External Ceph: add ceph_*_user variables

To make the configuration easier for the user, and to allow non-standard ceph authentication ids - introduce ceph_*_user variables. Change-Id: I24e01c43c826b62b6748d93a498f4b7d8ce9e309
openstack · Jan 29, 2020 · fdf3729 · fdf3729 · maharg101 · May 6, 2020
1 parent 4d0c442
commit fdf3729
Show file tree

Hide file tree

Showing 9 changed files with 50 additions and 89 deletions.
diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml
@@ -1007,6 +1007,13 @@ ceph_glance_pool_name: "images"
 ceph_gnocchi_pool_name: "gnocchi"
 ceph_nova_pool_name: "vms"
 
+ceph_cinder_backup_user: "cinder-backup"
+ceph_cinder_volume_user: "cinder"
+ceph_glance_user: "glance"
+ceph_gnocchi_user: "gnocchi"
+ceph_manila_user: "manila"
+ceph_nova_user: "nova"
+
 ceph_erasure_profile: "k=4 m=2 ruleset-failure-domain=host"
 ceph_rule: "default host {{ 'indep' if ceph_pool_type == 'erasure' else 'firstn' }}"
 ceph_cache_rule: "cache host firstn"

diff --git a/ansible/roles/cinder/templates/cinder.conf.j2 b/ansible/roles/cinder/templates/cinder.conf.j2
@@ -28,7 +28,7 @@ enabled_backends = {{ cinder_enabled_backends|map(attribute='name')|join(',') }}
 {% if cinder_backup_driver == "ceph" %}
 backup_driver = cinder.backup.drivers.ceph.CephBackupDriver
 backup_ceph_conf = /etc/ceph/ceph.conf
-backup_ceph_user = cinder-backup
+backup_ceph_user = {{ ceph_cinder_backup_user }}
 backup_ceph_chunk_size = 134217728
 backup_ceph_pool = {{ ceph_cinder_backup_pool_name }}
 backup_ceph_stripe_unit = 0
@@ -131,7 +131,7 @@ rbd_flatten_volume_from_snapshot = false
 rbd_max_clone_depth = 5
 rbd_store_chunk_size = 4
 rados_connect_timeout = 5
-rbd_user = cinder
+rbd_user = {{ ceph_cinder_volume_user }}
 rbd_secret_uuid = {{ cinder_rbd_secret_uuid }}
 report_discard_supported = True
 image_upload_use_cinder_backend = True

diff --git a/ansible/roles/glance/templates/glance-api.conf.j2 b/ansible/roles/glance/templates/glance-api.conf.j2
@@ -61,7 +61,7 @@ stores = {{ glance_store_backends|map(attribute='name')|join(',') }}
 {% endif %}
 
 {% if glance_backend_ceph | bool %}
-rbd_store_user = glance
+rbd_store_user = {{ ceph_glance_user }}
 rbd_store_pool = {{ ceph_glance_pool_name }}
 rbd_store_chunk_size = 8
 {% endif %}

diff --git a/ansible/roles/gnocchi/templates/gnocchi.conf.j2 b/ansible/roles/gnocchi/templates/gnocchi.conf.j2
@@ -74,8 +74,8 @@ file_basepath = /var/lib/gnocchi
 {% elif gnocchi_backend_storage == 'ceph' %}
 driver = ceph
 ceph_pool = {{ gnocchi_pool_name }}
-ceph_username = gnocchi
-ceph_keyring = /etc/ceph/ceph.client.gnocchi.keyring
+ceph_username = {{ ceph_gnocchi_user }}
+ceph_keyring = {{ ceph_gnocchi_keyring }}
 ceph_conffile = /etc/ceph/ceph.conf
 {% elif gnocchi_backend_storage == 'swift' %}
 driver = swift

diff --git a/ansible/roles/manila/templates/manila-share.conf.j2 b/ansible/roles/manila/templates/manila-share.conf.j2
@@ -99,7 +99,7 @@ driver_handles_share_servers = False
 share_backend_name = CEPHFS1
 share_driver = manila.share.drivers.cephfs.driver.CephFSDriver
 cephfs_conf_path = /etc/ceph/ceph.conf
-cephfs_auth_id = manila
+cephfs_auth_id = {{ ceph_manila_user }}
 cephfs_cluster_name = ceph
 cephfs_enable_snapshots = False
 {% endif %}
@@ -111,7 +111,7 @@ share_backend_name = CEPHFSNFS1
 share_driver = manila.share.drivers.cephfs.driver.CephFSDriver
 cephfs_protocol_helper_type = NFS
 cephfs_conf_path = /etc/ceph/ceph.conf
-cephfs_auth_id = manila
+cephfs_auth_id = {{ ceph_manila_user }}
 cephfs_cluster_name = ceph
 cephfs_enable_snapshots = False
 cephfs_ganesha_server_is_remote= False

diff --git a/ansible/roles/nova-cell/templates/nova.conf.d/libvirt.conf.j2 b/ansible/roles/nova-cell/templates/nova.conf.d/libvirt.conf.j2
@@ -5,11 +5,11 @@ live_migration_uri = "qemu+tls://%s/system"
 {% else %}
 connection_uri = "qemu+tcp://{{ migration_interface_address | put_address_in_context('url') }}/system"
 {% endif %}
-{% if enable_ceph | bool and nova_backend == "rbd" %}
+{% if nova_backend == "rbd" %}
 images_type = rbd
 images_rbd_pool = {{ ceph_nova_pool_name }}
 images_rbd_ceph_conf = /etc/ceph/ceph.conf
-rbd_user = nova
+rbd_user = {{ ceph_nova_user }}
 disk_cachemodes="network=writeback"
 {% if nova_hw_disk_discard != '' %}
 hw_disk_discard = {{ nova_hw_disk_discard }}

diff --git a/doc/source/reference/storage/external-ceph-guide.rst b/doc/source/reference/storage/external-ceph-guide.rst
@@ -66,17 +66,11 @@ Glance
 
 Configuring Glance for Ceph includes the following steps:
 
-#. Configure RBD back end in ``glance-api.conf``
-
-   .. path /etc/kolla/config/glance/glance-api.conf
-   .. code-block:: ini
+#. Configure Ceph authentication details in ``/etc/kolla/globals.yml``:
 
-      [glance_store]
-      stores = rbd
-      default_store = rbd
-      rbd_store_pool = images
-      rbd_store_user = glance
-      rbd_store_ceph_conf = /etc/ceph/ceph.conf
+   * ``ceph_glance_keyring`` (default: ``ceph.client.glance.keyring``)
+   * ``ceph_glance_user`` (default: ``glance``)
+   * ``ceph_glance_pool_name`` (default: ``images``)
 
 #. Copy Ceph configuration file to ``/etc/kolla/config/glance/ceph.conf``
 
@@ -91,54 +85,21 @@ Configuring Glance for Ceph includes the following steps:
       auth_service_required = cephx
       auth_client_required = cephx
 
-#. Configure Ceph authentication details in ``/etc/kolla/globals.yml``:
-
-   * ``ceph_glance_keyring`` (default: ``ceph.client.glance.keyring``)
-
 #. Copy Ceph keyring to ``/etc/kolla/config/glance/<ceph_glance_keyring>``
 
 Cinder
 ------
 
 Configuring Cinder for Ceph includes following steps:
 
-#. Configure RBD backend in ``cinder-volume.conf`` and ``cinder-backup.conf``
-
-   .. path /etc/kolla/config/cinder/cinder-volume.conf
-   .. code-block:: ini
-
-      [DEFAULT]
-      enabled_backends=rbd-1
-
-      [rbd-1]
-      rbd_ceph_conf=/etc/ceph/ceph.conf
-      rbd_user=cinder
-      backend_host=rbd:volumes
-      rbd_pool=volumes
-      volume_backend_name=rbd-1
-      volume_driver=cinder.volume.drivers.rbd.RBDDriver
-      rbd_secret_uuid = {{ cinder_rbd_secret_uuid }}
-
-   .. note::
-
-      ``cinder_rbd_secret_uuid`` can be found in ``/etc/kolla/passwords.yml``.
-
-   .. path /etc/kolla/config/cinder/cinder-backup.conf
-   .. code-block:: ini
-
-      [DEFAULT]
-      backup_ceph_conf=/etc/ceph/ceph.conf
-      backup_ceph_user=cinder-backup
-      backup_ceph_chunk_size = 134217728
-      backup_ceph_pool=backups
-      backup_driver = cinder.backup.drivers.ceph.CephBackupDriver
-      backup_ceph_stripe_unit = 0
-      backup_ceph_stripe_count = 0
-      restore_discard_excess_bytes = true
-
-   For more information about the Cinder backup configuration, see
-   :cinder-doc:`Ceph backup driver
-   <configuration/block-storage/backup/ceph-backup-driver.html>`.
+#. Configure Ceph authentication details in ``/etc/kolla/globals.yml``:
+   * ``ceph_cinder_keyring`` (default: ``ceph.client.cinder.keyring``)
+   * ``ceph_cinder_user`` (default: ``cinder``)
+   * ``ceph_cinder_pool_name`` (default: ``volumes``)
+   * ``ceph_cinder_backup_keyring``
+   (default: ``ceph.client.cinder-backup.keyring``)
+   * ``ceph_cinder_backup_user`` (default: ``cinder-backup``)
+   * ``ceph_cinder_backup_pool_name`` (default: ``backups``)
 
 #. Copy Ceph configuration file to ``/etc/kolla/config/cinder/ceph.conf``
 
@@ -148,11 +109,6 @@ Configuring Cinder for Ceph includes following steps:
    ``/etc/kolla/config/cinder/cinder-backup`` respectively. They
    will be merged with ``/etc/kolla/config/cinder/ceph.conf``.
 
-#. Configure Ceph authentication details in ``/etc/kolla/globals.yml``:
-   * ``ceph_cinder_keyring`` (default: ``ceph.client.cinder.keyring``)
-   * ``ceph_cinder_backup_keyring``
-   (default: ``ceph.client.cinder-backup.keyring``)
-
 #. Copy Ceph keyring files to:
    * ``/etc/kolla/config/cinder/cinder-volume/<ceph_cinder_keyring>``
    * ``/etc/kolla/config/cinder/cinder-backup/<ceph_cinder_keyring>``
@@ -168,12 +124,14 @@ Nova
 
 Configuring Nova for Ceph includes following steps:
 
-#. Copy Ceph configuration file to ``/etc/kolla/config/nova/ceph.conf``
 #. Configure Ceph authentication details in ``/etc/kolla/globals.yml``:
 
    * ``ceph_cinder_keyring`` (default: ``ceph.client.cinder.keyring``)
    * ``ceph_nova_keyring`` (by default it's the same as ceph_cinder_keyring)
+   * ``ceph_nova_user`` (default: ``nova``)
+   * ``ceph_nova_pool_name`` (default: ``vms``)
 
+#. Copy Ceph configuration file to ``/etc/kolla/config/nova/ceph.conf``
 #. Copy Ceph keyring file(s) to:
 
    * ``/etc/kolla/config/nova/<ceph_cinder_keyring>``
@@ -183,41 +141,23 @@ Configuring Nova for Ceph includes following steps:
    .. warning::
 
       If you are using ceph-ansible or another deployment tool that doesn't
-      create separate key for Nova just copy the Cinder key.
-
-#. Configure nova-compute to use Ceph as the ephemeral back end by creating
-   ``/etc/kolla/config/nova/nova-compute.conf`` and adding the following
-   configurations:
-
-   .. code-block:: ini
-
-      [libvirt]
-      images_rbd_pool=vms
-      images_type=rbd
-      images_rbd_ceph_conf=/etc/ceph/ceph.conf
+      create separate key for Nova just copy the Cinder key and configure
+      ``ceph_nova_user`` to the same value as ``ceph_cinder_user``.
 
 Gnocchi
 -------
 
 Configuring Gnocchi for Ceph includes following steps:
 
-#. Copy Ceph configuration file to ``/etc/kolla/config/gnocchi/ceph.conf``
 #. Configure Ceph authentication details in ``/etc/kolla/globals.yml``:
 
    * ``ceph_gnocchi_keyring``
      (default: ``ceph.client.gnocchi.keyring``)
+   * ``ceph_gnocchi_user`` (default: ``gnocchi``)
+   * ``ceph_gnocchi_pool_name`` (default: ``gnocchi``)
 
+#. Copy Ceph configuration file to ``/etc/kolla/config/gnocchi/ceph.conf``
 #. Copy Ceph keyring to ``/etc/kolla/config/gnocchi/<ceph_gnocchi_keyring>``
-#. Modify ``/etc/kolla/config/gnocchi.conf`` file according to the following
-   configuration:
-
-   .. code-block:: ini
-
-      [storage]
-      driver = ceph
-      ceph_username = gnocchi
-      ceph_keyring = /etc/ceph/ceph.client.gnocchi.keyring
-      ceph_conffile = /etc/ceph/ceph.conf
 
 Manila
 ------
@@ -229,6 +169,7 @@ Configuring Manila for Ceph includes following steps:
 #. Configure Ceph authentication details in ``/etc/kolla/globals.yml``:
 
    * ``ceph_manila_keyring`` (default: ``ceph.client.manila.keyring``)
+   * ``ceph_manila_user`` (default: ``manila``)
 
 #. Copy Ceph configuration file to ``/etc/kolla/config/manila/ceph.conf``
 #. Copy Ceph keyring to ``/etc/kolla/config/manila/<ceph_manila_keyring>``

diff --git a/releasenotes/notes/external-ceph-users-2715eebf8a8df1af.yaml b/releasenotes/notes/external-ceph-users-2715eebf8a8df1af.yaml
@@ -0,0 +1,12 @@
+---
+features:
+  - |
+    Introduce External Ceph user ids as variables to allow non-standard ceph
+    authentication ids in OpenStack services configuration without the need to
+    override configuration files.
+upgrade:
+  - |
+    Now the rbd part of ``nova.conf`` in ``nova-compute`` is being generated
+    when ``nova_backend`` is set to ``"rbd"`` (previously it was generated when
+    both ``enable_ceph`` was ``"yes"`` and ``nova_backend`` was set to
+    ``"rbd"``).
diff --git a/tests/templates/globals-default.j2 b/tests/templates/globals-default.j2
@@ -133,4 +133,5 @@ enable_cinder: "yes"
 glance_backend_ceph: "yes"
 cinder_backend_ceph: "yes"
 nova_backend_ceph: "yes"
+ceph_nova_user: "cinder"
 {% endif %}