From 8aa8e617d982222e4b3c8d6a26b7190baca1b199 Mon Sep 17 00:00:00 2001 From: Mark Goddard Date: Wed, 30 Jun 2021 09:30:54 +0100 Subject: [PATCH] nova: Use cinder user for Ceph In Ussuri, nova stopped using separate Ceph keys for the volumes and vms pools by default. Instead, we set ceph_nova_keyring to the value of ceph_cinder_keyring by default, which is ceph.client.cinder.keyring. This is in line with the Ceph OpenStack integration guide [1]. However, the user used by nova to access the vms pool (ceph_nova_user) defaults to nova, meaning that nova will still try to use a ceph.client.nova.keyring, which probably does not exist. We did not see this issue in CI, because we set ceph_nova_user to cinder. This change fixes the issue by setting ceph_nova_user to the value of ceph_cinder_user by default, which is cinder. Closes-Bug: #1934145 Related-Bug: #1928690 [1] https://docs.ceph.com/en/latest/rbd/rbd-openstack/ Change-Id: I6aa8db2214e07906f1f3e035411fc80ba911a274 --- ansible/group_vars/all.yml | 2 +- .../reference/storage/external-ceph-guide.rst | 13 ++++++------- .../notes/nova-ceph-user-53670f9ccc546225.yaml | 16 ++++++++++++++++ 3 files changed, 23 insertions(+), 8 deletions(-) create mode 100644 releasenotes/notes/nova-ceph-user-53670f9ccc546225.yaml diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml index fb63607489..09ad3f3989 100644 --- a/ansible/group_vars/all.yml +++ b/ansible/group_vars/all.yml @@ -1051,7 +1051,7 @@ ceph_cinder_user: "cinder" ceph_glance_user: "glance" ceph_gnocchi_user: "gnocchi" ceph_manila_user: "manila" -ceph_nova_user: "nova" +ceph_nova_user: "{{ ceph_cinder_user }}" # External Ceph keyrings ceph_cinder_keyring: "ceph.client.cinder.keyring" diff --git a/doc/source/reference/storage/external-ceph-guide.rst b/doc/source/reference/storage/external-ceph-guide.rst index bb2b0adad5..d119716c02 100644 --- a/doc/source/reference/storage/external-ceph-guide.rst +++ b/doc/source/reference/storage/external-ceph-guide.rst @@ -145,20 +145,19 @@ Configuring Nova for Ceph includes following steps: * ``ceph_nova_keyring`` (by default it's the same as ``ceph_cinder_keyring``) - * ``ceph_nova_user`` (default: ``nova``) + * ``ceph_nova_user`` (by default it's the same as ``ceph_cinder_user``) * ``ceph_nova_pool_name`` (default: ``vms``) #. Copy Ceph configuration file to ``/etc/kolla/config/nova/ceph.conf`` #. Copy Ceph keyring file(s) to: - * ``/etc/kolla/config/nova/`` (if your Ceph deployment - created one) + * ``/etc/kolla/config/nova/`` - .. warning:: + .. note:: - If you are using ceph-ansible or another deployment tool that doesn't - create separate key for Nova just copy the Cinder key and configure - ``ceph_nova_user`` to the same value as ``ceph_cinder_user``. + If you are using a Ceph deployment tool that generates separate Ceph + keys for Cinder and Nova, you will need to override + ``ceph_nova_keyring`` and ``ceph_nova_user`` to match. Gnocchi ------- diff --git a/releasenotes/notes/nova-ceph-user-53670f9ccc546225.yaml b/releasenotes/notes/nova-ceph-user-53670f9ccc546225.yaml new file mode 100644 index 0000000000..9e41c438bf --- /dev/null +++ b/releasenotes/notes/nova-ceph-user-53670f9ccc546225.yaml @@ -0,0 +1,16 @@ +--- +fixes: + - | + Fixes an issue with default Nova configuration for Ceph where the RBD user + is set to ``nova``, but only a ``cinder`` keyring is copied. The default + value of ``ceph_nova_user`` is changed to the value of + ``ceph_cinder_user``, in line with the default for ``ceph_nova_keyring``. + `LP#1934145 `__ +upgrade: + - | + Modifies the default value of ``ceph_nova_user`` from ``nova`` to + the value of ``ceph_cinder_user``, in line with the default for + ``ceph_nova_keyring``. Users who have overridden ``ceph_nova_keyring`` to + use separate keyrings for Nova and Cinder should also override + ``ceph_nova_user`` to match the Nova keyring. `LP#1934145 + `__