Bug 1122742 - [RFE] OSP deployer needs an ability to automatically extract keyring file from Ceph cluster (node) and populate controller and compute nodes
Summary: [RFE] OSP deployer needs an ability to automatically extract keyring file fro...
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: rhel-osp-installer
Version: 5.0 (RHEL 6)
Hardware: x86_64
OS: Linux
Target Milestone: z1
: Installer
Assignee: Mike Burns
QA Contact: nlevinki
URL: https://trello.com/c/ZYG3LkRM
Whiteboard: MVP
Depends On:
Blocks: 1108193
TreeView+ depends on / blocked
Reported: 2014-07-24 00:34 UTC by arkady kanevsky
Modified: 2016-04-26 18:23 UTC (History)
14 users (show)

Fixed In Version: ruby193-rubygem-staypuft-0.3.4-2.el6ost
Doc Type: Enhancement
Doc Text:
As part of the integration of Ceph into the RHEL OpenStack Platform installer, the installer can now generate and update Ceph configuration on controller and compute nodes. The keyring is generated in the installer and distributed out to the controller and compute nodes.
Clone Of: 1122741
Last Closed: 2014-10-01 13:25:28 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2014:1350 0 normal SHIPPED_LIVE Red Hat Enterprise Linux OpenStack Platform Bug Fix Advisory 2014-10-01 17:22:34 UTC

Description arkady kanevsky 2014-07-24 00:34:48 UTC
+++ This bug was initially created as a clone of Bug #1122741 +++

Description of problem:
Assumption: Ceph is deployed before OpenStack is deployed (or at least cinder/glance/nova are configured)
(Nova is needed for use of Ceph for ephemeral storage for live migration - lower priority)

OSP deployer need to extract keyring file of Ceph cluster (from any of its nodes) and install on all nodes where cinder and glance will be installed. (Nova is stretch goal for GA but will be required later to support live migration and/or ephemeral storage).

For a short term solution, it may be possible to achieve it with ICE writing keyring file in agreed to location on admin node where OSP Foreman/Staypuft are installed.

A separate bug will be filed for automatically update cinder/glance/nova nodes everytime Ceph keyring is modified, e.g. Ceph node failure, Ceph cluster node addition, removal, and or replacement.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:

Actual results:

Expected results:

Additional info:

--- Additional comment from arkady kanevsky on 2014-07-23 20:33:39 EDT ---

This functionality is need for solution GA

Comment 2 Neil Levine 2014-07-24 02:47:28 UTC
The ceph-deploy script (provided as part of the ICE Installer) can place a copy of the ceph.conf and keyring on any host it has SSH access to. As these file's locations are usually well defined, the cinder & glance config files can point to them (in their own respective config files) before they are even installed.

When the MONs are cohosted on the RHEL-OSP controllers, then when ceph-deploy installs the MON software, it will *also* install the ceph.conf and keyring too, so for this initial configuration, the step requested in this BZ is redudant. 

However, it is needed to push the config files to any other hosts such as compute hosts or any additional hosts that may be added to the system.

Comment 3 Mike Burns 2014-07-25 13:36:10 UTC
The RHEL-OSP installer currently runs only on RHEL 6.  Changes made on RHEL 6 will apply to RHEL-OSP deployments on both RHEL 6 and RHEL 7.  Closing this bug as a duplicate since we only need to track it in 1 place.

*** This bug has been marked as a duplicate of bug 1122741 ***

Comment 8 nlevinki 2014-09-26 18:49:29 UTC
I configured staypuf  deployment with ceph for glance and cinder.
I installed one controller, one neutron, one compute.
On the controller and compute the installer created a directory /etc/ceph.
in the directory we have the keyring files the installer created.
[root@maca25400702875 ceph]# ls -la
total 28
drwxr-xr-x.   2 root root  102 Sep 26 13:14 .
drwxr-xr-x. 103 root root 8192 Sep 26 13:22 ..
-rw-r--r--.   1 root root  182 Sep 26 13:09 ceph.client.images.keyring
-rw-r--r--.   1 root root  184 Sep 26 13:09 ceph.client.volumes.keyring
-rw-r--r--.   1 root root  432 Sep 26 13:09 ceph.conf
-rwxr-xr-x.   1 root root   92 Aug 25 10:51 rbdmap

Right now we don't have the ability to copy the keyring files from an existing ceph storage, but we have the infra where to put them as this ticket says.

Comment 9 Keith Schincke 2014-09-26 19:02:27 UTC
Have you looked at extracting the keys from the ceph environment and populating the destination via a template?

The existing key for client.images can be extracted from a Ceph node with admin rights with the command:
ceph get-or-create client.images

The full keyring can be extracted with:
ceph get client.images

The output of these commands can be added as the content to the needed keyrings. 

I do not know if there is an library API to obtain the same information.

Comment 11 errata-xmlrpc 2014-10-01 13:25:28 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.