Limit standalone ceph-admin user creation to a single host
When 'openstack overcloud ceph user enable --standalone' is
run, call Ansible with '--limit undercloud'.
Bug #1979093 happened because Ansible was running the user
module on the same host as if it were two hosts. The module
is idempotent but not race safe. E.g. when user execution A
and user execution B are run on the same host, A's check that
the user does not exist might be true but before A goes on to
create the user, B could have created it first depending on
scheduling.
The python-tripleoclient uses Ansible --limit when creating
the ceph-admin user so only _admin nodes get the private key.
This works for multinode but standalone only has one node, so
for that condition redefine the limit list to that single node.
Change-Id: I2f62cdfcb88edb5552cbd7351b6240f78376c93d
Closes-Bug: #1979093
(cherry picked from commit 5ee23cf83d
)
This commit is contained in:
parent
46919b64db
commit
186d7f4e4c
@ -880,8 +880,16 @@ class OvercloudCephUserEnable(command.Command):
|
||||
}
|
||||
for limit_list in [ceph_hosts['_admin'], ceph_hosts['non_admin']]:
|
||||
if len(limit_list) > 0:
|
||||
# need to include the undercloud where the keys are generated
|
||||
limit_list.append('undercloud')
|
||||
if parsed_args.standalone:
|
||||
# In standalone, Ansible groups allovercloud and undercloud
|
||||
# denote the same single host. So just use undercloud to
|
||||
# avoid LP 1979093.
|
||||
limit_list = ['undercloud']
|
||||
else:
|
||||
# Need to include the undercloud, where the keys are
|
||||
# generated, in the subset of allovercloud hosts,
|
||||
# denoted by limit_list.
|
||||
limit_list.append('undercloud')
|
||||
with oooutils.TempDirs() as tmp:
|
||||
oooutils.run_ansible_playbook(
|
||||
playbook='ceph-admin-user-playbook.yml',
|
||||
|
Loading…
Reference in New Issue
Block a user