From a9fecc41a31749c97e89ba6b66c9c46714fa6da8 Mon Sep 17 00:00:00 2001 From: Michal Nasiadka Date: Mon, 13 Jan 2020 11:54:04 +0100 Subject: [PATCH] External Ceph: copy also cinder keyring to nova services Since [1] nova-compute uses rbd python library instead of libvirt to cleanup volumes and get pool info - so it requires cinder keyring on filesystem. In external ceph case it is often that nova key does not exist (is simply a copied cinder key) and the rbd user is set to cinder - therefore the earlier mentioned operations will fail due to a missing keyring on the filesystem. [1]: https://review.opendev.org/#/c/668564/ Change-Id: Idef21dc5f7e9ff512bc8920630a3de61a1e69eee Backport: train Closes-Bug: #1859408 (cherry picked from commit 71d4c697cdb982d7d8e6cbd95ad870eb08f6914e) --- ansible/roles/nova-cell/tasks/external_ceph.yml | 16 +++++++++++++++- ...nal-ceph-cinder-keyring-7df624ac556c100b.yaml | 7 +++++++ 2 files changed, 22 insertions(+), 1 deletion(-) create mode 100644 releasenotes/notes/bug-1859408-external-ceph-cinder-keyring-7df624ac556c100b.yaml diff --git a/ansible/roles/nova-cell/tasks/external_ceph.yml b/ansible/roles/nova-cell/tasks/external_ceph.yml index 895d47a25f..f4634801f0 100644 --- a/ansible/roles/nova-cell/tasks/external_ceph.yml +++ b/ansible/roles/nova-cell/tasks/external_ceph.yml @@ -27,7 +27,6 @@ - cinder_backend_ceph | bool - external_ceph_cephx_enabled | bool -# NOTE: nova-compute and nova-libvirt only need ceph.client.nova.keyring. - name: Copy over ceph nova keyring file copy: src: "{{ nova_cephx_keyring_file.stat.path }}" @@ -44,6 +43,21 @@ notify: - Restart {{ item }} container +- name: Copy over ceph cinder keyring file + copy: + src: "{{ cinder_cephx_keyring_file.stat.path }}" + dest: "{{ node_config_directory }}/{{ item }}/" + mode: "0660" + become: true + with_items: # NOTE: nova-libvirt does not need it + - nova-compute + when: + - inventory_hostname in groups[nova_cell_compute_group] + - nova_backend == "rbd" + - external_ceph_cephx_enabled | bool + notify: + - Restart {{ item }} container + - name: Copy over ceph.conf template: src: "{{ node_custom_config }}/nova/ceph.conf" diff --git a/releasenotes/notes/bug-1859408-external-ceph-cinder-keyring-7df624ac556c100b.yaml b/releasenotes/notes/bug-1859408-external-ceph-cinder-keyring-7df624ac556c100b.yaml new file mode 100644 index 0000000000..caad72ec84 --- /dev/null +++ b/releasenotes/notes/bug-1859408-external-ceph-cinder-keyring-7df624ac556c100b.yaml @@ -0,0 +1,7 @@ +--- +fixes: + - | + External Ceph: copy also cinder keyring to nova-compute. Since Train + nova-compute needs also the cinder key in case rbd user is set to Cinder, + because volume/pool checks have been moved to use rbd python library. + Fixes `LP#1859408 `__