Use more descriptive libvirt secret names corresponding to reality

This patch changes the name for libvirt secrets, as the user might not necessarily use the 'nova' and 'cinder' usernames, but completely different names. The names 'client.nova' and 'client.cinder' might suggest to the user that they are templatable, but they are not. In Kolla, there can only be one secret for the nova service and one for cinder, regardless of how many clusters are being used. Therefore, I use a name that does not resemble the Ceph keyring to prevent this from happening. A description has also been added. Change-Id: Id80e45357ea8054f2bacb8a7c687b335c74d5feb
2024-08-15 14:13:19 +02:00 · 2024-08-15 14:13:19 +02:00 · 6faae441bd
commit 6faae441bd
parent 1cec85d680
2 changed files with 5 additions and 2 deletions
--- a/ansible/roles/nova-cell/tasks/external_ceph.yml
+++ b/ansible/roles/nova-cell/tasks/external_ceph.yml
@ -160,10 +160,12 @@
      when: service | service_enabled_and_mapped_to_host
      with_items:
        - uuid: "{{ rbd_secret_uuid }}"
-          name: "client.nova secret"
+          name: "ceph-ephemeral-nova"
+          desc: "Ceph Client Secret for Ephemeral Storage (Nova)"
          enabled: "{{ nova_backend == 'rbd' }}"
        - uuid: "{{ cinder_rbd_secret_uuid }}"
-          name: "client.cinder secret"
+          name: "ceph-persistent-cinder"
+          desc: "Ceph Client Secret for Persistent Storage (Cinder)"
          enabled: "{{ cinder_backend_ceph }}"
      notify: "{{ libvirt_restart_handlers }}"

--- a/ansible/roles/nova-cell/templates/secret.xml.j2
+++ b/ansible/roles/nova-cell/templates/secret.xml.j2
@ -1,5 +1,6 @@
 <secret ephemeral='no' private='no'>
  <uuid>{{ item.uuid }}</uuid>
+  <description>{{ item.desc }}</description>
  <usage type='ceph'>
    <name>{{ item.name }}</name>
  </usage>