nova: Use cinder user for Ceph

In Ussuri, nova stopped using separate Ceph keys for the volumes and vms
pools by default. Instead, we set ceph_nova_keyring to the value of
ceph_cinder_keyring by default, which is ceph.client.cinder.keyring.
This is in line with the Ceph OpenStack integration guide [1]. However,
the user used by nova to access the vms pool (ceph_nova_user) defaults
to nova, meaning that nova will still try to use a
ceph.client.nova.keyring, which probably does not exist. We did not see
this issue in CI, because we set ceph_nova_user to cinder.

This change fixes the issue by setting ceph_nova_user to the value of
ceph_cinder_user by default, which is cinder.

Closes-Bug: #1934145
Related-Bug: #1928690

[1] https://docs.ceph.com/en/latest/rbd/rbd-openstack/

Change-Id: I6aa8db2214e07906f1f3e035411fc80ba911a274

ansible/group_vars/all.yml

@@ -1011,7 +1011,7 @@ ceph_cinder_user: "cinder"
 ceph_glance_user: "glance"
 ceph_gnocchi_user: "gnocchi"
 ceph_manila_user: "manila"
-ceph_nova_user: "nova"
+ceph_nova_user: "{{ ceph_cinder_user }}"
 
 # External Ceph keyrings
 ceph_cinder_keyring: "ceph.client.cinder.keyring"

doc/source/reference/storage/external-ceph-guide.rst

@@ -145,20 +145,19 @@ Configuring Nova for Ceph includes following steps:
 
    * ``ceph_nova_keyring`` (by default it's the same as
      ``ceph_cinder_keyring``)
-   * ``ceph_nova_user`` (default: ``nova``)
+   * ``ceph_nova_user`` (by default it's the same as ``ceph_cinder_user``)
    * ``ceph_nova_pool_name`` (default: ``vms``)
 
 #. Copy Ceph configuration file to ``/etc/kolla/config/nova/ceph.conf``
 #. Copy Ceph keyring file(s) to:
 
-   * ``/etc/kolla/config/nova/<ceph_nova_keyring>`` (if your Ceph deployment
+   * ``/etc/kolla/config/nova/<ceph_nova_keyring>``
-     created one)
 
-   .. warning::
+   .. note::
 
-      If you are using ceph-ansible or another deployment tool that doesn't
+      If you are using a Ceph deployment tool that generates separate Ceph
-      create separate key for Nova just copy the Cinder key and configure
+      keys for Cinder and Nova, you will need to override
-      ``ceph_nova_user`` to the same value as ``ceph_cinder_user``.
+      ``ceph_nova_keyring`` and ``ceph_nova_user`` to match.
 
 Gnocchi
 -------

releasenotes/notes/nova-ceph-user-53670f9ccc546225.yaml

@@ -0,0 +1,16 @@
+---
+fixes:
+  - |
+    Fixes an issue with default Nova configuration for Ceph where the RBD user
+    is set to ``nova``, but only a ``cinder`` keyring is copied. The default
+    value of ``ceph_nova_user`` is changed to the value of
+    ``ceph_cinder_user``, in line with the default for ``ceph_nova_keyring``.
+    `LP#1934145 <https://bugs.launchpad.net/kolla-ansible/+bug/1934145>`__
+upgrade:
+  - |
+    Modifies the default value of ``ceph_nova_user`` from ``nova`` to
+    the value of ``ceph_cinder_user``, in line with the default for
+    ``ceph_nova_keyring``.  Users who have overridden ``ceph_nova_keyring`` to
+    use separate keyrings for Nova and Cinder should also override
+    ``ceph_nova_user`` to match the Nova keyring. `LP#1934145
+    <https://bugs.launchpad.net/kolla-ansible/+bug/1934145>`__