From 71d4c697cdb982d7d8e6cbd95ad870eb08f6914e Mon Sep 17 00:00:00 2001
From: Michal Nasiadka <mnasiadka@gmail.com>
Date: Mon, 13 Jan 2020 11:54:04 +0100
Subject: [PATCH] External Ceph: copy also cinder keyring to nova services

Since [1] nova-compute uses rbd python library instead of libvirt to cleanup
volumes and get pool info - so it requires cinder keyring on filesystem.

In external ceph case it is often that nova key does not exist (is simply a copied
cinder key) and the rbd user is set to cinder - therefore the earlier mentioned
operations will fail due to a missing keyring on the filesystem.

[1]: https://review.opendev.org/#/c/668564/

Change-Id: Idef21dc5f7e9ff512bc8920630a3de61a1e69eee
Backport: train
Closes-Bug: #1859408
---
 ansible/roles/nova-cell/tasks/external_ceph.yml  | 16 +++++++++++++++-
 ...nal-ceph-cinder-keyring-7df624ac556c100b.yaml |  7 +++++++
 2 files changed, 22 insertions(+), 1 deletion(-)
 create mode 100644 releasenotes/notes/bug-1859408-external-ceph-cinder-keyring-7df624ac556c100b.yaml

diff --git a/ansible/roles/nova-cell/tasks/external_ceph.yml b/ansible/roles/nova-cell/tasks/external_ceph.yml
index 81bbfd8df2..1ad2ab123c 100644
--- a/ansible/roles/nova-cell/tasks/external_ceph.yml
+++ b/ansible/roles/nova-cell/tasks/external_ceph.yml
@@ -31,7 +31,6 @@
     - cinder_backend_ceph | bool
     - external_ceph_cephx_enabled | bool
 
-# NOTE: nova-compute and nova-libvirt only need ceph.client.nova.keyring.
 - name: Copy over ceph nova keyring file
   copy:
     src: "{{ nova_cephx_keyring_file.stat.path }}"
@@ -48,6 +47,21 @@
   notify:
     - Restart {{ item }} container
 
+- name: Copy over ceph cinder keyring file
+  copy:
+    src: "{{ cinder_cephx_keyring_file.stat.path }}"
+    dest: "{{ node_config_directory }}/{{ item }}/"
+    mode: "0660"
+  become: true
+  with_items:  # NOTE: nova-libvirt does not need it
+    - nova-compute
+  when:
+    - inventory_hostname in groups[nova_cell_compute_group]
+    - nova_backend == "rbd"
+    - external_ceph_cephx_enabled | bool
+  notify:
+    - Restart {{ item }} container
+
 - name: Copy over ceph.conf
   template:
     src: "{{ node_custom_config }}/nova/ceph.conf"
diff --git a/releasenotes/notes/bug-1859408-external-ceph-cinder-keyring-7df624ac556c100b.yaml b/releasenotes/notes/bug-1859408-external-ceph-cinder-keyring-7df624ac556c100b.yaml
new file mode 100644
index 0000000000..caad72ec84
--- /dev/null
+++ b/releasenotes/notes/bug-1859408-external-ceph-cinder-keyring-7df624ac556c100b.yaml
@@ -0,0 +1,7 @@
+---
+fixes:
+  - |
+    External Ceph: copy also cinder keyring to nova-compute. Since Train
+    nova-compute needs also the cinder key in case rbd user is set to Cinder,
+    because volume/pool checks have been moved to use rbd python library.
+    Fixes `LP#1859408 <https://bugs.launchpad.net/kolla-ansible/+bug/1859408>`__