Bug 1588093 – openstack_keys are not copied over to all MONs

Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.

Bug 1588093 - openstack_keys are not copied over to all MONs

Summary:	openstack_keys are not copied over to all MONs

Status:	CLOSED ERRATA

Aliases:	None

Product:	Red Hat Ceph Storage
Classification:	Red Hat
Component:	Ceph-Ansible (Show other bugs)
Sub Component:
Version:	3.1
Hardware:	Unspecified Unspecified

Priority	urgent Severity urgent
Target Milestone:	rc
Target Release:	3.1
Assigned To:	Guillaume Abrioux
QA Contact:	ceph-qe-bugs
Docs Contact:	John Brier

URL:
Whiteboard:
Keywords:	Triaged

Depends On:
Blocks:	1584264 1588092
	Show dependency tree / graph

Reported:	2018-06-06 11:41 EDT by Giulio Fidente
Modified:	2018-09-26 14:23 EDT (History)
CC List:	12 users (show)

See Also:
Fixed In Version:	RHEL: ceph-ansible-3.1.0-0.1.rc8.el7cp Ubuntu: ceph-ansible_3.1.0~rc8-2redhat1
Doc Type:	Bug Fix
Doc Text:	.The OpenStack keys are copied to all Ceph Monitors When {product} was configured with `run_once: true` and `inventory_hostname == groups.get(client_group_name) \| first` it can cause a bug when the only node being run is not the first node in the group. In a deployment with a single client node the keyrings will not be created since the task can be skipped. With this release this situation no longer occurs and all the OpenStack keys are copied to the monitor nodes.
Story Points:	---
Clone Of:	1588092
Environment:
Last Closed:	2018-09-26 14:21:59 EDT
Type:	Bug
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
ansible-playbook log (1.83 MB, text/plain) 2018-06-06 11:52 EDT, Giulio Fidente	no flags	Details
ansible-mistral-actionwCk7RF.tar (420.00 KB, application/x-tar) 2018-06-06 11:56 EDT, Giulio Fidente	no flags	Details
Add an attachment (proposed patch, testcase, etc.)

External Trackers
Tracker	ID	Priority	Status	Summary	Last Updated
Github	ceph/ceph-ansible/pull/2724	None	None	None	2018-06-06 13:18 EDT
Github	ceph/ceph-ansible/pull/2741	None	None	None	2018-06-08 09:36 EDT
Red Hat Product Errata	RHBA-2018:2819	None	None	None	2018-09-26 14:23 EDT

Groups: None (edit)

Description Giulio Fidente 2018-06-06 11:41:38 EDT

openstack_keys are not copied over to all MONs

ceph-0.localdomain
total 20
drwxr-xr-x.   2 ceph ceph   37 Jun  6 13:14 .
drwxr-xr-x. 151 root root 8192 Jun  6 13:31 ..
-rw-r--r--.   1 root root  895 Jun  6 13:14 ceph.conf
-rw-r--r--.   1 root root   92 May  2 22:22 rbdmap
ceph-1.localdomain                                                                                                                                                                                            [0/461]
total 20
drwxr-xr-x.   2 ceph ceph   37 Jun  6 13:14 .
drwxr-xr-x. 151 root root 8192 Jun  6 13:31 ..
-rw-r--r--.   1 root root  895 Jun  6 13:14 ceph.conf
-rw-r--r--.   1 root root   92 May  2 22:22 rbdmap
ceph-2.localdomain
total 20
drwxr-xr-x.   2 ceph ceph   37 Jun  6 13:14 .
drwxr-xr-x. 151 root root 8192 Jun  6 13:31 ..
-rw-r--r--.   1 root root  895 Jun  6 13:14 ceph.conf
-rw-r--r--.   1 root root   92 May  2 22:22 rbdmap
compute-0.localdomain
total 32
drwxr-xr-x.   2 ceph ceph  143 Jun  6 13:15 .
drwxr-xr-x. 151 root root 8192 Jun  6 13:31 ..
-rw-------.   1 root root  284 Jun  6 13:15 ceph.client.manila.keyring
-rw-------.   1 root root  307 Jun  6 13:15 ceph.client.openstack.keyring
-rw-------.   1 root root  157 Jun  6 13:15 ceph.client.radosgw.keyring
-rw-r--r--.   1 root root 1002 Jun  6 13:15 ceph.conf
-rw-r--r--.   1 root root   92 May  2 22:22 rbdmap
controller-0.localdomain
total 40
drwxr-xr-x.   2 ceph ceph  205 Jun  6 13:12 .
drwxr-xr-x. 152 root root 8192 Jun  6 13:31 ..
-rw-------.   1 ceph ceph  159 Jun  6 13:12 ceph.client.admin.keyring
-rw-r--r--.   1 root root  811 Jun  6 13:12 ceph.conf
-rw-r--r--.   1 root root   67 Jun  6 13:12 ceph.mgr.controller-0.keyring
-rw-r--r--.   1 root root   67 Jun  6 13:12 ceph.mgr.controller-1.keyring
-rw-r--r--.   1 root root   67 Jun  6 13:12 ceph.mgr.controller-2.keyring
-rw-------.   1 ceph ceph  688 Jun  6 13:12 ceph.mon.keyring
-rw-r--r--.   1 root root   92 May  2 22:22 rbdmap
controller-1.localdomain
total 40
drwxr-xr-x.   2 ceph ceph  200 Jun  6 13:14 .
drwxr-xr-x. 152 root root 8192 Jun  6 13:31 ..
-rw-------.   1 root root  159 Jun  6 13:10 ceph.client.admin.keyring
-rw-------.   1 ceph ceph  276 Jun  6 13:14 ceph.client.manila.keyring
-rw-------.   1 ceph ceph  299 Jun  6 13:14 ceph.client.openstack.keyring
-rw-------.   1 ceph ceph  149 Jun  6 13:14 ceph.client.radosgw.keyring
-rw-r--r--.   1 root root  811 Jun  6 13:10 ceph.conf
-rw-------.   1 ceph ceph  688 Jun  6 13:11 ceph.mon.keyring
-rw-r--r--.   1 root root   92 May  2 22:22 rbdmap
controller-2.localdomain
total 40
drwxr-xr-x.   2 ceph ceph  200 Jun  6 13:14 .
drwxr-xr-x. 152 root root 8192 Jun  6 13:31 ..
-rw-------.   1 ceph ceph  159 Jun  6 13:11 ceph.client.admin.keyring
-rw-------.   1 ceph ceph  276 Jun  6 13:14 ceph.client.manila.keyring
-rw-------.   1 ceph ceph  299 Jun  6 13:14 ceph.client.openstack.keyring
-rw-------.   1 ceph ceph  149 Jun  6 13:14 ceph.client.radosgw.keyring
-rw-r--r--.   1 root root  811 Jun  6 13:11 ceph.conf
-rw-------.   1 ceph ceph  688 Jun  6 13:12 ceph.mon.keyring
-rw-r--r--.   1 root root   92 May  2 22:22 rbdmap

Comment 3 Giulio Fidente 2018-06-06 11:52 EDT

Created attachment 1448371 [details]
ansible-playbook log

Comment 4 Giulio Fidente 2018-06-06 11:56 EDT

Created attachment 1448373 [details]
ansible-mistral-actionwCk7RF.tar

Contains the inventory and the actual ansible-playbook cmdline.

Comment 5 Giulio Fidente 2018-06-08 01:38:15 EDT

Looks like we're better but still not completely done. The keyrings passed with "keys" are not provisioned on the ceph-client nodes (overcloud-novacompute-0).

Also, on the ceph-mon nodes the keyrings owner is forcibly set to ceph_uid, instead of root, not sure why; it might not be a blocking issue.

overcloud-cephstorage-0
total 16
drwxr-xr-x.   2  167  167   23 Jun  7 23:01 .
drwxr-xr-x. 119 root root 8192 Jun  7 22:59 ..
-rw-r--r--.   1 root root  906 Jun  7 23:01 ceph.conf
overcloud-novacompute-0
total 16
drwxr-xr-x.   2  167  167   23 Jun  7 23:08 .
drwxr-xr-x. 119 root root 8192 Jun  7 22:36 ..
-rw-r--r--.   1 root root 1013 Jun  7 23:08 ceph.conf
overcloud-controller-0
total 52
drwxr-xr-x.   2  167  167 4096 Jun  7 23:03 .
drwxr-xr-x. 121 root root 8192 Jun  7 22:37 ..
-rw-------.   1  167  167  159 Jun  7 22:55 ceph.client.admin.keyring
-rw-------.   1  167  167  276 Jun  7 23:03 ceph.client.manila.keyring
-rw-------.   1  167  167  299 Jun  7 23:03 ceph.client.openstack.keyring
-rw-------.   1  167  167  149 Jun  7 23:03 ceph.client.radosgw.keyring
-rw-r--r--.   1 root root 1826 Jun  7 22:55 ceph.conf
-rw-r--r--.   1 root root   77 Jun  7 22:57 ceph.mgr.overcloud-controller-0.keyring
-rw-r--r--.   1 root root   77 Jun  7 22:57 ceph.mgr.overcloud-controller-1.keyring
-rw-r--r--.   1 root root   77 Jun  7 22:56 ceph.mgr.overcloud-controller-2.keyring
-rw-------.   1  167  167  688 Jun  7 22:56 ceph.mon.keyring
overcloud-controller-1
total 36
drwxr-xr-x.   2  167  167  186 Jun  7 23:03 .
drwxr-xr-x. 121 root root 8192 Jun  7 22:37 ..
-rw-------.   1  167  167  159 Jun  7 22:52 ceph.client.admin.keyring
-rw-------.   1  167  167  276 Jun  7 23:03 ceph.client.manila.keyring
-rw-------.   1  167  167  299 Jun  7 23:02 ceph.client.openstack.keyring
-rw-------.   1  167  167  149 Jun  7 23:03 ceph.client.radosgw.keyring
-rw-r--r--.   1 root root 1826 Jun  7 22:52 ceph.conf
-rw-------.   1  167  167  688 Jun  7 22:53 ceph.mon.keyring
overcloud-controller-2
total 36
drwxr-xr-x.   2  167  167  186 Jun  7 23:02 .
drwxr-xr-x. 121 root root 8192 Jun  7 22:37 ..
-rw-------.   1 root root  159 Jun  7 22:49 ceph.client.admin.keyring
-rw-------.   1  167  167  284 Jun  7 23:08 ceph.client.manila.keyring
-rw-------.   1  167  167  307 Jun  7 23:08 ceph.client.openstack.keyring
-rw-------.   1  167  167  157 Jun  7 23:09 ceph.client.radosgw.keyring
-rw-r--r--.   1 root root 1826 Jun  7 22:49 ceph.conf
-rw-------.   1  167  167  688 Jun  7 22:49 ceph.mon.keyring

Comment 11 Yogev Rabl 2018-06-21 11:01:29 EDT

verified on ceph-ansible-3.1.0-0.1.rc9.el7cp.noarch

Comment 16 errata-xmlrpc 2018-09-26 14:21:59 EDT

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:2819

Note You need to log in before you can comment on or make changes to this bug.