Allow to distribute custom key with the role

Right now we have quite strong assumption that `nova_ceph_client` should be present among clients to fetch. At the same time, in case the role is included outside of the OSA context, ceph_client_filtered_clients might not contain all users we expect to see. With that we alter the logic to fetch nova key not only when role is launched against compute host, but also when the client is present in the list. Change-Id: I7810881a01b9d2f3d98a6c3ad590b9ea63358011
2023-10-02 15:10:25 +02:00 · 2023-10-02 15:10:25 +02:00 · eb27ca0874
parent d086041842
commit eb27ca0874
3 changed files with 3 additions and 0 deletions
--- a/tasks/ceph_auth.yml
+++ b/tasks/ceph_auth.yml
@ -79,6 +79,7 @@
  command: virsh secret-get-value {{ nova_ceph_client_uuid }}
  when:
    - inventory_hostname in groups.nova_compute
+    - ceph_nova_secret is defined
  changed_when: false
  failed_when: false
  register: libvirt_nova_set
--- a/tasks/ceph_get_keyrings_from_files.yml
+++ b/tasks/ceph_get_keyrings_from_files.yml
@ -57,6 +57,7 @@
      stdout: "{{ (ceph_client_keys[nova_ceph_client] | regex_search('.*^\\s*key\\s*=\\s*(.*)$.*', '\\1', multiline=True))[0] }}"
  when:
    - inventory_hostname in groups.nova_compute
+    - nova_ceph_client in ceph_client_filtered_clients | map(attribute='name') | list
  delegate_to: localhost
  tags:
    - always
--- a/tasks/ceph_get_keyrings_from_mons.yml
+++ b/tasks/ceph_get_keyrings_from_mons.yml
@ -61,6 +61,7 @@
  command: ceph auth get-key client.{{ nova_ceph_client }} --cluster {{ ceph_cluster_name }}
  when:
    - inventory_hostname in groups.nova_compute
+    - nova_ceph_client in ceph_client_filtered_clients | map(attribute='name') | list
  changed_when: false
  delegate_to: '{{ ceph_mon_host }}'
  register: ceph_nova_secret