From c3f9ba835b1da740c9f3056dbda20a7072467757 Mon Sep 17 00:00:00 2001
From: Mark Goddard <mark@stackhpc.com>
Date: Wed, 30 Jun 2021 09:30:54 +0100
Subject: [PATCH] nova: Use cinder user for Ceph
In Ussuri, nova stopped using separate Ceph keys for the volumes and vms
pools by default. Instead, we set ceph_nova_keyring to the value of
ceph_cinder_keyring by default, which is ceph.client.cinder.keyring.
This is in line with the Ceph OpenStack integration guide [1]. However,
the user used by nova to access the vms pool (ceph_nova_user) defaults
to nova, meaning that nova will still try to use a
ceph.client.nova.keyring, which probably does not exist. We did not see
this issue in CI, because we set ceph_nova_user to cinder.
This change fixes the issue by setting ceph_nova_user to the value of
ceph_cinder_user by default, which is cinder.
Closes-Bug: #1934145
Related-Bug: #1928690
[1] https://docs.ceph.com/en/latest/rbd/rbd-openstack/
Change-Id: I6aa8db2214e07906f1f3e035411fc80ba911a274
---
ansible/group_vars/all.yml | 2 +-
.../reference/storage/external-ceph-guide.rst | 13 ++++++-------
.../notes/nova-ceph-user-53670f9ccc546225.yaml | 16 ++++++++++++++++
3 files changed, 23 insertions(+), 8 deletions(-)
create mode 100644 releasenotes/notes/nova-ceph-user-53670f9ccc546225.yaml
diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml
index 393dce76be..a81d907a85 100644
--- a/ansible/group_vars/all.yml
+++ b/ansible/group_vars/all.yml
@@ -1045,7 +1045,7 @@ ceph_cinder_user: "cinder"
ceph_glance_user: "glance"
ceph_gnocchi_user: "gnocchi"
ceph_manila_user: "manila"
-ceph_nova_user: "nova"
+ceph_nova_user: "{{ ceph_cinder_user }}"
# External Ceph keyrings
ceph_cinder_keyring: "ceph.client.cinder.keyring"
diff --git a/doc/source/reference/storage/external-ceph-guide.rst b/doc/source/reference/storage/external-ceph-guide.rst
index d4b9477137..87e085856e 100644
--- a/doc/source/reference/storage/external-ceph-guide.rst
+++ b/doc/source/reference/storage/external-ceph-guide.rst
@@ -144,20 +144,19 @@ Configuring Nova for Ceph includes following steps:
* ``ceph_nova_keyring`` (by default it's the same as
``ceph_cinder_keyring``)
- * ``ceph_nova_user`` (default: ``nova``)
+ * ``ceph_nova_user`` (by default it's the same as ``ceph_cinder_user``)
* ``ceph_nova_pool_name`` (default: ``vms``)
#. Copy Ceph configuration file to ``/etc/kolla/config/nova/ceph.conf``
#. Copy Ceph keyring file(s) to:
- * ``/etc/kolla/config/nova/<ceph_nova_keyring>`` (if your Ceph deployment
- created one)
+ * ``/etc/kolla/config/nova/<ceph_nova_keyring>``
- .. warning::
+ .. note::
- If you are using ceph-ansible or another deployment tool that doesn't
- create separate key for Nova just copy the Cinder key and configure
- ``ceph_nova_user`` to the same value as ``ceph_cinder_user``.
+ If you are using a Ceph deployment tool that generates separate Ceph
+ keys for Cinder and Nova, you will need to override
+ ``ceph_nova_keyring`` and ``ceph_nova_user`` to match.
Gnocchi
-------
diff --git a/releasenotes/notes/nova-ceph-user-53670f9ccc546225.yaml b/releasenotes/notes/nova-ceph-user-53670f9ccc546225.yaml
new file mode 100644
index 0000000000..9e41c438bf
--- /dev/null
+++ b/releasenotes/notes/nova-ceph-user-53670f9ccc546225.yaml
@@ -0,0 +1,16 @@
+---
+fixes:
+ - |
+ Fixes an issue with default Nova configuration for Ceph where the RBD user
+ is set to ``nova``, but only a ``cinder`` keyring is copied. The default
+ value of ``ceph_nova_user`` is changed to the value of
+ ``ceph_cinder_user``, in line with the default for ``ceph_nova_keyring``.
+ `LP#1934145 <https://bugs.launchpad.net/kolla-ansible/+bug/1934145>`__
+upgrade:
+ - |
+ Modifies the default value of ``ceph_nova_user`` from ``nova`` to
+ the value of ``ceph_cinder_user``, in line with the default for
+ ``ceph_nova_keyring``. Users who have overridden ``ceph_nova_keyring`` to
+ use separate keyrings for Nova and Cinder should also override
+ ``ceph_nova_user`` to match the Nova keyring. `LP#1934145
+ <https://bugs.launchpad.net/kolla-ansible/+bug/1934145>`__
--
GitLab