kolla/ansible/roles/nova/tasks/ceph.yml
Sam Yaple 8c1e7061f8 Remove the two different auth profiles
Ceph can function just fine generating the keys before the pools have
been created so we can apply the proper permissions to the auth string
ahead of time. This allows us to not require additional steps to add a
cache tier on the fly in the future.

Change-Id: I8214c567fb7c337f95d908c5699d1da922bfa1a6
Closes-Bug: #1518475
2015-11-20 23:24:53 +00:00

62 lines
2.2 KiB
YAML

---
- name: Ensuring config directory exists
file:
path: "{{ node_config_directory }}/{{ item }}"
state: "directory"
with_items:
- "nova-compute"
- "nova-libvirt/secrets"
when: inventory_hostname in groups['compute']
- name: Copying over config(s)
template:
src: roles/ceph/templates/ceph.conf.j2
dest: "{{ node_config_directory }}/{{ item }}/ceph.conf"
with_items:
- "nova-compute"
- "nova-libvirt"
when: inventory_hostname in groups['compute']
- include: ../../ceph_pools.yml
vars:
pool_name: "{{ nova_pool_name }}"
pool_type: "{{ nova_pool_type }}"
cache_mode: "{{ nova_cache_mode }}"
# TODO(SamYaple): Improve changed_when tests
- name: Pulling cephx keyring for nova
command: docker exec ceph_mon ceph auth get-or-create client.nova mon 'allow r' osd 'allow class-read object_prefix rbd_children, allow rwx pool={{ ceph_cinder_pool_name }}, allow rwx pool={{ ceph_cinder_pool_name }}-cache, allow rwx pool={{ ceph_nova_pool_name }}, allow rwx pool={{ ceph_nova_pool_name }}-cache, allow rx pool={{ ceph_glance_pool_name }}, allow rx pool={{ ceph_glance_pool_name }}-cache'
register: cephx_key
delegate_to: "{{ groups['ceph-mon'][0] }}"
changed_when: False
run_once: True
# TODO(SamYaple): Improve failed_when and changed_when tests
- name: Pulling cephx keyring for libvirt
command: docker exec ceph_mon ceph auth get-key client.nova
register: cephx_raw_key
delegate_to: "{{ groups['ceph-mon'][0] }}"
changed_when: False
run_once: True
- name: Pushing cephx keyring for nova
copy:
content: "{{ cephx_key.stdout }}\n\r"
dest: "{{ node_config_directory }}/nova-compute/ceph.client.nova.keyring"
mode: "0600"
when: inventory_hostname in groups['compute']
- name: Pushing secrets xml for libvirt
template:
src: roles/nova/templates/secret.xml.j2
dest: "{{ node_config_directory }}/nova-libvirt/secrets/{{ rbd_secret_uuid }}.xml"
mode: "0600"
when: inventory_hostname in groups['compute']
- name: Pushing secrets key for libvirt
copy:
content: "{{ cephx_raw_key.stdout }}"
dest: "{{ node_config_directory }}/nova-libvirt/secrets/{{ rbd_secret_uuid }}.base64"
mode: "0600"
when: inventory_hostname in groups['compute']