup_ceph_stripe_unit = 0
backup_ceph_stripe_count = 0
restore_discard_excess_bytes = true
[DEFAULT] For more information about the Cinder backup configuration, see
backup_ceph_conf=/etc/ceph/ceph.conf :cinder-doc:`Ceph backup driver
backup_ceph_user=cinder-backup <configuration/block-storage/backup/ceph-backup-driver.html>`.
backup_ceph_chunk_size = 134217728
backup_ceph_pool=backups
backup_driver = cinder.backup.drivers.ceph.CephBackupDriver
backup_ceph_stripe_unit = 0
backup_ceph_stripe_count = 0
restore_discard_excess_bytes = true
For more information about the Cinder backup configuration, see #. Copy Ceph configuration file to ``/etc/kolla/config/cinder/ceph.conf``
:cinder-doc:`Ceph backup driver <configuration/block-storage/backup/ceph-backup-driver.html>`.
Next, copy the ``ceph.conf`` file into ``/etc/kolla/config/cinder/``: Separate configuration options can be configured for
cinder-volume and cinder-backup by adding ceph.conf files to
``/etc/kolla/config/cinder/cinder-volume`` and
``/etc/kolla/config/cinder/cinder-backup`` respectively. They
will be merged with ``/etc/kolla/config/cinder/ceph.conf``.
.. code-block:: ini #. Configure Ceph authentication details in ``/etc/kolla/globals.yml``:
* ``ceph_cinder_keyring`` (default: ``ceph.client.cinder.keyring``)
* ``ceph_cinder_backup_keyring``
(default: ``ceph.client.cinder-backup.keyring``)
[global] #. Copy Ceph keyring files to:
fsid = 1d89fec3-325a-4963-a950-c4afedd37fe3 * ``/etc/kolla/config/cinder/cinder-volume/<ceph_cinder_keyring>``
mon_initial_members = ceph-0 * ``/etc/kolla/config/cinder/cinder-backup/<ceph_cinder_keyring>``
mon_host = 192.168.0.56 * ``/etc/kolla/config/cinder/cinder-backup/<ceph_cinder_backup_keyring>``
auth_cluster_required = cephx
auth_service_required = cephx
auth_client_required = cephx
Separate configuration options can be configured for
cinder-volume and cinder-backup by adding ceph.conf files to
``/etc/kolla/config/cinder/cinder-volume`` and
``/etc/kolla/config/cinder/cinder-backup`` respectively. They
will be merged with ``/etc/kolla/config/cinder/ceph.conf``.
Ceph keyrings are deployed per service and placed into
``cinder-volume`` and ``cinder-backup`` directories, put the keyring files
to these directories, for example:
.. note:: .. note::
``cinder-backup`` requires two keyrings for accessing volumes ``cinder-backup`` requires two keyrings for accessing volumes
and backup pool. and backup pool.
.. code-block:: console
$ cat /etc/kolla/config/cinder/cinder-backup/ceph.client.cinder.keyring
[client.cinder]
key = AQAg5YRXpChaGRAAlTSCleesthCRmCYrfQVX1w==
.. code-block:: console
$ cat /etc/kolla/config/cinder/cinder-backup/ceph.client.cinder-backup.keyring
[client.cinder-backup]
key = AQC9wNBYrD8MOBAAwUlCdPKxWZlhkrWIDE1J/w==
.. code-block:: console
$ cat /etc/kolla/config/cinder/cinder-volume/ceph.client.cinder.keyring
[client.cinder]
key = AQAg5YRXpChaGRAAlTSCleesthCRmCYrfQVX1w==
It is important that the files are named ``ceph.client*``.
Nova Nova
---- ----
Put ceph.conf, nova client keyring file and cinder client keyring file into Configuring Nova for Ceph includes following steps:
``/etc/kolla/config/nova``:
.. warning:: #. Copy Ceph configuration file to ``/etc/kolla/config/nova/ceph.conf``
#. Configure Ceph authentication details in ``/etc/kolla/globals.yml``:
If you are using ceph-ansible - please copy ceph.client.cinder.keyring * ``ceph_cinder_keyring`` (default: ``ceph.client.cinder.keyring``)
as /etc/kolla/config/nova/ceph.client.nova.keyring * ``ceph_nova_keyring`` (by default it's the same as ceph_cinder_keyring)
.. code-block:: console #. Copy Ceph keyring file(s) to:
$ ls /etc/kolla/config/nova * ``/etc/kolla/config/nova/<ceph_cinder_keyring>``
ceph.client.cinder.keyring ceph.client.nova.keyring ceph.conf * ``/etc/kolla/config/nova/<ceph_nova_keyring>`` (if your Ceph deployment
created one)
Configure nova-compute to use Ceph as the ephemeral back end by creating .. warning::
``/etc/kolla/config/nova/nova-compute.conf`` and adding the following
configurations:
.. code-block:: ini If you are using ceph-ansible or another deployment tool that doesn't
create separate key for Nova just copy the Cinder key.
[libvirt] #. Configure nova-compute to use Ceph as the ephemeral back end by creating
images_rbd_pool=vms ``/etc/kolla/config/nova/nova-compute.conf`` and adding the following
images_type=rbd configurations:
images_rbd_ceph_conf=/etc/ceph/ceph.conf
rbd_user=nova
.. note:: .. code-block:: ini
``rbd_user`` might vary depending on your environment. [libvirt]
images_rbd_pool=vms
images_type=rbd
images_rbd_ceph_conf=/etc/ceph/ceph.conf
Gnocchi Gnocchi
------- -------
Modify ``/etc/kolla/config/gnocchi.conf`` file according to Configuring Gnocchi for Ceph includes following steps:
the following configuration:
.. code-block:: ini #. Copy Ceph configuration file to ``/etc/kolla/config/gnocchi/ceph.conf``
#. Configure Ceph authentication details in ``/etc/kolla/globals.yml``:
[storage] * ``ceph_gnocchi_keyring``
driver = ceph (default: ``ceph.client.gnocchi.keyring``)
ceph_username = gnocchi
ceph_keyring = /etc/ceph/ceph.client.gnocchi.keyring
ceph_conffile = /etc/ceph/ceph.conf
Put ceph.conf and gnocchi client keyring file in #. Copy Ceph keyring to ``/etc/kolla/config/gnocchi/<ceph_gnocchi_keyring>``
``/etc/kolla/config/gnocchi``: #. Modify ``/etc/kolla/config/gnocchi.conf`` file according to the following
configuration:
.. code-block:: console .. code-block:: ini
$ ls /etc/kolla/config/gnocchi [storage]
ceph.client.gnocchi.keyring ceph.conf gnocchi.conf driver = ceph
ceph_username = gnocchi
ceph_keyring = /etc/ceph/ceph.client.gnocchi.keyring
ceph_conffile = /etc/ceph/ceph.conf
Manila Manila
------ ------
Configuring Manila for Ceph includes four steps: Configuring Manila for Ceph includes following steps:
#. Configure CephFS backend, setting ``enable_manila_backend_cephfs_native`` #. Configure CephFS backend by setting ``enable_manila_backend_cephfs_native``
#. Create Ceph configuration file in ``/etc/ceph/ceph.conf`` to ``true``
#. Create Ceph keyring file in ``/etc/ceph/ceph.client.<username>.keyring`` #. Configure Ceph authentication details in ``/etc/kolla/globals.yml``:
* ``ceph_manila_keyring`` (default: ``ceph.client.manila.keyring``)
#. Copy Ceph configuration file to ``/etc/kolla/config/manila/ceph.conf``
#. Copy Ceph keyring to ``/etc/kolla/config/manila/<ceph_manila_keyring>``
#. Setup Manila in the usual way #. Setup Manila in the usual way
Step 1 is done by using setting ``enable_manila_backend_cephfs_native=true``
Now put ceph.conf and the keyring file (name depends on the username created
in Ceph) into the same directory, for example:
.. path /etc/kolla/config/manila/ceph.conf
.. code-block:: ini
[global]
fsid = 1d89fec3-325a-4963-a950-c4afedd37fe3
mon_host = 192.168.0.56
auth_cluster_required = cephx
auth_service_required = cephx
auth_client_required = cephx
.. code-block:: console
$ cat /etc/kolla/config/manila/ceph.client.manila.keyring
[client.manila]
key = AQAg5YRXS0qxLRAAXe6a4R1a15AoRx7ft80DhA==
For more details on the rest of the Manila setup, such as creating the share For more details on the rest of the Manila setup, such as creating the share
type ``default_share_type``, please see :doc:`Manila in Kolla <manila-guide>`. type ``default_share_type``, please see :doc:`Manila in Kolla <manila-guide>`.

View File

@ -0,0 +1,13 @@
---
features:
- |
Introduce user modifiable variables instead of fixed names for Ceph
keyring files used by external Ceph functionality.
upgrade:
- |
For cinder (cinder-volume and cinder-backup), glance-api and manila
keyrings behavior has changed and kolla-ansible deployment will not copy
those keys using wildcards (ceph.*), instead will use newly introduced
variables. Your environment may render unusable after an upgrade if your
keys in /etc/kolla/config do not match default values for introduced
variables.