From 186d7f4e4cd1b931918bbb375f62b4fb9d48375e Mon Sep 17 00:00:00 2001
From: John Fulton <fulton@redhat.com>
Date: Mon, 27 Jun 2022 14:45:35 -0400
Subject: [PATCH] Limit standalone ceph-admin user creation to a single host

When 'openstack overcloud ceph user enable --standalone' is
run, call Ansible with '--limit undercloud'.

Bug #1979093 happened because Ansible was running the user
module on the same host as if it were two hosts. The module
is idempotent but not race safe. E.g. when user execution A
and user execution B are run on the same host, A's check that
the user does not exist might be true but before A goes on to
create the user, B could have created it first depending on
scheduling.

The python-tripleoclient uses Ansible --limit when creating
the ceph-admin user so only _admin nodes get the private key.
This works for multinode but standalone only has one node, so
for that condition redefine the limit list to that single node.

Change-Id: I2f62cdfcb88edb5552cbd7351b6240f78376c93d
Closes-Bug: #1979093
(cherry picked from commit 5ee23cf83def70b541858958659dc33a6bb5b0b6)
---
 tripleoclient/v2/overcloud_ceph.py | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/tripleoclient/v2/overcloud_ceph.py b/tripleoclient/v2/overcloud_ceph.py
index 2d9989fb6..ca164f15a 100644
--- a/tripleoclient/v2/overcloud_ceph.py
+++ b/tripleoclient/v2/overcloud_ceph.py
@@ -880,8 +880,16 @@ class OvercloudCephUserEnable(command.Command):
         }
         for limit_list in [ceph_hosts['_admin'], ceph_hosts['non_admin']]:
             if len(limit_list) > 0:
-                # need to include the undercloud where the keys are generated
-                limit_list.append('undercloud')
+                if parsed_args.standalone:
+                    # In standalone, Ansible groups allovercloud and undercloud
+                    # denote the same single host. So just use undercloud to
+                    # avoid LP 1979093.
+                    limit_list = ['undercloud']
+                else:
+                    # Need to include the undercloud, where the keys are
+                    # generated, in the subset of allovercloud hosts,
+                    # denoted by limit_list.
+                    limit_list.append('undercloud')
                 with oooutils.TempDirs() as tmp:
                     oooutils.run_ansible_playbook(
                         playbook='ceph-admin-user-playbook.yml',