In the nova_libvirt container I see 4 files in /etc/libvirt/secrets/:
(nova-libvirt)[root@chrnc-void-testupgrade-compute-0-replace /]# ls -lA /etc/libvirt/secrets total 16 -rw-------. 1 root root 40 Jun 3 18:09 a51d6c3c-748e-475c-a51e-113b4917e0d1.base64 -rw-------. 1 root root 168 Jun 3 18:09 a51d6c3c-748e-475c-a51e-113b4917e0d1.xml -rw-------. 1 root root 40 Jun 3 18:09 cf960909-3df5-4856-8ba5-486711b134f5.base64 -rw-------. 1 root root 170 Jun 3 18:09 cf960909-3df5-4856-8ba5-486711b134f5.xml
The first 2 are for nova; the second 2 are for cinder. The cinder key matches ceph.client.cinder.keyring:
(nova-libvirt)[root@chrnc-void-testupgrade-compute-0-replace secrets]# cat a51d6c3c-748e-475c-a51e-113b4917e0d1.base64;echo AQCnarZgAAAAABAA/fprRD3z8dRzTgi7jtDeYA==
The nova key does not match ceph.client.nova.keyring; it is the same as the cinder key:
So, it looks like my initial configuration of separate keys for cinder and nova is breaking at least 2 things during the upgrade. Is this an incorrect initial configuration? Do I need to change the keys before the upgrade?
In the nova_libvirt container I see 4 files in /etc/libvirt/ secrets/ :
(nova-libvirt) [root@chrnc- void-testupgrad e-compute- 0-replace /]# ls -lA /etc/libvirt/ secrets 748e-475c- a51e-113b4917e0 d1.base64 748e-475c- a51e-113b4917e0 d1.xml 3df5-4856- 8ba5-486711b134 f5.base64 3df5-4856- 8ba5-486711b134 f5.xml
total 16
-rw-------. 1 root root 40 Jun 3 18:09 a51d6c3c-
-rw-------. 1 root root 168 Jun 3 18:09 a51d6c3c-
-rw-------. 1 root root 40 Jun 3 18:09 cf960909-
-rw-------. 1 root root 170 Jun 3 18:09 cf960909-
The first 2 are for nova; the second 2 are for cinder. The cinder key matches ceph.client. cinder. keyring:
(nova-libvirt) [root@chrnc- void-testupgrad e-compute- 0-replace secrets]# cat a51d6c3c- 748e-475c- a51e-113b4917e0 d1.base64; echo A/fprRD3z8dRzTg i7jtDeYA= =
AQCnarZgAAAAABA
The nova key does not match ceph.client. nova.keyring; it is the same as the cinder key:
(nova-libvirt) [root@chrnc- void-testupgrad e-compute- 0-replace secrets]# cat a51d6c3c- 748e-475c- a51e-113b4917e0 d1.base64; echo A/fprRD3z8dRzTg i7jtDeYA= =
AQCnarZgAAAAABA
So, it looks like my initial configuration of separate keys for cinder and nova is breaking at least 2 things during the upgrade. Is this an incorrect initial configuration? Do I need to change the keys before the upgrade?