puppet-nova

virsh rbd secret uuid is not set properly

Bug #1425601 reported by Mtl Alow on 2015-02-25

This bug affects 2 people

Affects		Status	Importance	Assigned to	Milestone
	puppet-nova	Fix Released	Undecided	Giulio Fidente

Bug Description

Hello there,

While setting up Nova Compute + RBD, we have to provide the libvirt_rbd_secret_uuid value.
This value has to be defined in nova.conf, and then a virsh secret has to be created and the virsh value for this secret has to be set.

The first two steps works well but the last step is never executed. Why ? That is quite simple.
The 3rd step is defined in rbd.pp, lines 78 to 82:

    exec { 'set-secret-value virsh':
      command => "/usr/bin/virsh secret-set-value --secret $(cat /etc/nova/virsh.secret) --base64 $(ceph auth get-key ${rbd_keyring})",
      unless => "/usr/bin/virsh secret-list | grep ${libvirt_rbd_secret_uuid}",
      require => Exec['get-or-set virsh secret']
    }

We can see that Puppet will set the value, unless the secret-list returns our secret. And it will Always return something, because the step 2 created it. The appropriate unless command should instead verify if a value has been set to this secret :

    exec { 'set-secret-value virsh':
      command => "/usr/bin/virsh secret-set-value --secret $(cat /etc/nova/virsh.secret) --base64 $(ceph auth get-key ${rbd_keyring})",
      unless => "/usr/bin/virsh secret-get-value ${libvirt_rbd_secret_uuid} | grep $(ceph auth get-key ${rbd_keyring})",
      require => Exec['get-or-set virsh secret']
    }

Tags:

Revision history for this message

Mtl Alow (mtl-alow-deactivatedaccount) wrote on 2015-02-25:

nova_rbd_set_secret_value_virsh.patch Edit (646 bytes, text/plain)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-03-04: Fix proposed to puppet-nova (master)

Fix proposed to branch: master
Review: https://review.openstack.org/161122

Changed in puppet-nova:
assignee:	nobody → Arnaud Morin (arnaud-morin)
status:	New → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-03-05: Change abandoned on puppet-nova (master)

Change abandoned by Arnaud Morin (<email address hidden>) on branch: master
Review: https://review.openstack.org/161122
Reason: duplicate of https://review.openstack.org/#/c/158597/

Revision history for this message

Giulio Fidente (gfidente) wrote on 2015-03-30:

Proposed patch seems stalled, I've submitted https://review.openstack.org/#/c/168919 which only fixes actual issue without trying to change its behaviour.

Changed in puppet-nova:
assignee:	Arnaud Morin (arnaud-morin) → Giulio Fidente (gfidente)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-03-31: Fix merged to puppet-nova (master)

Reviewed: https://review.openstack.org/168919
Committed: https://git.openstack.org/cgit/stackforge/puppet-nova/commit/?id=c44f7f023fb80cac0bda52a038cb2f8d33ac4e8e
Submitter: Jenkins
Branch: master

commit c44f7f023fb80cac0bda52a038cb2f8d33ac4e8e
Author: Giulio Fidente <email address hidden>
Date: Mon Mar 30 15:59:55 2015 +0200

Fix behaviour of 'set-secret-value virsh' exec

    Aims at fixing two issues: we had an unless clause which was only
    checking if the secret was already defined, not if the value for
    the secret was set; when providing the value for the secret, we
    were mistakenly referring to the secret by its XML dump instead of
    its UUID.

Change-Id: I513599735e974c07a6a0e46fd319930740f259cc
Closes-Bug: #1425601

Changed in puppet-nova:
status:	In Progress → Fix Committed

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-05-04: Fix proposed to puppet-nova (stable/juno)

Fix proposed to branch: stable/juno
Review: https://review.openstack.org/179678

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-05-04: Fix proposed to puppet-nova (stable/icehouse)

Fix proposed to branch: stable/icehouse
Review: https://review.openstack.org/179680

Giulio Fidente (gfidente) on 2015-05-18

Changed in puppet-nova:
status:	Fix Committed → Fix Released

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-05-19: Fix merged to puppet-nova (stable/icehouse)

Reviewed: https://review.openstack.org/179680
Committed: https://git.openstack.org/cgit/stackforge/puppet-nova/commit/?id=a5ec2023fe72ba6cfce96c1c2ad7b35d2a691115
Submitter: Jenkins
Branch: stable/icehouse

commit a5ec2023fe72ba6cfce96c1c2ad7b35d2a691115
Author: Giulio Fidente <email address hidden>
Date: Mon Mar 30 15:59:55 2015 +0200

Fix behaviour of 'set-secret-value virsh' exec

    Change-Id: I513599735e974c07a6a0e46fd319930740f259cc
    Closes-Bug: #1425601
    (cherry picked from commit c44f7f023fb80cac0bda52a038cb2f8d33ac4e8e)

tags:	added: in-stable-icehouse
tags:	added: in-stable-juno

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-05-19: Fix merged to puppet-nova (stable/juno)

#10

Reviewed: https://review.openstack.org/179678
Committed: https://git.openstack.org/cgit/stackforge/puppet-nova/commit/?id=e52dc44a2bdad3ebc9baba8c75ae087a19b6ed68
Submitter: Jenkins
Branch: stable/juno

commit e52dc44a2bdad3ebc9baba8c75ae087a19b6ed68
Author: Giulio Fidente <email address hidden>
Date: Mon Mar 30 15:59:55 2015 +0200

Fix behaviour of 'set-secret-value virsh' exec

    Change-Id: I513599735e974c07a6a0e46fd319930740f259cc
    Closes-Bug: #1425601
    (cherry picked from commit c44f7f023fb80cac0bda52a038cb2f8d33ac4e8e)

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Patches

nova_rbd_set_secret_value_virsh.patch Edit

Add patch

Remote bug watches

Bug watches keep track of this bug in other bug trackers.