openstack/kolla-ansible
Code Issues Proposed changes
kolla-ansible/ansible/roles/nova-cell/tasks/external_ceph.yml
Radosław Piliszek 345ecbf55e Refactor services' check-containers and optimise 
This might fix some hidden bugs where the check tasks forgot to
include params important for the service.

We also get a nice optimisation by using a filtered loop instead
of task skipping per service with 'when'. As proven in
https://review.opendev.org/c/openstack/kolla-ansible/+/914997

This refactoring allows for further optimisation and
fixing work to proceed with much less hassle. Including getting
rid of many notify statements as the restarts are now safely handled
by check-containers. Some notifies had to stay, because of special
edge cases eg. in rolling upgrades and loadbalancer config.

One downside is we remove the little optimisation for Zun that
ignored config change for copying loopback but this is an
acceptable tradeoff considering the benefits above.

Co-Authored-By: Roman Krček <roman.krcek@tietoevry.com>
Change-Id: I855dfef33aa0f3fd1301295bb8ede3e587e7162a
Partially-Implements: blueprint performance-improvements
2024-12-01 22:16:51 +01:00

204 lines
7.2 KiB
YAML
Raw Blame History

---
- name: Check nova keyring file
vars:
keyring: "{{ nova_cell_ceph_backend['cluster'] }}.client.{{ nova_cell_ceph_backend['vms']['user'] }}.keyring"
paths:
- "{{ node_custom_config }}/nova/{{ inventory_hostname }}/{{ keyring }}"
- "{{ node_custom_config }}/nova/{{ keyring }}"
stat:
path: "{{ lookup('first_found', paths) }}"
delegate_to: localhost
register: nova_cephx_keyring_file
failed_when: not nova_cephx_keyring_file.stat.exists
when:
- nova_backend == "rbd"
- external_ceph_cephx_enabled | bool
- name: Check cinder keyring file
vars:
keyring: "{{ nova_cell_ceph_backend['cluster'] }}.client.{{ nova_cell_ceph_backend['volumes']['user'] }}.keyring"
paths:
- "{{ node_custom_config }}/nova/{{ inventory_hostname }}/{{ keyring }}"
- "{{ node_custom_config }}/nova/{{ keyring }}"
stat:
path: "{{ lookup('first_found', paths) }}"
delegate_to: localhost
register: cinder_cephx_keyring_file
failed_when: not cinder_cephx_keyring_file.stat.exists
when:
- cinder_backend_ceph | bool
- external_ceph_cephx_enabled | bool
- name: Extract nova key from file
set_fact:
nova_cephx_raw_key:
"{{ lookup('template', nova_cephx_keyring_file.stat.path) | regex_search('key\\s*=.*$', multiline=True) | regex_replace('key\\s*=\\s*(.*)\\s*', '\\1') }}"
changed_when: false
when:
- nova_backend == "rbd"
- external_ceph_cephx_enabled | bool
- name: Extract cinder key from file
set_fact:
cinder_cephx_raw_key:
"{{ lookup('template', cinder_cephx_keyring_file.stat.path) | regex_search('key\\s*=.*$', multiline=True) | regex_replace('key\\s*=\\s*(.*)\\s*', '\\1') }}"
changed_when: false
when:
- cinder_backend_ceph | bool
- external_ceph_cephx_enabled | bool
- name: Copy over ceph nova keyring file
template:
src: "{{ nova_cephx_keyring_file.stat.path }}"
dest: "{{ node_config_directory }}/{{ item }}/"
owner: "{{ config_owner_user }}"
group: "{{ config_owner_group }}"
mode: "0660"
become: true
with_items:
- nova-compute
when:
- inventory_hostname in groups[nova_cell_compute_group]
- nova_backend == "rbd"
- external_ceph_cephx_enabled | bool
- name: Copy over ceph cinder keyring file
template:
src: "{{ cinder_cephx_keyring_file.stat.path }}"
dest: "{{ node_config_directory }}/{{ item }}/"
owner: "{{ config_owner_user }}"
group: "{{ config_owner_group }}"
mode: "0660"
become: true
with_items: # NOTE: nova-libvirt does not need it
- nova-compute
when:
- inventory_hostname in groups[nova_cell_compute_group]
- nova_backend == "rbd"
- external_ceph_cephx_enabled | bool
- name: Copy over ceph.conf
vars:
service: "{{ nova_cell_services[item] }}"
paths:
- "{{ node_custom_config }}/nova/{{ inventory_hostname }}/{{ nova_cell_ceph_backend['cluster'] }}.conf"
- "{{ node_custom_config }}/nova/{{ nova_cell_ceph_backend['cluster'] }}.conf"
template:
src: "{{ lookup('first_found', paths) }}"
dest: "{{ node_config_directory }}/{{ item }}/"
owner: "{{ config_owner_user }}"
group: "{{ config_owner_group }}"
mode: "0660"
become: true
with_items:
- nova-compute
- nova-libvirt
when:
- service | service_enabled_and_mapped_to_host
- nova_backend == "rbd"
- block:
- name: Ensure /etc/ceph directory exists (host libvirt)
vars:
paths:
- "{{ node_custom_config }}/nova/{{ inventory_hostname }}/{{ nova_cell_ceph_backend['cluster'] }}.conf"
- "{{ node_custom_config }}/nova/{{ nova_cell_ceph_backend['cluster'] }}.conf"
file:
path: "/etc/ceph/"
state: "directory"
owner: "root"
group: "root"
mode: "0755"
become: true
- name: Copy over ceph.conf (host libvirt)
vars:
paths:
- "{{ node_custom_config }}/nova/{{ inventory_hostname }}/{{ nova_cell_ceph_backend['cluster'] }}.conf"
- "{{ node_custom_config }}/nova/{{ nova_cell_ceph_backend['cluster'] }}.conf"
template:
src: "{{ lookup('first_found', paths) }}"
dest: "/etc/ceph/{{ nova_cell_ceph_backend['cluster'] }}.conf"
owner: "root"
group: "root"
mode: "0644"
become: true
when:
- not enable_nova_libvirt_container | bool
- inventory_hostname in groups[nova_cell_compute_group]
- nova_backend == "rbd"
- block:
- name: Ensuring libvirt secrets directory exists
vars:
service: "{{ nova_cell_services['nova-libvirt'] }}"
file:
path: "{{ libvirt_secrets_dir }}"
state: "directory"
owner: "{{ config_owner_user }}"
group: "{{ config_owner_group }}"
mode: "0770"
become: true
when: service | service_enabled_and_mapped_to_host
- name: Pushing nova secret xml for libvirt
vars:
service: "{{ nova_cell_services['nova-libvirt'] }}"
template:
src: "secret.xml.j2"
dest: "{{ libvirt_secrets_dir }}/{{ item.uuid }}.xml"
owner: "{{ config_owner_user }}"
group: "{{ config_owner_group }}"
mode: "0600"
become: true
when: service | service_enabled_and_mapped_to_host
with_items:
- uuid: "{{ rbd_secret_uuid }}"
name: "ceph-ephemeral-nova"
desc: "Ceph Client Secret for Ephemeral Storage (Nova)"
enabled: "{{ nova_backend == 'rbd' }}"
- uuid: "{{ cinder_rbd_secret_uuid }}"
name: "ceph-persistent-cinder"
desc: "Ceph Client Secret for Persistent Storage (Cinder)"
enabled: "{{ cinder_backend_ceph }}"
notify: "{{ libvirt_restart_handlers }}"
- name: Pushing secrets key for libvirt
vars:
service: "{{ nova_cell_services['nova-libvirt'] }}"
template:
src: "libvirt-secret.j2"
dest: "{{ libvirt_secrets_dir }}/{{ item.uuid }}.base64"
owner: "{{ config_owner_user }}"
group: "{{ config_owner_group }}"
mode: "0600"
become: true
when:
- service | service_enabled_and_mapped_to_host
- item.enabled | bool
- external_ceph_cephx_enabled | bool
with_items:
# NOTE(yoctozepto): 'default' filter required due to eager evaluation of item content
# which will be undefined if the applicable condition is False
- uuid: "{{ rbd_secret_uuid }}"
result: "{{ nova_cephx_raw_key | default }}"
enabled: "{{ nova_backend == 'rbd' }}"
- uuid: "{{ cinder_rbd_secret_uuid }}"
result: "{{ cinder_cephx_raw_key | default }}"
enabled: "{{ cinder_backend_ceph }}"
notify: "{{ libvirt_restart_handlers }}"
no_log: True
vars:
libvirt_secrets_dir: >-
{{ (node_config_directory ~ '/nova-libvirt/secrets')
if enable_nova_libvirt_container | bool
else '/etc/libvirt/secrets' }}
# NOTE(mgoddard): When running libvirt as a host daemon, on CentOS it
# appears to pick up secrets automatically, while on Ubuntu it requires a
# reload. This may be due to differences in tested versions of libvirt
# (8.0.0 vs 6.0.0). Reload should be low overhead, so do it always.
libvirt_restart_handlers: >-
{{ ['Restart nova-libvirt container']
if enable_nova_libvirt_container | bool else
['Reload libvirtd'] }}
View Git Blame Copy Permalink