commit 186d7f4e4cd1b931918bbb375f62b4fb9d48375e
Author: John Fulton <email address hidden>
Date: Mon Jun 27 14:45:35 2022 -0400
Limit standalone ceph-admin user creation to a single host
When 'openstack overcloud ceph user enable --standalone' is
run, call Ansible with '--limit undercloud'.
Bug #1979093 happened because Ansible was running the user
module on the same host as if it were two hosts. The module
is idempotent but not race safe. E.g. when user execution A
and user execution B are run on the same host, A's check that
the user does not exist might be true but before A goes on to
create the user, B could have created it first depending on
scheduling.
The python-tripleoclient uses Ansible --limit when creating
the ceph-admin user so only _admin nodes get the private key.
This works for multinode but standalone only has one node, so
for that condition redefine the limit list to that single node.
Change-Id: I2f62cdfcb88edb5552cbd7351b6240f78376c93d
Closes-Bug: #1979093
(cherry picked from commit 5ee23cf83def70b541858958659dc33a6bb5b0b6)
Reviewed: https:/ /review. opendev. org/c/openstack /python- tripleoclient/ +/847980 /opendev. org/openstack/ python- tripleoclient/ commit/ 186d7f4e4cd1b93 1918bbb375f62b4 fb9d48375e
Committed: https:/
Submitter: "Zuul (22348)"
Branch: stable/wallaby
commit 186d7f4e4cd1b93 1918bbb375f62b4 fb9d48375e
Author: John Fulton <email address hidden>
Date: Mon Jun 27 14:45:35 2022 -0400
Limit standalone ceph-admin user creation to a single host
When 'openstack overcloud ceph user enable --standalone' is
run, call Ansible with '--limit undercloud'.
Bug #1979093 happened because Ansible was running the user
module on the same host as if it were two hosts. The module
is idempotent but not race safe. E.g. when user execution A
and user execution B are run on the same host, A's check that
the user does not exist might be true but before A goes on to
create the user, B could have created it first depending on
scheduling.
The python- tripleoclient uses Ansible --limit when creating
the ceph-admin user so only _admin nodes get the private key.
This works for multinode but standalone only has one node, so
for that condition redefine the limit list to that single node.
Change-Id: I2f62cdfcb88edb 5552cbd7351b624 0f78376c93d 541858958659dc3 3a6bb5b0b6)
Closes-Bug: #1979093
(cherry picked from commit 5ee23cf83def70b