tripleo

in tripleo queens, ceph-ansible admin_secret seems to be different from the one found in client.ceph.admin.keyring

Bug #1878014 reported by Giulio Fidente on 2020-05-11

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	tripleo	Fix Released	High	Giulio Fidente	tripleo ussuri-rc3 "tripleo ussuri-rc3"

Bug Description

ceph-ansible will generate a random secret for client.admin when none is given but does not support replacing the client.admin secret

considering we have in the field osp13 deployments with client.admin secret created by ceph-ansible which we can't replace on upgrade, the less impactful solution to this issue seems to be to drop support for CephAdminKey

Tags:

Giulio Fidente (gfidente) on 2020-05-11

tags:

added: rocky-backport-potential stein-backport-potential train-backport-potential

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2020-05-11: Fix proposed to tripleo-heat-templates (master)

Fix proposed to branch: master
Review: https://review.opendev.org/726875

Changed in tripleo:
assignee:	nobody → Giulio Fidente (gfidente)
status:	Triaged → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2020-05-11: Related fix proposed to tripleo-common (master)

Related fix proposed to branch: master
Review: https://review.opendev.org/726876

wes hayutin (weshayutin) on 2020-05-11

Changed in tripleo:
milestone:	ussuri-rc1 → ussuri-rc3

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2020-05-21: Fix merged to tripleo-heat-templates (master)

Reviewed: https://review.opendev.org/726875
Committed: https://git.openstack.org/cgit/openstack/tripleo-heat-templates/commit/?id=18274de03acadcf1ed7cf51226c24ce7b3829bb4
Submitter: Zuul
Branch: master

commit 18274de03acadcf1ed7cf51226c24ce7b3829bb4
Author: Giulio Fidente <email address hidden>
Date: Mon May 11 16:48:30 2020 +0200

Remove Ceph{Admin,Mon,Mds}Key parameters

ceph-ansible does not support replacing these secrets for existing
clusters and it generates them randomly if unset

    customizing the secret for fresh deployments is possible but causes
    issues on upgrade to train for pre-existing deployments on queens
    where it was generated randomly

    this submission removes support for the parameters which allow for
    customization of the secret, letting ceph-ansible create one and
    reuse the existing one on upgrade

Change-Id: If77935345de70ae261b091b8bf49b997dc71a781
Closes-Bug: 1878014

Changed in tripleo:
status:	In Progress → Fix Released

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2020-05-21: Related fix merged to tripleo-common (master)

Reviewed: https://review.opendev.org/726876
Committed: https://git.openstack.org/cgit/openstack/tripleo-common/commit/?id=c3b4705161cb74169ef8fa9ec5796d8a6c7c0f16
Submitter: Zuul
Branch: master

commit c3b4705161cb74169ef8fa9ec5796d8a6c7c0f16
Author: Giulio Fidente <email address hidden>
Date: Mon May 11 16:53:24 2020 +0200

Remove unnecessary Ceph{Admin,Mon,Mds}Key constants

these are not necessary because ceph-ansible will generate them
randomly and completely ignored in recent versions of the templates

    Change-Id: I2441d293c56775a723ae5979596d9e70ec1a4182
    Depends-On: If77935345de70ae261b091b8bf49b997dc71a781
    Related-Bug: 1878014

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2020-05-21: Fix proposed to tripleo-heat-templates (stable/train)

Fix proposed to branch: stable/train
Review: https://review.opendev.org/730077

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2020-05-21: Related fix proposed to tripleo-common (stable/train)

Related fix proposed to branch: stable/train
Review: https://review.opendev.org/730078

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2020-05-27: Fix proposed to tripleo-heat-templates (stable/ussuri)

Fix proposed to branch: stable/ussuri
Review: https://review.opendev.org/731051

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2020-05-27: Related fix proposed to tripleo-common (stable/ussuri)

Related fix proposed to branch: stable/ussuri
Review: https://review.opendev.org/731052

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2020-05-29: Fix merged to tripleo-heat-templates (stable/train)

Reviewed: https://review.opendev.org/730077
Committed: https://git.openstack.org/cgit/openstack/tripleo-heat-templates/commit/?id=695d96e49c2c44f282fdb432df2b6d22789bb65c
Submitter: Zuul
Branch: stable/train

commit 695d96e49c2c44f282fdb432df2b6d22789bb65c
Author: Giulio Fidente <email address hidden>
Date: Mon May 11 16:48:30 2020 +0200

Remove Ceph{Admin,Mon,Mds}Key parameters

ceph-ansible does not support replacing these secrets for existing
clusters and it generates them randomly if unset

    customizing the secret for fresh deployments is possible but causes
    issues on upgrade to train for pre-existing deployments on queens
    where it was generated randomly

    this submission removes support for the parameters which allow for
    customization of the secret, letting ceph-ansible create one and
    reuse the existing one on upgrade

    Change-Id: If77935345de70ae261b091b8bf49b997dc71a781
    Closes-Bug: 1878014
    (cherry picked from commit 18274de03acadcf1ed7cf51226c24ce7b3829bb4)

tags:

added: in-stable-train

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2020-06-08: Fix merged to tripleo-heat-templates (stable/ussuri)

#10

Reviewed: https://review.opendev.org/731051
Committed: https://git.openstack.org/cgit/openstack/tripleo-heat-templates/commit/?id=213bb268092e03d9d9f2a5d1e2be1285665c2016
Submitter: Zuul
Branch: stable/ussuri

commit 213bb268092e03d9d9f2a5d1e2be1285665c2016
Author: Giulio Fidente <email address hidden>
Date: Mon May 11 16:48:30 2020 +0200

Remove Ceph{Admin,Mon,Mds}Key parameters

ceph-ansible does not support replacing these secrets for existing
clusters and it generates them randomly if unset

    customizing the secret for fresh deployments is possible but causes
    issues on upgrade to train for pre-existing deployments on queens
    where it was generated randomly

    this submission removes support for the parameters which allow for
    customization of the secret, letting ceph-ansible create one and
    reuse the existing one on upgrade

    Change-Id: If77935345de70ae261b091b8bf49b997dc71a781
    Closes-Bug: 1878014
    (cherry picked from commit 18274de03acadcf1ed7cf51226c24ce7b3829bb4)

tags:

added: in-stable-ussuri

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2020-06-08: Related fix merged to tripleo-common (stable/ussuri)

#11

Reviewed: https://review.opendev.org/731052
Committed: https://git.openstack.org/cgit/openstack/tripleo-common/commit/?id=dbc2a37edf8a6c3605c01c97fdfbaba0a33ac8d5
Submitter: Zuul
Branch: stable/ussuri

commit dbc2a37edf8a6c3605c01c97fdfbaba0a33ac8d5
Author: Giulio Fidente <email address hidden>
Date: Mon May 11 16:53:24 2020 +0200

Remove unnecessary Ceph{Admin,Mon,Mds}Key constants

these are not necessary because ceph-ansible will generate them
randomly and completely ignored in recent versions of the templates

    Change-Id: I2441d293c56775a723ae5979596d9e70ec1a4182
    Depends-On: If77935345de70ae261b091b8bf49b997dc71a781
    Related-Bug: 1878014
    (cherry picked from commit c3b4705161cb74169ef8fa9ec5796d8a6c7c0f16)