From 8c1e7061f877c2758b5229a12df771ad0ae8715d Mon Sep 17 00:00:00 2001 From: Sam Yaple Date: Fri, 20 Nov 2015 23:21:38 +0000 Subject: [PATCH] Remove the two different auth profiles Ceph can function just fine generating the keys before the pools have been created so we can apply the proper permissions to the auth string ahead of time. This allows us to not require additional steps to add a cache tier on the fly in the future. Change-Id: I8214c567fb7c337f95d908c5699d1da922bfa1a6 Closes-Bug: #1518475 --- ansible/roles/cinder/tasks/ceph.yml | 24 ++---------------------- ansible/roles/glance/tasks/ceph.yml | 12 +----------- ansible/roles/nova/tasks/ceph.yml | 12 +----------- 3 files changed, 4 insertions(+), 44 deletions(-) diff --git a/ansible/roles/cinder/tasks/ceph.yml b/ansible/roles/cinder/tasks/ceph.yml index 5878ed86bb..a2db0101a4 100644 --- a/ansible/roles/cinder/tasks/ceph.yml +++ b/ansible/roles/cinder/tasks/ceph.yml @@ -29,41 +29,21 @@ pool_type: "{{ cinder_backup_pool_type }}" cache_mode: "{{ cinder_backup_cache_mode }}" -# TODO(SamYaple): Improve failed_when and changed_when tests -- name: Pulling cephx keyring for cinder - command: docker exec ceph_mon ceph auth get-or-create client.cinder mon 'allow r' osd 'allow class-read object_prefix rbd_children, allow rwx pool={{ ceph_cinder_pool_name }}, allow rwx pool={{ ceph_nova_pool_name }}, allow rx pool={{ ceph_glance_pool_name }}' - register: cephx_key_cinder - delegate_to: "{{ groups['ceph-mon'][0] }}" - changed_when: False - run_once: True - when: not ceph_enable_cache | bool - -# TODO(SamYaple): Improve failed_when and changed_when tests +# TODO(SamYaple): Improve changed_when tests - name: Pulling cephx keyring for cinder command: docker exec ceph_mon ceph auth get-or-create client.cinder mon 'allow r' osd 'allow class-read object_prefix rbd_children, allow rwx pool={{ ceph_cinder_pool_name }}, allow rwx pool={{ ceph_cinder_pool_name }}-cache, allow rwx pool={{ ceph_nova_pool_name }}, allow rwx pool={{ ceph_nova_pool_name }}-cache, allow rx pool={{ ceph_glance_pool_name }}, allow rx pool={{ ceph_glance_pool_name }}-cache' register: cephx_key_cinder delegate_to: "{{ groups['ceph-mon'][0] }}" changed_when: False run_once: True - when: ceph_enable_cache | bool -# TODO(SamYaple): Improve failed_when and changed_when tests -- name: Pulling cephx keyring for cinder-backup - command: docker exec ceph_mon ceph auth get-or-create client.cinder-backup mon 'allow r' osd 'allow class-read object_prefix rbd_children, allow rwx pool={{ ceph_cinder_backup_pool_name }}' - register: cephx_key_cinder_backup - delegate_to: "{{ groups['ceph-mon'][0] }}" - changed_when: False - run_once: True - when: not ceph_enable_cache | bool - -# TODO(SamYaple): Improve failed_when and changed_when tests +# TODO(SamYaple): Improve changed_when tests - name: Pulling cephx keyring for cinder-backup command: docker exec ceph_mon ceph auth get-or-create client.cinder-backup mon 'allow r' osd 'allow class-read object_prefix rbd_children, allow rwx pool={{ ceph_cinder_backup_pool_name }}, allow rwx pool={{ ceph_cinder_backup_pool_name }}-cache' register: cephx_key_cinder_backup delegate_to: "{{ groups['ceph-mon'][0] }}" changed_when: False run_once: True - when: ceph_enable_cache | bool - name: Pushing cephx keyring copy: diff --git a/ansible/roles/glance/tasks/ceph.yml b/ansible/roles/glance/tasks/ceph.yml index 2024ec6e1a..cb031fa09e 100644 --- a/ansible/roles/glance/tasks/ceph.yml +++ b/ansible/roles/glance/tasks/ceph.yml @@ -17,23 +17,13 @@ pool_type: "{{ glance_pool_type }}" cache_mode: "{{ glance_cache_mode }}" -# TODO(SamYaple): Improve failed_when and changed_when tests -- name: Pulling cephx keyring - command: docker exec ceph_mon ceph auth get-or-create client.glance mon 'allow r' osd 'allow class-read object_prefix rbd_children, allow rwx pool={{ ceph_glance_pool_name }}' - register: cephx_key - delegate_to: "{{ groups['ceph-mon'][0] }}" - changed_when: False - run_once: True - when: not ceph_enable_cache | bool - -# TODO(SamYaple): Improve failed_when and changed_when tests +# TODO(SamYaple): Improve changed_when tests - name: Pulling cephx keyring command: docker exec ceph_mon ceph auth get-or-create client.glance mon 'allow r' osd 'allow class-read object_prefix rbd_children, allow rwx pool={{ ceph_glance_pool_name }}, allow rwx pool={{ ceph_glance_pool_name }}-cache' register: cephx_key delegate_to: "{{ groups['ceph-mon'][0] }}" changed_when: False run_once: True - when: ceph_enable_cache | bool - name: Pushing cephx keyring copy: diff --git a/ansible/roles/nova/tasks/ceph.yml b/ansible/roles/nova/tasks/ceph.yml index 37ca882bfe..f7fdf959a6 100644 --- a/ansible/roles/nova/tasks/ceph.yml +++ b/ansible/roles/nova/tasks/ceph.yml @@ -23,23 +23,13 @@ pool_type: "{{ nova_pool_type }}" cache_mode: "{{ nova_cache_mode }}" -# TODO(SamYaple): Improve failed_when and changed_when tests -- name: Pulling cephx keyring for nova - command: docker exec ceph_mon ceph auth get-or-create client.nova mon 'allow r' osd 'allow class-read object_prefix rbd_children, allow rwx pool={{ ceph_cinder_pool_name }}, allow rwx pool={{ ceph_nova_pool_name }}, allow rx pool={{ ceph_glance_pool_name }}' - register: cephx_key - delegate_to: "{{ groups['ceph-mon'][0] }}" - changed_when: False - run_once: True - when: not ceph_enable_cache | bool - -# TODO(SamYaple): Improve failed_when and changed_when tests +# TODO(SamYaple): Improve changed_when tests - name: Pulling cephx keyring for nova command: docker exec ceph_mon ceph auth get-or-create client.nova mon 'allow r' osd 'allow class-read object_prefix rbd_children, allow rwx pool={{ ceph_cinder_pool_name }}, allow rwx pool={{ ceph_cinder_pool_name }}-cache, allow rwx pool={{ ceph_nova_pool_name }}, allow rwx pool={{ ceph_nova_pool_name }}-cache, allow rx pool={{ ceph_glance_pool_name }}, allow rx pool={{ ceph_glance_pool_name }}-cache' register: cephx_key delegate_to: "{{ groups['ceph-mon'][0] }}" changed_when: False run_once: True - when: ceph_enable_cache | bool # TODO(SamYaple): Improve failed_when and changed_when tests - name: Pulling cephx keyring for libvirt