Fix non-root reconfiguration with ceph enabled
Various ceph-related tasks were missing a 'become' that would allow them to work as a non-root user. This seems to only cause a problem after an initial deployment, perhaps due to the recursive ownership & permissions changes at the end of the ceph.yml and external_ceph.yml files. This change adds the necessary becomes. Change-Id: I887c7b3bdef49db1dd1bf9e5bdbf5dc47b7f41af Closes-Bug: #1795125
This commit is contained in:
Mark Goddard
parent
12e644f4f4
commit
b50917fe2c
@ -4,6 +4,7 @@
|
|||||||
path: "{{ node_config_directory }}/glance-api"
|
path: "{{ node_config_directory }}/glance-api"
|
||||||
state: "directory"
|
state: "directory"
|
||||||
mode: "0770"
|
mode: "0770"
|
||||||
|
become: true
|
||||||
when: inventory_hostname in groups['glance-api']
|
when: inventory_hostname in groups['glance-api']
|
||||||
|
|
||||||
- name: Copying over ceph.conf(s)
|
- name: Copying over ceph.conf(s)
|
||||||
@ -14,6 +15,7 @@
|
|||||||
- "{{ node_custom_config }}/ceph/{{ inventory_hostname }}/ceph.conf"
|
- "{{ node_custom_config }}/ceph/{{ inventory_hostname }}/ceph.conf"
|
||||||
dest: "{{ node_config_directory }}/glance-api/ceph.conf"
|
dest: "{{ node_config_directory }}/glance-api/ceph.conf"
|
||||||
mode: "0660"
|
mode: "0660"
|
||||||
|
become: true
|
||||||
when: inventory_hostname in groups['glance-api']
|
when: inventory_hostname in groups['glance-api']
|
||||||
|
|
||||||
- include_tasks: ../../ceph_pools.yml
|
- include_tasks: ../../ceph_pools.yml
|
||||||
@ -40,6 +42,7 @@
|
|||||||
key = {{ cephx_key.keyring.key }}
|
key = {{ cephx_key.keyring.key }}
|
||||||
dest: "{{ node_config_directory }}/glance-api/ceph.client.glance.keyring"
|
dest: "{{ node_config_directory }}/glance-api/ceph.client.glance.keyring"
|
||||||
mode: "0600"
|
mode: "0600"
|
||||||
|
become: true
|
||||||
when: inventory_hostname in groups['glance-api']
|
when: inventory_hostname in groups['glance-api']
|
||||||
|
|
||||||
- name: Ensuring config directory has correct owner and permission
|
- name: Ensuring config directory has correct owner and permission
|
||||||
|
|||||||
@ -4,6 +4,7 @@
|
|||||||
path: "{{ node_config_directory }}/glance-api"
|
path: "{{ node_config_directory }}/glance-api"
|
||||||
state: "directory"
|
state: "directory"
|
||||||
mode: "0770"
|
mode: "0770"
|
||||||
|
become: true
|
||||||
when: inventory_hostname in groups['glance-api']
|
when: inventory_hostname in groups['glance-api']
|
||||||
|
|
||||||
- name: Copy over ceph files
|
- name: Copy over ceph files
|
||||||
@ -11,6 +12,7 @@
|
|||||||
src: "{{ item }}"
|
src: "{{ item }}"
|
||||||
dest: "{{ node_config_directory }}/glance-api/"
|
dest: "{{ node_config_directory }}/glance-api/"
|
||||||
mode: "0660"
|
mode: "0660"
|
||||||
|
become: true
|
||||||
when: inventory_hostname in groups['glance-api']
|
when: inventory_hostname in groups['glance-api']
|
||||||
with_fileglob:
|
with_fileglob:
|
||||||
- "{{ node_custom_config }}/glance/ceph*"
|
- "{{ node_custom_config }}/glance/ceph*"
|
||||||
@ -18,12 +20,12 @@
|
|||||||
- Restart glance-api container
|
- Restart glance-api container
|
||||||
|
|
||||||
- name: Ensuring config directory has correct owner and permission
|
- name: Ensuring config directory has correct owner and permission
|
||||||
become: true
|
|
||||||
file:
|
file:
|
||||||
path: "{{ node_config_directory }}/{{ item }}"
|
path: "{{ node_config_directory }}/{{ item }}"
|
||||||
recurse: yes
|
recurse: yes
|
||||||
owner: "{{ config_owner_user }}"
|
owner: "{{ config_owner_user }}"
|
||||||
group: "{{ config_owner_group }}"
|
group: "{{ config_owner_group }}"
|
||||||
|
become: true
|
||||||
when: inventory_hostname in groups['glance-api']
|
when: inventory_hostname in groups['glance-api']
|
||||||
with_items:
|
with_items:
|
||||||
- "glance-api"
|
- "glance-api"
|
||||||
|
|||||||
@ -3,6 +3,7 @@
|
|||||||
file:
|
file:
|
||||||
path: "{{ node_config_directory }}/{{ item }}"
|
path: "{{ node_config_directory }}/{{ item }}"
|
||||||
state: "directory"
|
state: "directory"
|
||||||
|
become: true
|
||||||
when: inventory_hostname in groups[item]
|
when: inventory_hostname in groups[item]
|
||||||
with_items:
|
with_items:
|
||||||
- "gnocchi-api"
|
- "gnocchi-api"
|
||||||
@ -16,6 +17,7 @@
|
|||||||
- "{{ node_custom_config }}/ceph.conf"
|
- "{{ node_custom_config }}/ceph.conf"
|
||||||
- "{{ node_custom_config }}/ceph/{{ inventory_hostname }}/ceph.conf"
|
- "{{ node_custom_config }}/ceph/{{ inventory_hostname }}/ceph.conf"
|
||||||
dest: "{{ node_config_directory }}/{{ item }}/ceph.conf"
|
dest: "{{ node_config_directory }}/{{ item }}/ceph.conf"
|
||||||
|
become: true
|
||||||
when: inventory_hostname in groups[item]
|
when: inventory_hostname in groups[item]
|
||||||
with_items:
|
with_items:
|
||||||
- "gnocchi-api"
|
- "gnocchi-api"
|
||||||
@ -46,6 +48,7 @@
|
|||||||
key = {{ cephx_key.keyring.key }}
|
key = {{ cephx_key.keyring.key }}
|
||||||
dest: "{{ node_config_directory }}/{{ item }}/ceph.client.gnocchi.keyring"
|
dest: "{{ node_config_directory }}/{{ item }}/ceph.client.gnocchi.keyring"
|
||||||
mode: "0600"
|
mode: "0600"
|
||||||
|
become: true
|
||||||
when: inventory_hostname in groups[item]
|
when: inventory_hostname in groups[item]
|
||||||
with_items:
|
with_items:
|
||||||
- "gnocchi-api"
|
- "gnocchi-api"
|
||||||
|
|||||||
@ -3,6 +3,7 @@
|
|||||||
file:
|
file:
|
||||||
path: "{{ node_config_directory }}/{{ item }}"
|
path: "{{ node_config_directory }}/{{ item }}"
|
||||||
state: "directory"
|
state: "directory"
|
||||||
|
become: true
|
||||||
when: inventory_hostname in groups[item]
|
when: inventory_hostname in groups[item]
|
||||||
with_items:
|
with_items:
|
||||||
- "gnocchi-api"
|
- "gnocchi-api"
|
||||||
@ -13,6 +14,7 @@
|
|||||||
template:
|
template:
|
||||||
src: "{{ node_custom_config }}/gnocchi/ceph.conf"
|
src: "{{ node_custom_config }}/gnocchi/ceph.conf"
|
||||||
dest: "{{ node_config_directory }}/{{ item }}/ceph.conf"
|
dest: "{{ node_config_directory }}/{{ item }}/ceph.conf"
|
||||||
|
become: true
|
||||||
when: inventory_hostname in groups[item]
|
when: inventory_hostname in groups[item]
|
||||||
with_items:
|
with_items:
|
||||||
- "gnocchi-api"
|
- "gnocchi-api"
|
||||||
@ -27,6 +29,7 @@
|
|||||||
copy:
|
copy:
|
||||||
src: "{{ node_custom_config }}/gnocchi/ceph.client.gnocchi.keyring"
|
src: "{{ node_custom_config }}/gnocchi/ceph.client.gnocchi.keyring"
|
||||||
dest: "{{ node_config_directory }}/{{ item }}/ceph.client.gnocchi.keyring"
|
dest: "{{ node_config_directory }}/{{ item }}/ceph.client.gnocchi.keyring"
|
||||||
|
become: true
|
||||||
when: inventory_hostname in groups[item]
|
when: inventory_hostname in groups[item]
|
||||||
with_items:
|
with_items:
|
||||||
- "gnocchi-api"
|
- "gnocchi-api"
|
||||||
|
|||||||
@ -3,6 +3,7 @@
|
|||||||
file:
|
file:
|
||||||
path: "{{ node_config_directory }}/manila-share"
|
path: "{{ node_config_directory }}/manila-share"
|
||||||
state: "directory"
|
state: "directory"
|
||||||
|
become: true
|
||||||
|
|
||||||
- name: Copying over ceph.conf for manila
|
- name: Copying over ceph.conf for manila
|
||||||
merge_configs:
|
merge_configs:
|
||||||
|
|||||||
@ -3,6 +3,7 @@
|
|||||||
file:
|
file:
|
||||||
path: "{{ node_config_directory }}/manila-share"
|
path: "{{ node_config_directory }}/manila-share"
|
||||||
state: "directory"
|
state: "directory"
|
||||||
|
become: true
|
||||||
when:
|
when:
|
||||||
- inventory_hostname in groups['manila-share']
|
- inventory_hostname in groups['manila-share']
|
||||||
|
|
||||||
|
|||||||
@ -4,6 +4,7 @@
|
|||||||
path: "{{ node_config_directory }}/{{ item }}"
|
path: "{{ node_config_directory }}/{{ item }}"
|
||||||
state: "directory"
|
state: "directory"
|
||||||
mode: "0770"
|
mode: "0770"
|
||||||
|
become: true
|
||||||
with_items:
|
with_items:
|
||||||
- "nova-compute"
|
- "nova-compute"
|
||||||
- "nova-libvirt/secrets"
|
- "nova-libvirt/secrets"
|
||||||
@ -19,6 +20,7 @@
|
|||||||
- "{{ node_custom_config }}/ceph/{{ inventory_hostname }}/ceph.conf"
|
- "{{ node_custom_config }}/ceph/{{ inventory_hostname }}/ceph.conf"
|
||||||
dest: "{{ node_config_directory }}/{{ item }}/ceph.conf"
|
dest: "{{ node_config_directory }}/{{ item }}/ceph.conf"
|
||||||
mode: "0660"
|
mode: "0660"
|
||||||
|
become: true
|
||||||
with_items:
|
with_items:
|
||||||
- "nova-compute"
|
- "nova-compute"
|
||||||
- "nova-libvirt"
|
- "nova-libvirt"
|
||||||
@ -58,6 +60,7 @@
|
|||||||
key = {{ nova_cephx_key.keyring.key }}
|
key = {{ nova_cephx_key.keyring.key }}
|
||||||
dest: "{{ node_config_directory }}/nova-compute/ceph.client.nova.keyring"
|
dest: "{{ node_config_directory }}/nova-compute/ceph.client.nova.keyring"
|
||||||
mode: "0600"
|
mode: "0600"
|
||||||
|
become: true
|
||||||
when: inventory_hostname in groups['compute']
|
when: inventory_hostname in groups['compute']
|
||||||
|
|
||||||
- name: Pushing secrets xml for libvirt
|
- name: Pushing secrets xml for libvirt
|
||||||
@ -65,6 +68,7 @@
|
|||||||
src: "secret.xml.j2"
|
src: "secret.xml.j2"
|
||||||
dest: "{{ node_config_directory }}/nova-libvirt/secrets/{{ item.uuid }}.xml"
|
dest: "{{ node_config_directory }}/nova-libvirt/secrets/{{ item.uuid }}.xml"
|
||||||
mode: "0600"
|
mode: "0600"
|
||||||
|
become: true
|
||||||
when:
|
when:
|
||||||
- inventory_hostname in groups['compute']
|
- inventory_hostname in groups['compute']
|
||||||
- item.enabled | bool
|
- item.enabled | bool
|
||||||
@ -81,6 +85,7 @@
|
|||||||
content: "{{ item.content }}"
|
content: "{{ item.content }}"
|
||||||
dest: "{{ node_config_directory }}/nova-libvirt/secrets/{{ item.uuid }}.base64"
|
dest: "{{ node_config_directory }}/nova-libvirt/secrets/{{ item.uuid }}.base64"
|
||||||
mode: "0600"
|
mode: "0600"
|
||||||
|
become: true
|
||||||
when:
|
when:
|
||||||
- inventory_hostname in groups['compute']
|
- inventory_hostname in groups['compute']
|
||||||
- item.enabled | bool
|
- item.enabled | bool
|
||||||
|
|||||||
@ -4,6 +4,7 @@
|
|||||||
path: "{{ node_config_directory }}/{{ item }}"
|
path: "{{ node_config_directory }}/{{ item }}"
|
||||||
state: "directory"
|
state: "directory"
|
||||||
mode: "0770"
|
mode: "0770"
|
||||||
|
become: true
|
||||||
with_items:
|
with_items:
|
||||||
- "nova-compute"
|
- "nova-compute"
|
||||||
- "nova-libvirt/secrets"
|
- "nova-libvirt/secrets"
|
||||||
@ -33,6 +34,7 @@
|
|||||||
src: "{{ nova_cephx_keyring_file.stat.path }}"
|
src: "{{ nova_cephx_keyring_file.stat.path }}"
|
||||||
dest: "{{ node_config_directory }}/{{ item }}/"
|
dest: "{{ node_config_directory }}/{{ item }}/"
|
||||||
mode: "0660"
|
mode: "0660"
|
||||||
|
become: true
|
||||||
with_items:
|
with_items:
|
||||||
- nova-compute
|
- nova-compute
|
||||||
- nova-libvirt
|
- nova-libvirt
|
||||||
@ -49,6 +51,7 @@
|
|||||||
src: "{{ node_custom_config }}/nova/ceph.conf"
|
src: "{{ node_custom_config }}/nova/ceph.conf"
|
||||||
dest: "{{ node_config_directory }}/{{ item }}/"
|
dest: "{{ node_config_directory }}/{{ item }}/"
|
||||||
mode: "0660"
|
mode: "0660"
|
||||||
|
become: true
|
||||||
with_items:
|
with_items:
|
||||||
- nova-compute
|
- nova-compute
|
||||||
- nova-libvirt
|
- nova-libvirt
|
||||||
@ -64,6 +67,7 @@
|
|||||||
src: "secret.xml.j2"
|
src: "secret.xml.j2"
|
||||||
dest: "{{ node_config_directory }}/nova-libvirt/secrets/{{ item.uuid }}.xml"
|
dest: "{{ node_config_directory }}/nova-libvirt/secrets/{{ item.uuid }}.xml"
|
||||||
mode: "0600"
|
mode: "0600"
|
||||||
|
become: true
|
||||||
when:
|
when:
|
||||||
- inventory_hostname in groups['compute']
|
- inventory_hostname in groups['compute']
|
||||||
- item.enabled | bool
|
- item.enabled | bool
|
||||||
@ -98,6 +102,7 @@
|
|||||||
content: "{{ item.result.stdout }}"
|
content: "{{ item.result.stdout }}"
|
||||||
dest: "{{ node_config_directory }}/nova-libvirt/secrets/{{ item.uuid }}.base64"
|
dest: "{{ node_config_directory }}/nova-libvirt/secrets/{{ item.uuid }}.base64"
|
||||||
mode: "0600"
|
mode: "0600"
|
||||||
|
become: true
|
||||||
when:
|
when:
|
||||||
- inventory_hostname in groups['compute']
|
- inventory_hostname in groups['compute']
|
||||||
- item.enabled | bool
|
- item.enabled | bool
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user