Comment 17 for bug 1928690

Revision history for this message
Albert Braden (ozzzo) wrote :

In the nova_libvirt container I see 4 files in /etc/libvirt/secrets/:

(nova-libvirt)[root@chrnc-void-testupgrade-compute-0-replace /]# ls -lA /etc/libvirt/secrets
total 16
-rw-------. 1 root root 40 Jun 3 18:09 a51d6c3c-748e-475c-a51e-113b4917e0d1.base64
-rw-------. 1 root root 168 Jun 3 18:09 a51d6c3c-748e-475c-a51e-113b4917e0d1.xml
-rw-------. 1 root root 40 Jun 3 18:09 cf960909-3df5-4856-8ba5-486711b134f5.base64
-rw-------. 1 root root 170 Jun 3 18:09 cf960909-3df5-4856-8ba5-486711b134f5.xml

The first 2 are for nova; the second 2 are for cinder. The cinder key matches ceph.client.cinder.keyring:

(nova-libvirt)[root@chrnc-void-testupgrade-compute-0-replace secrets]# cat a51d6c3c-748e-475c-a51e-113b4917e0d1.base64;echo
AQCnarZgAAAAABAA/fprRD3z8dRzTgi7jtDeYA==

The nova key does not match ceph.client.nova.keyring; it is the same as the cinder key:

(nova-libvirt)[root@chrnc-void-testupgrade-compute-0-replace secrets]# cat a51d6c3c-748e-475c-a51e-113b4917e0d1.base64;echo
AQCnarZgAAAAABAA/fprRD3z8dRzTgi7jtDeYA==

So, it looks like my initial configuration of separate keys for cinder and nova is breaking at least 2 things during the upgrade. Is this an incorrect initial configuration? Do I need to change the keys before the upgrade?