aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJiri Stransky <jistr@redhat.com>2015-04-03 16:24:55 +0200
committerGiulio Fidente <gfidente@redhat.com>2015-04-09 07:12:39 -0400
commitb529653d313c7fe23d870df6ea81e267c23373fe (patch)
tree8e5ea40cc618063cfc24ffa521763c1c4646b990
parent0c14b2ad3e0114ffa0aa9514cdfe3dd9d9d212a8 (diff)
Pass in libvirt_rbd_secret_key for nova compute
Passing the key explicitly into nova::compute::rbd means that Puppet will not attempt to fetch the key using `ceph auth get-key <keyring>`, having these effects: * One reason for compute node to have access to the client.admin key is gone (in current implementation it does have access to the key, but this change is a step towards removing it). * Ceph cluster doesn't have to be running at the time when Puppet runs on compute node, meaning we don't have to serialize things more than we do now. Also adding the ComputeCephDeployment as a dependency of ComputePostDeployment, otherwise the hiera file it creates might be created *after* Puppet configuration happens on compute nodes, and the values it provides would be missing during the Puppet run on the compute nodes. Change-Id: Id3166e6d5f01d18ec8a5033398bb511f4321a5e8 Depends-On: I70da06159c0d3c6fa204b5f7a468909ffab4d633 Partial-Bug: #1439949
-rw-r--r--overcloud-without-mergepy.yaml2
-rw-r--r--puppet/manifests/overcloud_compute.pp6
2 files changed, 6 insertions, 2 deletions
diff --git a/overcloud-without-mergepy.yaml b/overcloud-without-mergepy.yaml
index cd684579..6172e027 100644
--- a/overcloud-without-mergepy.yaml
+++ b/overcloud-without-mergepy.yaml
@@ -863,7 +863,7 @@ resources:
ComputeNodesPostDeployment:
type: OS::TripleO::ComputePostDeployment
- depends_on: ComputeAllNodesDeployment
+ depends_on: [ComputeAllNodesDeployment, ComputeCephDeployment]
properties:
servers: {get_attr: [Compute, attributes, nova_server_resource]}
diff --git a/puppet/manifests/overcloud_compute.pp b/puppet/manifests/overcloud_compute.pp
index 58834039..ffa55cdb 100644
--- a/puppet/manifests/overcloud_compute.pp
+++ b/puppet/manifests/overcloud_compute.pp
@@ -52,7 +52,11 @@ nova_config {
$nova_enable_rbd_backend = hiera('nova_enable_rbd_backend', false)
if $nova_enable_rbd_backend {
include ::ceph::profile::client
- include ::nova::compute::rbd
+
+ $client_keys = hiera('ceph::profile::params::client_keys')
+ class { '::nova::compute::rbd':
+ libvirt_rbd_secret_key => $client_keys['client.openstack']['secret'],
+ }
}
include ::nova::compute::libvirt