So it looks like it is copying from /etc/kolla/config/nova/ceph.client.cinder.keyring to /etc/kolla/nova-compute/
If I look on the hypervisor I see both keyrings in the correct place:
[root@chrnc-area51-os-compute-01 nova-compute]# ll /etc/kolla/nova-compute/
total 20
-rw-rw----. 1 root root 176 May 24 18:47 ceph.client.cinder.keyring
-rw-rw----. 1 root root 123 May 24 18:47 ceph.client.nova.keyring
-rw-rw----. 1 root root 383 May 24 18:47 ceph.conf
-rw-rw----. 1 root root 1127 May 28 14:00 config.json
-rw-rw----. 1 root root 2942 May 28 14:30 nova.conf
So it looks like the failure occurs when the container is built. Where should I look to find out why the nova key isn't getting copied into the nova_compute container?
Ansible appears to be copying the nova key to all 3 computes:
TASK [nova-cell : Check nova keyring file] ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* *****
ok: [192.168.0.51]
TASK [nova-cell : Check cinder keyring file] ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ***
ok: [192.168.0.51]
TASK [nova-cell : Copy over ceph nova keyring file] ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ***
ok: [192.168.0.51] => (item=nova-compute)
ok: [192.168.0.52] => (item=nova-compute)
ok: [192.168.0.53] => (item=nova-compute)
TASK [nova-cell : Copy over ceph cinder keyring file] ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* *
ok: [192.168.0.51] => (item=nova-compute)
ok: [192.168.0.52] => (item=nova-compute)
ok: [192.168.0.53] => (item=nova-compute)
This is the ansible code in /opt/openstack/ share/kolla- ansible/ ansible/ roles/nova- cell/tasks/ external_ ceph.yml
- name: Check nova keyring file keyring_ file keyring_ file.stat. exists ceph_cephx_ enabled | bool
stat:
path: "{{ node_custom_config }}/nova/{{ ceph_nova_keyring }}"
delegate_to: localhost
run_once: True
register: nova_cephx_
failed_when: not nova_cephx_
when:
- nova_backend == "rbd"
- external_
- name: Check cinder keyring file cephx_keyring_ file cephx_keyring_ file.stat. exists ceph_cephx_ enabled | bool
stat:
path: "{{ node_custom_config }}/nova/{{ ceph_cinder_keyring }}"
delegate_to: localhost
run_once: True
register: cinder_
failed_when: not cinder_
when:
- cinder_backend_ceph | bool
- external_
- name: Copy over ceph nova keyring file keyring_ file.stat. path }}" directory }}/{{ item }}/" nova_cell_ compute_ group] ceph_cephx_ enabled | bool
copy:
src: "{{ nova_cephx_
dest: "{{ node_config_
mode: "0660"
become: true
with_items:
- nova-compute
when:
- inventory_hostname in groups[
- nova_backend == "rbd"
- external_
notify:
- Restart {{ item }} container
Variables: ansible/ ansible/ group_vars/ all.yml: node_custom_ config: "/etc/kolla/config" ansible/ ansible/ group_vars/ all.yml: ceph_nova_ keyring: "{{ ceph_cinder_keyring }}" ansible/ ansible/ group_vars/ all.yml: ceph_cinder_ keyring: "ceph.client. cinder. keyring" ansible/ ansible/ group_vars/ all.yml: node_config_ directory: "/etc/kolla"
share/kolla-
share/kolla-
share/kolla-
share/kolla-
So it looks like it is copying from /etc/kolla/ config/ nova/ceph. client. cinder. keyring to /etc/kolla/ nova-compute/
If I look on the hypervisor I see both keyrings in the correct place: area51- os-compute- 01 nova-compute]# ll /etc/kolla/ nova-compute/ cinder. keyring nova.keyring
[root@chrnc-
total 20
-rw-rw----. 1 root root 176 May 24 18:47 ceph.client.
-rw-rw----. 1 root root 123 May 24 18:47 ceph.client.
-rw-rw----. 1 root root 383 May 24 18:47 ceph.conf
-rw-rw----. 1 root root 1127 May 28 14:00 config.json
-rw-rw----. 1 root root 2942 May 28 14:30 nova.conf
So it looks like the failure occurs when the container is built. Where should I look to find out why the nova key isn't getting copied into the nova_compute container?