kolla-ansible

  1. Bug #1928690
  2. Comment #8

Comment 8 for bug 1928690

Revision history for this message
Albert Braden (ozzzo) wrote :

Ansible appears to be copying the nova key to all 3 computes:

TASK [nova-cell : Check nova keyring file] **************************************************************************************************************************************************************************************************
ok: [192.168.0.51]

TASK [nova-cell : Check cinder keyring file] ************************************************************************************************************************************************************************************************
ok: [192.168.0.51]

TASK [nova-cell : Copy over ceph nova keyring file] *****************************************************************************************************************************************************************************************
ok: [192.168.0.51] => (item=nova-compute)
ok: [192.168.0.52] => (item=nova-compute)
ok: [192.168.0.53] => (item=nova-compute)

TASK [nova-cell : Copy over ceph cinder keyring file] ***************************************************************************************************************************************************************************************
ok: [192.168.0.51] => (item=nova-compute)
ok: [192.168.0.52] => (item=nova-compute)
ok: [192.168.0.53] => (item=nova-compute)

This is the ansible code in /opt/openstack/share/kolla-ansible/ansible/roles/nova-cell/tasks/external_ceph.yml

- name: Check nova keyring file
  stat:
    path: "{{ node_custom_config }}/nova/{{ ceph_nova_keyring }}"
  delegate_to: localhost
  run_once: True
  register: nova_cephx_keyring_file
  failed_when: not nova_cephx_keyring_file.stat.exists
  when:
    - nova_backend == "rbd"
    - external_ceph_cephx_enabled | bool

- name: Check cinder keyring file
  stat:
    path: "{{ node_custom_config }}/nova/{{ ceph_cinder_keyring }}"
  delegate_to: localhost
  run_once: True
  register: cinder_cephx_keyring_file
  failed_when: not cinder_cephx_keyring_file.stat.exists
  when:
    - cinder_backend_ceph | bool
    - external_ceph_cephx_enabled | bool

- name: Copy over ceph nova keyring file
  copy:
    src: "{{ nova_cephx_keyring_file.stat.path }}"
    dest: "{{ node_config_directory }}/{{ item }}/"
    mode: "0660"
  become: true
  with_items:
    - nova-compute
  when:
    - inventory_hostname in groups[nova_cell_compute_group]
    - nova_backend == "rbd"
    - external_ceph_cephx_enabled | bool
  notify:
    - Restart {{ item }} container

Variables:
share/kolla-ansible/ansible/group_vars/all.yml:node_custom_config: "/etc/kolla/config"
share/kolla-ansible/ansible/group_vars/all.yml:ceph_nova_keyring: "{{ ceph_cinder_keyring }}"
share/kolla-ansible/ansible/group_vars/all.yml:ceph_cinder_keyring: "ceph.client.cinder.keyring"
share/kolla-ansible/ansible/group_vars/all.yml:node_config_directory: "/etc/kolla"

So it looks like it is copying from /etc/kolla/config/nova/ceph.client.cinder.keyring to /etc/kolla/nova-compute/

If I look on the hypervisor I see both keyrings in the correct place:
[root@chrnc-area51-os-compute-01 nova-compute]# ll /etc/kolla/nova-compute/
total 20
-rw-rw----. 1 root root 176 May 24 18:47 ceph.client.cinder.keyring
-rw-rw----. 1 root root 123 May 24 18:47 ceph.client.nova.keyring
-rw-rw----. 1 root root 383 May 24 18:47 ceph.conf
-rw-rw----. 1 root root 1127 May 28 14:00 config.json
-rw-rw----. 1 root root 2942 May 28 14:30 nova.conf

So it looks like the failure occurs when the container is built. Where should I look to find out why the nova key isn't getting copied into the nova_compute container?