External Ceph: copy also cinder keyring to nova services

Since [1] nova-compute uses rbd python library instead of libvirt to cleanup
volumes and get pool info - so it requires cinder keyring on filesystem.

In external ceph case it is often that nova key does not exist (is simply a copied
cinder key) and the rbd user is set to cinder - therefore the earlier mentioned
operations will fail due to a missing keyring on the filesystem.

[1]: https://review.opendev.org/#/c/668564/

Change-Id: Idef21dc5f7e9ff512bc8920630a3de61a1e69eee
Backport: train
Closes-Bug: #1859408
(cherry picked from commit 71d4c697cd)

ansible/roles/nova-cell/tasks/external_ceph.yml

@@ -27,7 +27,6 @@
     - cinder_backend_ceph | bool
     - external_ceph_cephx_enabled | bool
 
-# NOTE: nova-compute and nova-libvirt only need ceph.client.nova.keyring.
 - name: Copy over ceph nova keyring file
   copy:
     src: "{{ nova_cephx_keyring_file.stat.path }}"
@@ -44,6 +43,21 @@
   notify:
     - Restart {{ item }} container
 
+- name: Copy over ceph cinder keyring file
+  copy:
+    src: "{{ cinder_cephx_keyring_file.stat.path }}"
+    dest: "{{ node_config_directory }}/{{ item }}/"
+    mode: "0660"
+  become: true
+  with_items:  # NOTE: nova-libvirt does not need it
+    - nova-compute
+  when:
+    - inventory_hostname in groups[nova_cell_compute_group]
+    - nova_backend == "rbd"
+    - external_ceph_cephx_enabled | bool
+  notify:
+    - Restart {{ item }} container
+
 - name: Copy over ceph.conf
   template:
     src: "{{ node_custom_config }}/nova/ceph.conf"

releasenotes/notes/bug-1859408-external-ceph-cinder-keyring-7df624ac556c100b.yaml

@@ -0,0 +1,7 @@
+---
+fixes:
+  - |
+    External Ceph: copy also cinder keyring to nova-compute. Since Train
+    nova-compute needs also the cinder key in case rbd user is set to Cinder,
+    because volume/pool checks have been moved to use rbd python library.
+    Fixes `LP#1859408 <https://bugs.launchpad.net/kolla-ansible/+bug/1859408>`__