--- - name: Ensuring config directory exists file: path: "{{ node_config_directory }}/{{ item }}" state: "directory" mode: "0770" become: true with_items: - "nova-libvirt/secrets" when: inventory_hostname in groups['compute'] - name: Copying over ceph.conf(s) vars: service_name: "{{ item }}" merge_configs: sources: - "{{ role_path }}/../ceph/templates/ceph.conf.j2" - "{{ node_custom_config }}/ceph.conf" - "{{ node_custom_config }}/ceph/{{ inventory_hostname }}/ceph.conf" dest: "{{ node_config_directory }}/{{ item }}/ceph.conf" mode: "0660" become: true with_items: - "nova-compute" - "nova-libvirt" when: inventory_hostname in groups['compute'] notify: - Restart {{ item }} container - include_tasks: ../../ceph_pools.yml vars: pool_name: "{{ nova_pool_name }}" pool_type: "{{ nova_pool_type }}" cache_mode: "{{ nova_cache_mode }}" pool_pg_num: "{{ nova_pool_pg_num }}" pool_pgp_num: "{{ nova_pool_pgp_num }}" pool_application: "rbd" - name: Pulling cephx keyring for nova become: true kolla_ceph_keyring: name: client.nova caps: "{{ ceph_client_nova_keyring_caps }}" register: nova_cephx_key delegate_to: "{{ groups['ceph-mon'][0] }}" run_once: True - name: Pulling cinder cephx keyring for libvirt become: true command: docker exec ceph_mon ceph auth get-key client.cinder register: cinder_cephx_raw_key delegate_to: "{{ groups['ceph-mon'][0] }}" when: - enable_cinder | bool - cinder_backend_ceph | bool changed_when: False run_once: True - name: Pushing cephx keyring for nova copy: content: | [client.nova] key = {{ nova_cephx_key.keyring.key }} dest: "{{ node_config_directory }}/nova-compute/ceph.client.nova.keyring" mode: "0600" become: true when: inventory_hostname in groups['compute'] notify: - Restart nova-compute container - name: Pushing secrets xml for libvirt template: src: "secret.xml.j2" dest: "{{ node_config_directory }}/nova-libvirt/secrets/{{ item.uuid }}.xml" mode: "0600" become: true when: - inventory_hostname in groups['compute'] - item.enabled | bool with_items: - uuid: "{{ rbd_secret_uuid }}" name: client.nova secret enabled: true - uuid: "{{ cinder_rbd_secret_uuid }}" name: client.cinder secret enabled: "{{ enable_cinder | bool and cinder_backend_ceph | bool}}" notify: - Restart nova-libvirt container - name: Pushing secrets key for libvirt copy: content: "{{ item.content }}" dest: "{{ node_config_directory }}/nova-libvirt/secrets/{{ item.uuid }}.base64" mode: "0600" become: true when: - inventory_hostname in groups['compute'] - item.enabled | bool with_items: - uuid: "{{ rbd_secret_uuid }}" content: "{{ nova_cephx_key.keyring.key }}" enabled: true - uuid: "{{ cinder_rbd_secret_uuid }}" content: "{{ cinder_cephx_raw_key.stdout|default('') }}" enabled: "{{ enable_cinder | bool and cinder_backend_ceph | bool}}" notify: - Restart nova-libvirt container - name: Ensuring config directory has correct owner and permission become: true file: path: "{{ node_config_directory }}/{{ item }}" recurse: yes owner: "{{ config_owner_user }}" group: "{{ config_owner_group }}" with_items: - "nova-compute" - "nova-libvirt/secrets" when: inventory_hostname in groups['compute']