puppet-ceph

rgw and mds profiles don't have credentials to import service keyrings in the cluster

Bug #1673288 reported by Giulio Fidente
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
puppet-ceph
In Progress
Undecided
Alex Schultz
tripleo
Fix Released
Undecided
Giulio Fidente

Bug Description

For the RGW and MDS profiles to work correctly, it is necessary to deploy a key with the needed permissions to import the RGW or MDS service keyrings.

Without a keyring with the needed permissions the deployment will fail with something like:

  ceph auth import -i /etc/ceph/ceph.client.radosgw.gateway.keyring returned 1 instead of one of [0]

or for MDS like:

  ceph auth import -i /var/lib/ceph/mds/ceph-overcloud-metadata-0/keyring returned 1 instead of one of [0]

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to puppet-ceph (master)

Fix proposed to branch: master
Review: https://review.openstack.org/446227

Changed in puppet-ceph:
assignee: nobody → Giulio Fidente (gfidente)
status: New → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to puppet-tripleo (master)

Fix proposed to branch: master
Review: https://review.openstack.org/446231

Changed in tripleo:
assignee: nobody → Giulio Fidente (gfidente)
status: New → In Progress
Giulio Fidente (gfidente)
summary: - rgw and mds profiles miss credentials to import service keyrings
+ rgw and mds profiles don't have credentials to import service keyrings
+ in the cluster
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to puppet-tripleo (master)

Reviewed: https://review.openstack.org/446231
Committed: https://git.openstack.org/cgit/openstack/puppet-tripleo/commit/?id=ad1324c7acd4afa937ce41b6339e3dc817d0de25
Submitter: Jenkins
Branch: master

commit ad1324c7acd4afa937ce41b6339e3dc817d0de25
Author: Giulio Fidente <email address hidden>
Date: Thu Mar 16 00:45:11 2017 +0100

    Include ceph::profile::client from rgw.pp

    To deploy successfully the RadosGW service on a dedicated node
    it is necessary to provision on the node a CephX keyring with the
    needed permissions to import the RadosGW service keyring. This
    change will provision any keyring passed via client_keys.

    It makes possible to deploy the CephRgw service on any custom role
    without including the CephClient service.

    Change-Id: I5772eeb233ca241887226145a472c7a0363249cb
    Closes-Bug: #1673288

Changed in tripleo:
status: In Progress → Fix Released
OpenStack Infra (hudson-openstack)
Changed in puppet-ceph:
assignee: Giulio Fidente (gfidente) → Alex Schultz (alex-schultz)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix proposed to tripleo-heat-templates (master)

Related fix proposed to branch: master
Review: https://review.openstack.org/454650

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/puppet-tripleo 7.0.0

This issue was fixed in the openstack/puppet-tripleo 7.0.0 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Change abandoned on tripleo-heat-templates (master)

Change abandoned by Giulio Fidente (<email address hidden>) on branch: master
Review: https://review.openstack.org/454650
Reason: not valid from pike with ceph-ansible, we might reprise it for the older releases should it become an issue

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Change abandoned on puppet-ceph (master)

Change abandoned by Giulio Fidente (<email address hidden>) on branch: master
Review: https://review.openstack.org/446227

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.