From 6faae441bd23d7e0acdeb213e6a73032f84c6ab6 Mon Sep 17 00:00:00 2001 From: Michal Arbet Date: Thu, 15 Aug 2024 14:13:19 +0200 Subject: [PATCH] Use more descriptive libvirt secret names corresponding to reality This patch changes the name for libvirt secrets, as the user might not necessarily use the 'nova' and 'cinder' usernames, but completely different names. The names 'client.nova' and 'client.cinder' might suggest to the user that they are templatable, but they are not. In Kolla, there can only be one secret for the nova service and one for cinder, regardless of how many clusters are being used. Therefore, I use a name that does not resemble the Ceph keyring to prevent this from happening. A description has also been added. Change-Id: Id80e45357ea8054f2bacb8a7c687b335c74d5feb --- ansible/roles/nova-cell/tasks/external_ceph.yml | 6 ++++-- ansible/roles/nova-cell/templates/secret.xml.j2 | 1 + 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/ansible/roles/nova-cell/tasks/external_ceph.yml b/ansible/roles/nova-cell/tasks/external_ceph.yml index 332e700206..f0a9aa1a7f 100644 --- a/ansible/roles/nova-cell/tasks/external_ceph.yml +++ b/ansible/roles/nova-cell/tasks/external_ceph.yml @@ -160,10 +160,12 @@ when: service | service_enabled_and_mapped_to_host with_items: - uuid: "{{ rbd_secret_uuid }}" - name: "client.nova secret" + name: "ceph-ephemeral-nova" + desc: "Ceph Client Secret for Ephemeral Storage (Nova)" enabled: "{{ nova_backend == 'rbd' }}" - uuid: "{{ cinder_rbd_secret_uuid }}" - name: "client.cinder secret" + name: "ceph-persistent-cinder" + desc: "Ceph Client Secret for Persistent Storage (Cinder)" enabled: "{{ cinder_backend_ceph }}" notify: "{{ libvirt_restart_handlers }}" diff --git a/ansible/roles/nova-cell/templates/secret.xml.j2 b/ansible/roles/nova-cell/templates/secret.xml.j2 index 9f63543a24..e6d4a9594d 100644 --- a/ansible/roles/nova-cell/templates/secret.xml.j2 +++ b/ansible/roles/nova-cell/templates/secret.xml.j2 @@ -1,5 +1,6 @@ {{ item.uuid }} + {{ item.desc }} {{ item.name }}