OpenStack Compute (nova)

  1. Series queens
  2. Bug #1821696
  3. Comment #25

Comment 25 for bug 1821696

Revision history for this message
Magnus Lööf (magnus-loof) wrote :

Sure can! Not for a few days, though. I am away on a business trip.

When I was analysing Kolla Ansible, I came across this config:

https://github.com/openstack/kolla-ansible/blob/stable/rocky/ansible/roles/nova/templates/nova-libvirt.json.j2

As I understand that configuration and the code @ https://github.com/openstack/kolla/blob/stable/rocky/docker/base/set_configs.py :

- The contents of /etc/libvirt/secrets will be cleared on each restart, since `merge` is not specified, and the host content of `"{{ container_config_directory }}/secrets"` will be copied in place. This directory contains the secrets for accessing ceph but not the instance-specific secrets.

could a more elegant solution be to just modify the template with `merge: true`? I might be misunderstanding things in relation to how the configuration is copied, but just an idea.

I believe that it is correct for Nova to *not* assume that the ceph secrets are in place, so I like the patch in Nova above.