ceph encryption: relation with ceph-mon needs to be restarted after ceph is ready

Bug #1780988 reported by Ashley Lai on 2018-07-10
12
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Gnocchi Charm
Undecided
Unassigned
OpenStack ceph-radosgw charm
Undecided
Unassigned
OpenStack cinder-ceph charm
Undecided
Unassigned
OpenStack glance charm
Undecided
Unassigned
OpenStack nova-compute charm
Undecided
Unassigned

Bug Description

Ceph encryption requires the vault to be initialized before ceph services can become ready for use. This requires the charms that have relation to ceph-mon to re-run the relation hook for it to work properly. The work around is to remove the relation and add the relation back on but we need the fix in the charm to do this.

James Page (james-page) wrote :

I'm not sure this is the case; the vault charm won't give out any access credentials until vault is initialized and the charm is authorized for access; at this point, the vault charm can actually access vault so can start granting access and creating backends.

Is this specific to gnocchi? or does it impact all charms consuming the secrets backend from from vault.

It's not specific to Gnocchi only but to all the services related with ceph-mon

From my perspective, once ceph-osd is ready with encryption enabled and all the OSD available to the cluster (as reported by ceph-mon), a ceph-mon hook should be triggered to rebuild the relations with all the services related with it: gnocchi, cinder, radosgw, nova and glance.

James Page (james-page) wrote :

Oh right I see - this is a 'there are no OSD's to ceph pools can't be created' type issue.

Ashley Lai (alai) on 2018-07-10
affects: charm-gnocchi → charm-glance
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers