kolla-ansible

when we enable external ceph in train release "ceph.client.cinder.keyring" is not copied to /etc/kolla/nova-compute

Bug #1859408 reported by Srinivasa Reddy
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
kolla-ansible
Fix Released
Medium
Radosław Piliszek
kolla-ansible 10.0.0 "ussuri"
Train
Fix Released
Medium
Mark Goddard
Ussuri
Fix Released
Medium
Radosław Piliszek
kolla-ansible 10.0.0 "ussuri"

Bug Description

What happened:

when we enable external ceph in train release "ceph.client.cinder.keyring" is not copied to /etc/kolla/nova-compute

How to reproduce it (minimal and precise):
```
[root@kollabase ~]# grep -v -e "^#" -e "^$" /etc/kolla/globals.yml
---
kolla_base_distro: "centos"
kolla_install_type: "source"
openstack_release: "train"
node_custom_config: "/etc/kolla/config"
kolla_internal_vip_address: "192.168.56.254"
docker_registry: "192.168.56.100:4000"
network_interface: "enp0s8"
neutron_external_interface: "enp0s9"
neutron_plugin_agent: "openvswitch"
enable_cinder: "yes"
enable_cinder_backup: "yes"
enable_horizon_karbor: "{{ enable_karbor | bool }}"
enable_horizon_masakari: "{{ enable_masakari | bool }}"
enable_karbor: "yes"
enable_masakari: "yes"
enable_ceph_rgw_keystone: "yes"
glance_backend_ceph: "yes"
cinder_backend_ceph: "yes"
cinder_backup_driver: "ceph"
nova_backend_ceph: "yes"
nova_compute_virt_type: "qemu"

[root@kollabase config]# tree
.
├── cinder
│ ├── ceph.conf
│ ├── cinder-backup
│ │ ├── ceph.client.cinder-backup.keyring
│ │ └── ceph.client.cinder.keyring
│ ├── cinder-backup.conf
│ ├── cinder-volume
│ │ └── ceph.client.cinder.keyring
│ └── cinder-volume.conf
├── glance
│ ├── ceph.client.glance.keyring
│ ├── ceph.conf
│ └── glance-api.conf
└── nova
    ├── ceph.client.cinder.keyring
    ├── ceph.client.nova.keyring
    ├── ceph.conf
    └── nova-compute.conf

5 directories, 13 files
```
* OS (e.g. from /etc/os-release):

NAME="CentOS Linux"
VERSION="7 (Core)"
ID="centos"
ID_LIKE="rhel fedora"
VERSION_ID="7"
PRETTY_NAME="CentOS Linux 7 (Core)"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:centos:centos:7"
HOME_URL="https://www.centos.org/"
BUG_REPORT_URL="https://bugs.centos.org/"

CENTOS_MANTISBT_PROJECT="CentOS-7"
CENTOS_MANTISBT_PROJECT_VERSION="7"
REDHAT_SUPPORT_PRODUCT="centos"
REDHAT_SUPPORT_PRODUCT_VERSION="7"

*Kolla-Ansible version:
kolla-ansible=9.0

See original description
Srinivasa Reddy (srinivasareddym)
summary: - when we enable external ceph in rocky release
+ when we enable external ceph in train release
"ceph.client.cinder.keyring" is not copied to /etc/kolla/nova-compute
description: updated
Michal Nasiadka (mnasiadka)
Changed in kolla-ansible:
status: New → Triaged
importance: Undecided → Medium
assignee: nobody → Michal Nasiadka (mnasiadka)
no longer affects: kolla-ansible/rocky
no longer affects: kolla-ansible/stein
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to kolla-ansible (master)

Fix proposed to branch: master
Review: https://review.opendev.org/702198

Changed in kolla-ansible:
status: Triaged → In Progress
OpenStack Infra (hudson-openstack)
Changed in kolla-ansible:
assignee: Michal Nasiadka (mnasiadka) → Radosław Piliszek (yoctozepto)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to kolla-ansible (master)

Reviewed: https://review.opendev.org/702198
Committed: https://git.openstack.org/cgit/openstack/kolla-ansible/commit/?id=71d4c697cdb982d7d8e6cbd95ad870eb08f6914e
Submitter: Zuul
Branch: master

commit 71d4c697cdb982d7d8e6cbd95ad870eb08f6914e
Author: Michal Nasiadka <email address hidden>
Date: Mon Jan 13 11:54:04 2020 +0100

    External Ceph: copy also cinder keyring to nova services

    Since [1] nova-compute uses rbd python library instead of libvirt to cleanup
    volumes and get pool info - so it requires cinder keyring on filesystem.

    In external ceph case it is often that nova key does not exist (is simply a copied
    cinder key) and the rbd user is set to cinder - therefore the earlier mentioned
    operations will fail due to a missing keyring on the filesystem.

    [1]: https://review.opendev.org/#/c/668564/

    Change-Id: Idef21dc5f7e9ff512bc8920630a3de61a1e69eee
    Backport: train
    Closes-Bug: #1859408

Changed in kolla-ansible:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to kolla-ansible (stable/train)

Fix proposed to branch: stable/train
Review: https://review.opendev.org/704606

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to kolla-ansible (stable/train)

Reviewed: https://review.opendev.org/704606
Committed: https://git.openstack.org/cgit/openstack/kolla-ansible/commit/?id=a9fecc41a31749c97e89ba6b66c9c46714fa6da8
Submitter: Zuul
Branch: stable/train

commit a9fecc41a31749c97e89ba6b66c9c46714fa6da8
Author: Michal Nasiadka <email address hidden>
Date: Mon Jan 13 11:54:04 2020 +0100

    External Ceph: copy also cinder keyring to nova services

    Since [1] nova-compute uses rbd python library instead of libvirt to cleanup
    volumes and get pool info - so it requires cinder keyring on filesystem.

    In external ceph case it is often that nova key does not exist (is simply a copied
    cinder key) and the rbd user is set to cinder - therefore the earlier mentioned
    operations will fail due to a missing keyring on the filesystem.

    [1]: https://review.opendev.org/#/c/668564/

    Change-Id: Idef21dc5f7e9ff512bc8920630a3de61a1e69eee
    Backport: train
    Closes-Bug: #1859408
    (cherry picked from commit 71d4c697cdb982d7d8e6cbd95ad870eb08f6914e)

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/kolla-ansible 9.0.1

This issue was fixed in the openstack/kolla-ansible 9.0.1 release.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.