+++ This bug was initially created as a clone of Bug #1122741 +++
Description of problem:
Assumption: Ceph is deployed before OpenStack is deployed (or at least cinder/glance/nova are configured)
(Nova is needed for use of Ceph for ephemeral storage for live migration - lower priority)
OSP deployer need to extract keyring file of Ceph cluster (from any of its nodes) and install on all nodes where cinder and glance will be installed. (Nova is stretch goal for GA but will be required later to support live migration and/or ephemeral storage).
For a short term solution, it may be possible to achieve it with ICE writing keyring file in agreed to location on admin node where OSP Foreman/Staypuft are installed.
A separate bug will be filed for automatically update cinder/glance/nova nodes everytime Ceph keyring is modified, e.g. Ceph node failure, Ceph cluster node addition, removal, and or replacement.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
--- Additional comment from arkady kanevsky on 2014-07-23 20:33:39 EDT ---
This functionality is need for solution GA
The ceph-deploy script (provided as part of the ICE Installer) can place a copy of the ceph.conf and keyring on any host it has SSH access to. As these file's locations are usually well defined, the cinder & glance config files can point to them (in their own respective config files) before they are even installed.
When the MONs are cohosted on the RHEL-OSP controllers, then when ceph-deploy installs the MON software, it will *also* install the ceph.conf and keyring too, so for this initial configuration, the step requested in this BZ is redudant.
However, it is needed to push the config files to any other hosts such as compute hosts or any additional hosts that may be added to the system.
The RHEL-OSP installer currently runs only on RHEL 6. Changes made on RHEL 6 will apply to RHEL-OSP deployments on both RHEL 6 and RHEL 7. Closing this bug as a duplicate since we only need to track it in 1 place.
*** This bug has been marked as a duplicate of bug 1122741 ***
I configured staypuf deployment with ceph for glance and cinder.
I installed one controller, one neutron, one compute.
On the controller and compute the installer created a directory /etc/ceph.
in the directory we have the keyring files the installer created.
[root@maca25400702875 ceph]# ls -la
drwxr-xr-x. 2 root root 102 Sep 26 13:14 .
drwxr-xr-x. 103 root root 8192 Sep 26 13:22 ..
-rw-r--r--. 1 root root 182 Sep 26 13:09 ceph.client.images.keyring
-rw-r--r--. 1 root root 184 Sep 26 13:09 ceph.client.volumes.keyring
-rw-r--r--. 1 root root 432 Sep 26 13:09 ceph.conf
-rwxr-xr-x. 1 root root 92 Aug 25 10:51 rbdmap
Right now we don't have the ability to copy the keyring files from an existing ceph storage, but we have the infra where to put them as this ticket says.
Have you looked at extracting the keys from the ceph environment and populating the destination via a template?
The existing key for client.images can be extracted from a Ceph node with admin rights with the command:
ceph get-or-create client.images
The full keyring can be extracted with:
ceph get client.images
The output of these commands can be added as the content to the needed keyrings.
I do not know if there is an library API to obtain the same information.
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.