External Ceph: add ceph_*_user variables

To make the configuration easier for the user, and to allow non-standard ceph authentication ids - introduce ceph_*_user variables. Change-Id: I24e01c43c826b62b6748d93a498f4b7d8ce9e309
2019-12-10 18:28:50 +01:00 · 2019-12-10 18:28:50 +01:00 · fdf3729f83
commit fdf3729f83
parent 4d0c442b88
9 changed files with 50 additions and 89 deletions
--- a/ansible/group_vars/all.yml
+++ b/ansible/group_vars/all.yml
@ -1007,6 +1007,13 @@ ceph_glance_pool_name: "images"
 ceph_gnocchi_pool_name: "gnocchi"
 ceph_nova_pool_name: "vms"

+ceph_cinder_backup_user: "cinder-backup"
+ceph_cinder_volume_user: "cinder"
+ceph_glance_user: "glance"
+ceph_gnocchi_user: "gnocchi"
+ceph_manila_user: "manila"
+ceph_nova_user: "nova"
+
 ceph_erasure_profile: "k=4 m=2 ruleset-failure-domain=host"
 ceph_rule: "default host {{ 'indep' if ceph_pool_type == 'erasure' else 'firstn' }}"
 ceph_cache_rule: "cache host firstn"
--- a/ansible/roles/cinder/templates/cinder.conf.j2
+++ b/ansible/roles/cinder/templates/cinder.conf.j2
@ -28,7 +28,7 @@ enabled_backends = {{ cinder_enabled_backends|map(attribute='name')|join(',') }}
 {% if cinder_backup_driver == "ceph" %}
 backup_driver = cinder.backup.drivers.ceph.CephBackupDriver
 backup_ceph_conf = /etc/ceph/ceph.conf
-backup_ceph_user = cinder-backup
+backup_ceph_user = {{ ceph_cinder_backup_user }}
 backup_ceph_chunk_size = 134217728
 backup_ceph_pool = {{ ceph_cinder_backup_pool_name }}
 backup_ceph_stripe_unit = 0
@ -131,7 +131,7 @@ rbd_flatten_volume_from_snapshot = false
 rbd_max_clone_depth = 5
 rbd_store_chunk_size = 4
 rados_connect_timeout = 5
-rbd_user = cinder
+rbd_user = {{ ceph_cinder_volume_user }}
 rbd_secret_uuid = {{ cinder_rbd_secret_uuid }}
 report_discard_supported = True
 image_upload_use_cinder_backend = True
--- a/ansible/roles/glance/templates/glance-api.conf.j2
+++ b/ansible/roles/glance/templates/glance-api.conf.j2
@ -61,7 +61,7 @@ stores = {{ glance_store_backends|map(attribute='name')|join(',') }}
 {% endif %}

 {% if glance_backend_ceph | bool %}
-rbd_store_user = glance
+rbd_store_user = {{ ceph_glance_user }}
 rbd_store_pool = {{ ceph_glance_pool_name }}
 rbd_store_chunk_size = 8
 {% endif %}
--- a/ansible/roles/gnocchi/templates/gnocchi.conf.j2
+++ b/ansible/roles/gnocchi/templates/gnocchi.conf.j2
@ -74,8 +74,8 @@ file_basepath = /var/lib/gnocchi
 {% elif gnocchi_backend_storage == 'ceph' %}
 driver = ceph
 ceph_pool = {{ gnocchi_pool_name }}
-ceph_username = gnocchi
-ceph_keyring = /etc/ceph/ceph.client.gnocchi.keyring
+ceph_username = {{ ceph_gnocchi_user }}
+ceph_keyring = {{ ceph_gnocchi_keyring }}
 ceph_conffile = /etc/ceph/ceph.conf
 {% elif gnocchi_backend_storage == 'swift' %}
 driver = swift
--- a/ansible/roles/manila/templates/manila-share.conf.j2
+++ b/ansible/roles/manila/templates/manila-share.conf.j2
@ -99,7 +99,7 @@ driver_handles_share_servers = False
 share_backend_name = CEPHFS1
 share_driver = manila.share.drivers.cephfs.driver.CephFSDriver
 cephfs_conf_path = /etc/ceph/ceph.conf
-cephfs_auth_id = manila
+cephfs_auth_id = {{ ceph_manila_user }}
 cephfs_cluster_name = ceph
 cephfs_enable_snapshots = False
 {% endif %}
@ -111,7 +111,7 @@ share_backend_name = CEPHFSNFS1
 share_driver = manila.share.drivers.cephfs.driver.CephFSDriver
 cephfs_protocol_helper_type = NFS
 cephfs_conf_path = /etc/ceph/ceph.conf
-cephfs_auth_id = manila
+cephfs_auth_id = {{ ceph_manila_user }}
 cephfs_cluster_name = ceph
 cephfs_enable_snapshots = False
 cephfs_ganesha_server_is_remote= False
--- a/ansible/roles/nova-cell/templates/nova.conf.d/libvirt.conf.j2
+++ b/ansible/roles/nova-cell/templates/nova.conf.d/libvirt.conf.j2
@ -5,11 +5,11 @@ live_migration_uri = "qemu+tls://%s/system"
 {% else %}
 connection_uri = "qemu+tcp://{{ migration_interface_address | put_address_in_context('url') }}/system"
 {% endif %}
-{% if enable_ceph | bool and nova_backend == "rbd" %}
+{% if nova_backend == "rbd" %}
 images_type = rbd
 images_rbd_pool = {{ ceph_nova_pool_name }}
 images_rbd_ceph_conf = /etc/ceph/ceph.conf
-rbd_user = nova
+rbd_user = {{ ceph_nova_user }}
 disk_cachemodes="network=writeback"
 {% if nova_hw_disk_discard != '' %}
 hw_disk_discard = {{ nova_hw_disk_discard }}
--- a/doc/source/reference/storage/external-ceph-guide.rst
+++ b/doc/source/reference/storage/external-ceph-guide.rst
@ -66,17 +66,11 @@ Glance

 Configuring Glance for Ceph includes the following steps:

-#. Configure RBD back end in ``glance-api.conf``
+#. Configure Ceph authentication details in ``/etc/kolla/globals.yml``:

-   .. path /etc/kolla/config/glance/glance-api.conf
-   .. code-block:: ini
-
-      [glance_store]
-      stores = rbd
-      default_store = rbd
-      rbd_store_pool = images
-      rbd_store_user = glance
-      rbd_store_ceph_conf = /etc/ceph/ceph.conf
+   * ``ceph_glance_keyring`` (default: ``ceph.client.glance.keyring``)
+   * ``ceph_glance_user`` (default: ``glance``)
+   * ``ceph_glance_pool_name`` (default: ``images``)

 #. Copy Ceph configuration file to ``/etc/kolla/config/glance/ceph.conf``

@ -91,10 +85,6 @@ Configuring Glance for Ceph includes the following steps:
      auth_service_required = cephx
      auth_client_required = cephx

-#. Configure Ceph authentication details in ``/etc/kolla/globals.yml``:
-
-   * ``ceph_glance_keyring`` (default: ``ceph.client.glance.keyring``)
-
 #. Copy Ceph keyring to ``/etc/kolla/config/glance/<ceph_glance_keyring>``

 Cinder
@ -102,43 +92,14 @@ Cinder

 Configuring Cinder for Ceph includes following steps:

-#. Configure RBD backend in ``cinder-volume.conf`` and ``cinder-backup.conf``
-
-   .. path /etc/kolla/config/cinder/cinder-volume.conf
-   .. code-block:: ini
-
-      [DEFAULT]
-      enabled_backends=rbd-1
-
-      [rbd-1]
-      rbd_ceph_conf=/etc/ceph/ceph.conf
-      rbd_user=cinder
-      backend_host=rbd:volumes
-      rbd_pool=volumes
-      volume_backend_name=rbd-1
-      volume_driver=cinder.volume.drivers.rbd.RBDDriver
-      rbd_secret_uuid = {{ cinder_rbd_secret_uuid }}
-
-   .. note::
-
-      ``cinder_rbd_secret_uuid`` can be found in ``/etc/kolla/passwords.yml``.
-
-   .. path /etc/kolla/config/cinder/cinder-backup.conf
-   .. code-block:: ini
-
-      [DEFAULT]
-      backup_ceph_conf=/etc/ceph/ceph.conf
-      backup_ceph_user=cinder-backup
-      backup_ceph_chunk_size = 134217728
-      backup_ceph_pool=backups
-      backup_driver = cinder.backup.drivers.ceph.CephBackupDriver
-      backup_ceph_stripe_unit = 0
-      backup_ceph_stripe_count = 0
-      restore_discard_excess_bytes = true
-
-   For more information about the Cinder backup configuration, see
-   :cinder-doc:`Ceph backup driver
-   <configuration/block-storage/backup/ceph-backup-driver.html>`.
+#. Configure Ceph authentication details in ``/etc/kolla/globals.yml``:
+   * ``ceph_cinder_keyring`` (default: ``ceph.client.cinder.keyring``)
+   * ``ceph_cinder_user`` (default: ``cinder``)
+   * ``ceph_cinder_pool_name`` (default: ``volumes``)
+   * ``ceph_cinder_backup_keyring``
+   (default: ``ceph.client.cinder-backup.keyring``)
+   * ``ceph_cinder_backup_user`` (default: ``cinder-backup``)
+   * ``ceph_cinder_backup_pool_name`` (default: ``backups``)

 #. Copy Ceph configuration file to ``/etc/kolla/config/cinder/ceph.conf``

@ -148,11 +109,6 @@ Configuring Cinder for Ceph includes following steps:
   ``/etc/kolla/config/cinder/cinder-backup`` respectively. They
   will be merged with ``/etc/kolla/config/cinder/ceph.conf``.

-#. Configure Ceph authentication details in ``/etc/kolla/globals.yml``:
-   * ``ceph_cinder_keyring`` (default: ``ceph.client.cinder.keyring``)
-   * ``ceph_cinder_backup_keyring``
-   (default: ``ceph.client.cinder-backup.keyring``)
-
 #. Copy Ceph keyring files to:
   * ``/etc/kolla/config/cinder/cinder-volume/<ceph_cinder_keyring>``
   * ``/etc/kolla/config/cinder/cinder-backup/<ceph_cinder_keyring>``
@ -168,12 +124,14 @@ Nova

 Configuring Nova for Ceph includes following steps:

-#. Copy Ceph configuration file to ``/etc/kolla/config/nova/ceph.conf``
 #. Configure Ceph authentication details in ``/etc/kolla/globals.yml``:

   * ``ceph_cinder_keyring`` (default: ``ceph.client.cinder.keyring``)
   * ``ceph_nova_keyring`` (by default it's the same as ceph_cinder_keyring)
+   * ``ceph_nova_user`` (default: ``nova``)
+   * ``ceph_nova_pool_name`` (default: ``vms``)

+#. Copy Ceph configuration file to ``/etc/kolla/config/nova/ceph.conf``
 #. Copy Ceph keyring file(s) to:

   * ``/etc/kolla/config/nova/<ceph_cinder_keyring>``
@ -183,41 +141,23 @@ Configuring Nova for Ceph includes following steps:
   .. warning::

      If you are using ceph-ansible or another deployment tool that doesn't
-      create separate key for Nova just copy the Cinder key.
-
-#. Configure nova-compute to use Ceph as the ephemeral back end by creating
-   ``/etc/kolla/config/nova/nova-compute.conf`` and adding the following
-   configurations:
-
-   .. code-block:: ini
-
-      [libvirt]
-      images_rbd_pool=vms
-      images_type=rbd
-      images_rbd_ceph_conf=/etc/ceph/ceph.conf
+      create separate key for Nova just copy the Cinder key and configure
+      ``ceph_nova_user`` to the same value as ``ceph_cinder_user``.

 Gnocchi
 -------

 Configuring Gnocchi for Ceph includes following steps:

-#. Copy Ceph configuration file to ``/etc/kolla/config/gnocchi/ceph.conf``
 #. Configure Ceph authentication details in ``/etc/kolla/globals.yml``:

   * ``ceph_gnocchi_keyring``
     (default: ``ceph.client.gnocchi.keyring``)
+   * ``ceph_gnocchi_user`` (default: ``gnocchi``)
+   * ``ceph_gnocchi_pool_name`` (default: ``gnocchi``)

+#. Copy Ceph configuration file to ``/etc/kolla/config/gnocchi/ceph.conf``
 #. Copy Ceph keyring to ``/etc/kolla/config/gnocchi/<ceph_gnocchi_keyring>``
-#. Modify ``/etc/kolla/config/gnocchi.conf`` file according to the following
-   configuration:
-
-   .. code-block:: ini
-
-      [storage]
-      driver = ceph
-      ceph_username = gnocchi
-      ceph_keyring = /etc/ceph/ceph.client.gnocchi.keyring
-      ceph_conffile = /etc/ceph/ceph.conf

 Manila
 ------
@ -229,6 +169,7 @@ Configuring Manila for Ceph includes following steps:
 #. Configure Ceph authentication details in ``/etc/kolla/globals.yml``:

   * ``ceph_manila_keyring`` (default: ``ceph.client.manila.keyring``)
+   * ``ceph_manila_user`` (default: ``manila``)

 #. Copy Ceph configuration file to ``/etc/kolla/config/manila/ceph.conf``
 #. Copy Ceph keyring to ``/etc/kolla/config/manila/<ceph_manila_keyring>``
--- a/releasenotes/notes/external-ceph-users-2715eebf8a8df1af.yaml
+++ b/releasenotes/notes/external-ceph-users-2715eebf8a8df1af.yaml
@ -0,0 +1,12 @@
+---
+features:
+  - |
+    Introduce External Ceph user ids as variables to allow non-standard ceph
+    authentication ids in OpenStack services configuration without the need to
+    override configuration files.
+upgrade:
+  - |
+    Now the rbd part of ``nova.conf`` in ``nova-compute`` is being generated
+    when ``nova_backend`` is set to ``"rbd"`` (previously it was generated when
+    both ``enable_ceph`` was ``"yes"`` and ``nova_backend`` was set to
+    ``"rbd"``).
--- a/tests/templates/globals-default.j2
+++ b/tests/templates/globals-default.j2
@ -133,4 +133,5 @@ enable_cinder: "yes"
 glance_backend_ceph: "yes"
 cinder_backend_ceph: "yes"
 nova_backend_ceph: "yes"
+ceph_nova_user: "cinder"
 {% endif %}