c70d806666
When Nova, Glance, or Cinder are deployed alongside an external Ceph deployment handlers will fail to trigger if keyring files are updated, which results in the containers not being restarted. This change adds the missing 'when' conditions for nova-libvirt, nova-compute, cinder-volume, cinder-backup, and glance-api containers. Change-Id: I8e183aac9a72e7a7210f7edc7cdcbaedd4fbcaa9
133 lines
3.9 KiB
YAML
133 lines
3.9 KiB
YAML
---
|
|
- name: Ensuring config directory exists
|
|
file:
|
|
path: "{{ node_config_directory }}/{{ item }}"
|
|
state: "directory"
|
|
mode: "0770"
|
|
become: true
|
|
with_items:
|
|
- "nova-libvirt/secrets"
|
|
when: inventory_hostname in groups['compute']
|
|
|
|
- name: Check nova keyring file
|
|
local_action: stat path="{{ node_custom_config }}/nova/ceph.client.nova.keyring"
|
|
run_once: True
|
|
register: nova_cephx_keyring_file
|
|
failed_when: not nova_cephx_keyring_file.stat.exists
|
|
when:
|
|
- nova_backend == "rbd"
|
|
- external_ceph_cephx_enabled | bool
|
|
|
|
- name: Check cinder keyring file
|
|
local_action: stat path="{{ node_custom_config }}/nova/ceph.client.cinder.keyring"
|
|
run_once: True
|
|
register: cinder_cephx_keyring_file
|
|
failed_when: not cinder_cephx_keyring_file.stat.exists
|
|
when:
|
|
- cinder_backend_ceph | bool
|
|
- external_ceph_cephx_enabled | bool
|
|
|
|
# NOTE: nova-compute and nova-libvirt only need ceph.client.nova.keyring.
|
|
- name: Copy over ceph nova keyring file
|
|
copy:
|
|
src: "{{ nova_cephx_keyring_file.stat.path }}"
|
|
dest: "{{ node_config_directory }}/{{ item }}/"
|
|
mode: "0660"
|
|
become: true
|
|
register: nova_ceph_keyring
|
|
with_items:
|
|
- nova-compute
|
|
- nova-libvirt
|
|
when:
|
|
- inventory_hostname in groups['compute']
|
|
- nova_backend == "rbd"
|
|
- external_ceph_cephx_enabled | bool
|
|
notify:
|
|
- Restart nova-compute container
|
|
- Restart nova-libvirt container
|
|
|
|
- name: Copy over ceph.conf
|
|
template:
|
|
src: "{{ node_custom_config }}/nova/ceph.conf"
|
|
dest: "{{ node_config_directory }}/{{ item }}/"
|
|
mode: "0660"
|
|
become: true
|
|
register: ceph_confs
|
|
with_items:
|
|
- nova-compute
|
|
- nova-libvirt
|
|
when:
|
|
- inventory_hostname in groups['compute']
|
|
- nova_backend == "rbd"
|
|
notify:
|
|
- Restart {{ item }} container
|
|
|
|
- name: Pushing nova secret xml for libvirt
|
|
template:
|
|
src: "secret.xml.j2"
|
|
dest: "{{ node_config_directory }}/nova-libvirt/secrets/{{ item.uuid }}.xml"
|
|
mode: "0600"
|
|
become: true
|
|
register: libvirt_secrets_xml
|
|
when:
|
|
- inventory_hostname in groups['compute']
|
|
- item.enabled | bool
|
|
with_items:
|
|
- uuid: "{{ rbd_secret_uuid }}"
|
|
name: "client.nova secret"
|
|
enabled: "{{ nova_backend == 'rbd' }}"
|
|
- uuid: "{{ cinder_rbd_secret_uuid }}"
|
|
name: "client.cinder secret"
|
|
enabled: "{{ cinder_backend_ceph }}"
|
|
notify:
|
|
- Restart nova-libvirt container
|
|
|
|
- name: Extract nova key from file
|
|
local_action: shell cat "{{ nova_cephx_keyring_file.stat.path }}" | grep -E 'key\s*=' | awk '{ print $3 }'
|
|
run_once: True
|
|
register: nova_cephx_raw_key
|
|
when:
|
|
- nova_backend == "rbd"
|
|
- external_ceph_cephx_enabled | bool
|
|
|
|
- name: Extract cinder key from file
|
|
local_action: shell cat "{{ cinder_cephx_keyring_file.stat.path }}" | grep -E 'key\s*=' | awk '{ print $3 }'
|
|
run_once: True
|
|
register: cinder_cephx_raw_key
|
|
when:
|
|
- cinder_backend_ceph | bool
|
|
- external_ceph_cephx_enabled | bool
|
|
|
|
- name: Pushing secrets key for libvirt
|
|
copy:
|
|
content: "{{ item.result.stdout }}"
|
|
dest: "{{ node_config_directory }}/nova-libvirt/secrets/{{ item.uuid }}.base64"
|
|
mode: "0600"
|
|
become: true
|
|
register: libvirt_secrets_key
|
|
when:
|
|
- inventory_hostname in groups['compute']
|
|
- item.enabled | bool
|
|
- external_ceph_cephx_enabled | bool
|
|
with_items:
|
|
- uuid: "{{ rbd_secret_uuid }}"
|
|
result: "{{ nova_cephx_raw_key }}"
|
|
enabled: "{{ nova_backend == 'rbd' }}"
|
|
- uuid: "{{ cinder_rbd_secret_uuid }}"
|
|
result: "{{ cinder_cephx_raw_key }}"
|
|
enabled: "{{ cinder_backend_ceph }}"
|
|
notify:
|
|
- Restart nova-libvirt container
|
|
|
|
- name: Ensuring config directory has correct owner and permission
|
|
become: true
|
|
file:
|
|
path: "{{ node_config_directory }}/{{ item }}"
|
|
recurse: yes
|
|
owner: "{{ config_owner_user }}"
|
|
group: "{{ config_owner_group }}"
|
|
with_items:
|
|
- "nova-compute"
|
|
- "nova-libvirt/secrets"
|
|
when: inventory_hostname in groups['compute']
|