Fix booting from volume failure
Booting from volume require cinder's ceph client secret now. Move cinder before nova in site.yml, because nova depends on cinder ceph client key now. Change-Id: I01c9ed80843d98305b8963894c4917c21a35d3ac Closes-Bug: #1670676
This commit is contained in:
parent
19e80d08fe
commit
d06efcecc5
@ -112,7 +112,7 @@ rbd_max_clone_depth = 5
|
|||||||
rbd_store_chunk_size = 4
|
rbd_store_chunk_size = 4
|
||||||
rados_connect_timeout = -1
|
rados_connect_timeout = -1
|
||||||
rbd_user = cinder
|
rbd_user = cinder
|
||||||
rbd_secret_uuid = {{ rbd_secret_uuid }}
|
rbd_secret_uuid = {{ cinder_rbd_secret_uuid }}
|
||||||
report_discard_supported = True
|
report_discard_supported = True
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
|
@ -37,9 +37,16 @@
|
|||||||
run_once: True
|
run_once: True
|
||||||
|
|
||||||
# TODO(SamYaple): Improve failed_when and changed_when tests
|
# TODO(SamYaple): Improve failed_when and changed_when tests
|
||||||
- name: Pulling cephx keyring for libvirt
|
- name: Pulling nova cephx keyring for libvirt
|
||||||
command: docker exec ceph_mon ceph auth get-key client.nova
|
command: docker exec ceph_mon ceph auth get-key client.nova
|
||||||
register: cephx_raw_key
|
register: nova_cephx_raw_key
|
||||||
|
delegate_to: "{{ groups['ceph-mon'][0] }}"
|
||||||
|
changed_when: False
|
||||||
|
run_once: True
|
||||||
|
|
||||||
|
- name: Pulling cinder cephx keyring for libvirt
|
||||||
|
command: docker exec ceph_mon ceph auth get-key client.cinder
|
||||||
|
register: cinder_cephx_raw_key
|
||||||
delegate_to: "{{ groups['ceph-mon'][0] }}"
|
delegate_to: "{{ groups['ceph-mon'][0] }}"
|
||||||
changed_when: False
|
changed_when: False
|
||||||
run_once: True
|
run_once: True
|
||||||
@ -54,13 +61,31 @@
|
|||||||
- name: Pushing secrets xml for libvirt
|
- name: Pushing secrets xml for libvirt
|
||||||
template:
|
template:
|
||||||
src: "secret.xml.j2"
|
src: "secret.xml.j2"
|
||||||
dest: "{{ node_config_directory }}/nova-libvirt/secrets/{{ rbd_secret_uuid }}.xml"
|
dest: "{{ node_config_directory }}/nova-libvirt/secrets/{{ item.uuid }}.xml"
|
||||||
mode: "0600"
|
mode: "0600"
|
||||||
when: inventory_hostname in groups['compute']
|
when:
|
||||||
|
- inventory_hostname in groups['compute']
|
||||||
|
- item.enabled | bool
|
||||||
|
with_items:
|
||||||
|
- uuid: "{{ rbd_secret_uuid }}"
|
||||||
|
name: client.nova secret
|
||||||
|
enabled: true
|
||||||
|
- uuid: "{{ cinder_rbd_secret_uuid }}"
|
||||||
|
name: client.cinder secret
|
||||||
|
enabled: "{{ cinder_backend_ceph }}"
|
||||||
|
|
||||||
- name: Pushing secrets key for libvirt
|
- name: Pushing secrets key for libvirt
|
||||||
copy:
|
copy:
|
||||||
content: "{{ cephx_raw_key.stdout }}"
|
content: "{{ item.content }}"
|
||||||
dest: "{{ node_config_directory }}/nova-libvirt/secrets/{{ rbd_secret_uuid }}.base64"
|
dest: "{{ node_config_directory }}/nova-libvirt/secrets/{{ item.uuid }}.base64"
|
||||||
mode: "0600"
|
mode: "0600"
|
||||||
when: inventory_hostname in groups['compute']
|
when:
|
||||||
|
- inventory_hostname in groups['compute']
|
||||||
|
- item.enabled | bool
|
||||||
|
with_items:
|
||||||
|
- uuid: "{{ rbd_secret_uuid }}"
|
||||||
|
content: "{{ nova_cephx_raw_key.stdout }}"
|
||||||
|
enabled: true
|
||||||
|
- uuid: "{{ cinder_rbd_secret_uuid }}"
|
||||||
|
content: "{{ cinder_cephx_raw_key.stdout }}"
|
||||||
|
enabled: "{{ cinder_backend_ceph }}"
|
||||||
|
@ -8,13 +8,21 @@
|
|||||||
- "nova-libvirt/secrets"
|
- "nova-libvirt/secrets"
|
||||||
when: inventory_hostname in groups['compute']
|
when: inventory_hostname in groups['compute']
|
||||||
|
|
||||||
- name: Find keyring files
|
- name: Check nova keyring file
|
||||||
local_action: find paths="{{ node_custom_config }}/nova/" patterns="^ceph\.client\..*?\.keyring$" use_regex=True
|
local_action: stat path="{{ node_custom_config }}/nova/ceph.client.nova.keyring"
|
||||||
register: cephx_keyring_files
|
register: nova_cephx_keyring_file
|
||||||
|
failed_when: not nova_cephx_keyring_file.stat.exists
|
||||||
|
|
||||||
- name: Copy over ceph keyring file
|
- name: Check cinder keyring file
|
||||||
|
local_action: state path="{{ node_custom_config }}/nova/ceph.client.cinder.keyring"
|
||||||
|
register: cinder_cephx_keyring_file
|
||||||
|
failed_when: not cinder_cephx_keyring_file.stat.exists
|
||||||
|
when: cinder_backend_ceph | bool
|
||||||
|
|
||||||
|
# NOTE: nova-compute and nova-libvirt only need ceph.client.nova.keyring.
|
||||||
|
- name: Copy over ceph nova keyring file
|
||||||
copy:
|
copy:
|
||||||
src: "{{ cephx_keyring_files.files[0].path }}"
|
src: "{{ nova_cephx_keyring_file.stat.path }}"
|
||||||
dest: "{{ node_config_directory }}/{{ item }}/"
|
dest: "{{ node_config_directory }}/{{ item }}/"
|
||||||
with_items:
|
with_items:
|
||||||
- nova-compute
|
- nova-compute
|
||||||
@ -30,20 +38,43 @@
|
|||||||
- nova-libvirt
|
- nova-libvirt
|
||||||
when: inventory_hostname in groups['compute']
|
when: inventory_hostname in groups['compute']
|
||||||
|
|
||||||
- name: Pushing secrets xml for libvirt
|
- name: Pushing nova secret xml for libvirt
|
||||||
template:
|
template:
|
||||||
src: "secret.xml.j2"
|
src: "secret.xml.j2"
|
||||||
dest: "{{ node_config_directory }}/nova-libvirt/secrets/{{ rbd_secret_uuid }}.xml"
|
dest: "{{ node_config_directory }}/nova-libvirt/secrets/{{ item.uuid }}.xml"
|
||||||
mode: "0600"
|
mode: "0600"
|
||||||
when: inventory_hostname in groups['compute']
|
when:
|
||||||
|
- inventory_hostname in groups['compute']
|
||||||
|
- item.enabled | bool
|
||||||
|
with_items:
|
||||||
|
- uuid: "{{ rbd_secret_uuid }}"
|
||||||
|
name: "client.nova secret"
|
||||||
|
enabled: true
|
||||||
|
- uuid: "{{ cinder_rbd_secret_uuid }}"
|
||||||
|
name: "client.cinder secret"
|
||||||
|
enabled: "{{ cinder_backend_ceph }}"
|
||||||
|
|
||||||
- name: Extract key from file
|
- name: Extract nova key from file
|
||||||
local_action: shell cat {{ cephx_keyring_files.files[0].path }} | grep -E 'key\s*=' | awk '{ print $3 }'
|
local_action: shell cat "{{ nova_cephx_keyring_file.stat.path }}" | grep -E 'key\s*=' | awk '{ print $3 }'
|
||||||
register: cephx_raw_key
|
register: nova_cephx_raw_key
|
||||||
|
|
||||||
|
- name: Extract cinder key from file
|
||||||
|
local_action: shell cat "{{ cinder_cephx_keyring_file.stat.path }}" | grep -E 'key\s*=' | awk '{ print $3 }'
|
||||||
|
register: cinder_cephx_raw_key
|
||||||
|
when: cinder_backend_ceph | bool
|
||||||
|
|
||||||
- name: Pushing secrets key for libvirt
|
- name: Pushing secrets key for libvirt
|
||||||
copy:
|
copy:
|
||||||
content: "{{ cephx_raw_key.stdout }}"
|
content: "{{ item.content }}"
|
||||||
dest: "{{ node_config_directory }}/nova-libvirt/secrets/{{ rbd_secret_uuid }}.base64"
|
dest: "{{ node_config_directory }}/nova-libvirt/secrets/{{ item.uuid }}.base64"
|
||||||
mode: "0600"
|
mode: "0600"
|
||||||
when: inventory_hostname in groups['compute']
|
when:
|
||||||
|
- inventory_hostname in groups['compute']
|
||||||
|
- item.enabled | bool
|
||||||
|
with_items:
|
||||||
|
- uuid: "{{ rbd_secret_uuid }}"
|
||||||
|
content: nova_cephx_raw_key
|
||||||
|
enabled: true
|
||||||
|
- uuid: "{{ cinder_rbd_secret_uuid }}"
|
||||||
|
content: cinder_cephx_raw_key
|
||||||
|
enabled: "{{ cinder_backend_ceph }}"
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
<secret ephemeral='no' private='no'>
|
<secret ephemeral='no' private='no'>
|
||||||
<uuid>{{ rbd_secret_uuid }}</uuid>
|
<uuid>{{ item.uuid }}</uuid>
|
||||||
<usage type='ceph'>
|
<usage type='ceph'>
|
||||||
<name>client.nova secret</name>
|
<name>{{ item.name }}</name>
|
||||||
</usage>
|
</usage>
|
||||||
</secret>
|
</secret>
|
||||||
|
@ -245,6 +245,20 @@
|
|||||||
tags: ironic,
|
tags: ironic,
|
||||||
when: enable_ironic | bool }
|
when: enable_ironic | bool }
|
||||||
|
|
||||||
|
- name: Apply role cinder
|
||||||
|
gather_facts: false
|
||||||
|
hosts:
|
||||||
|
- ceph-mon
|
||||||
|
- cinder-api
|
||||||
|
- cinder-backup
|
||||||
|
- cinder-scheduler
|
||||||
|
- cinder-volume
|
||||||
|
serial: '{{ serial|default("0") }}'
|
||||||
|
roles:
|
||||||
|
- { role: cinder,
|
||||||
|
tags: cinder,
|
||||||
|
when: enable_cinder | bool }
|
||||||
|
|
||||||
- name: Apply role nova
|
- name: Apply role nova
|
||||||
gather_facts: false
|
gather_facts: false
|
||||||
hosts:
|
hosts:
|
||||||
@ -289,20 +303,6 @@
|
|||||||
tags: kuryr,
|
tags: kuryr,
|
||||||
when: enable_kuryr | bool }
|
when: enable_kuryr | bool }
|
||||||
|
|
||||||
- name: Apply role cinder
|
|
||||||
gather_facts: false
|
|
||||||
hosts:
|
|
||||||
- ceph-mon
|
|
||||||
- cinder-api
|
|
||||||
- cinder-backup
|
|
||||||
- cinder-scheduler
|
|
||||||
- cinder-volume
|
|
||||||
serial: '{{ serial|default("0") }}'
|
|
||||||
roles:
|
|
||||||
- { role: cinder,
|
|
||||||
tags: cinder,
|
|
||||||
when: enable_cinder | bool }
|
|
||||||
|
|
||||||
- name: Apply role heat
|
- name: Apply role heat
|
||||||
gather_facts: false
|
gather_facts: false
|
||||||
hosts:
|
hosts:
|
||||||
|
@ -5,7 +5,10 @@
|
|||||||
# These options must be UUID4 values in string format
|
# These options must be UUID4 values in string format
|
||||||
# XXXXXXXX-XXXX-4XXX-XXXX-XXXXXXXXXXXX
|
# XXXXXXXX-XXXX-4XXX-XXXX-XXXXXXXXXXXX
|
||||||
ceph_cluster_fsid:
|
ceph_cluster_fsid:
|
||||||
|
# for backward compatible consideration, rbd_secret_uuid is only used for nova,
|
||||||
|
# cinder_rbd_secret_uuid is used for cinder
|
||||||
rbd_secret_uuid:
|
rbd_secret_uuid:
|
||||||
|
cinder_rbd_secret_uuid:
|
||||||
|
|
||||||
###################
|
###################
|
||||||
# Database options
|
# Database options
|
||||||
|
@ -51,9 +51,13 @@ def main():
|
|||||||
passwords_file = os.path.expanduser(args.passwords)
|
passwords_file = os.path.expanduser(args.passwords)
|
||||||
|
|
||||||
# These keys should be random uuids
|
# These keys should be random uuids
|
||||||
uuid_keys = ['ceph_cluster_fsid', 'rbd_secret_uuid',
|
uuid_keys = ['ceph_cluster_fsid',
|
||||||
'gnocchi_project_id', 'gnocchi_resource_id',
|
'rbd_secret_uuid',
|
||||||
'gnocchi_user_id', 'designate_pool_id',
|
'cinder_rbd_secret_uuid',
|
||||||
|
'gnocchi_project_id',
|
||||||
|
'gnocchi_resource_id',
|
||||||
|
'gnocchi_user_id',
|
||||||
|
'designate_pool_id',
|
||||||
'karbor_openstack_infra_id']
|
'karbor_openstack_infra_id']
|
||||||
|
|
||||||
# SSH key pair
|
# SSH key pair
|
||||||
|
@ -0,0 +1,4 @@
|
|||||||
|
---
|
||||||
|
upgrade:
|
||||||
|
- |
|
||||||
|
cinder_rbd_secret_uuid variable is requirement in passwords.yml file
|
Loading…
Reference in New Issue
Block a user