[multiple] Discover and configure Glance with Ceph RGW secrets #3169
Conversation
|
Hi @maximsava12. Thanks for your PR. I'm waiting for a openstack-k8s-operators member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
maximsava12
force-pushed
the
glance-ceph-s3-backend
branch
from
11b8bcc to
f8442b1
Compare
|
Build failed (check pipeline). Post https://softwarefactory-project.io/zuul/t/rdoproject.org/buildset/148eba965ca54ffcb1f99d5cd834ff75 ✔️ openstack-k8s-operators-content-provider SUCCESS in 1h 48m 15s |
|
Build failed (check pipeline). Post https://softwarefactory-project.io/zuul/t/rdoproject.org/buildset/61cc1357fe544e08a49db0a7898852f2 ✔️ openstack-k8s-operators-content-provider SUCCESS in 1h 42m 25s |
|
Request for the future: if you keep your pull request "clean" as long as you develop it, you won't need to rebase and clean the pull request when it is ready. So if you update this, please ensure to always have a single commit (unless you want to have more commits, but the commits in this pull request are all updates to the same commit). |
Ack |
|
Build failed (check pipeline). Post https://softwarefactory-project.io/zuul/t/rdoproject.org/buildset/bbd2fe91fbfa4d28843e48791c3b0b10 ✔️ openstack-k8s-operators-content-provider SUCCESS in 1h 44m 58s |
maximsava12
force-pushed
the
glance-ceph-s3-backend
branch
from
775c2c6 to
18fc8d2
Compare
|
Build failed (check pipeline). Post https://softwarefactory-project.io/zuul/t/rdoproject.org/buildset/b78f7c0247ad4884baa7e18744b0ea35 ✔️ openstack-k8s-operators-content-provider SUCCESS in 1h 48m 05s |
maximsava12
force-pushed
the
glance-ceph-s3-backend
branch
from
18fc8d2 to
31ba8bc
Compare
|
Build failed (check pipeline). Post https://softwarefactory-project.io/zuul/t/rdoproject.org/buildset/c6e28a41162640f3bf0ae19b627d1b5a ✔️ openstack-k8s-operators-content-provider SUCCESS in 1h 44m 15s |
maximsava12
force-pushed
the
glance-ceph-s3-backend
branch
from
31ba8bc to
1677da5
Compare
|
Build failed (check pipeline). Post https://softwarefactory-project.io/zuul/t/rdoproject.org/buildset/2ac991835378471aa3b9ab475f753e13 ✔️ openstack-k8s-operators-content-provider SUCCESS in 1h 37m 49s |
maximsava12
force-pushed
the
glance-ceph-s3-backend
branch
from
1677da5 to
88fa5f4
Compare
|
Build failed (check pipeline). Post https://softwarefactory-project.io/zuul/t/rdoproject.org/buildset/1d3f5d867f7d40eaa3ad3ec1cf166972 ✔️ openstack-k8s-operators-content-provider SUCCESS in 1h 48m 56s |
maximsava12
force-pushed
the
glance-ceph-s3-backend
branch
from
88fa5f4 to
3907733
Compare
|
Build failed (check pipeline). Post https://softwarefactory-project.io/zuul/t/rdoproject.org/buildset/f1619da0b1ea4e2083066012b26534c8 ✔️ openstack-k8s-operators-content-provider SUCCESS in 1h 57m 17s |
maximsava12
force-pushed
the
glance-ceph-s3-backend
branch
2 times, most recently
from
5c487c6 to
4b8a24b
Compare
|
Build failed (check pipeline). Post https://softwarefactory-project.io/zuul/t/rdoproject.org/buildset/0b58377b5c1d44f08732f26e86a3b288 ✔️ openstack-k8s-operators-content-provider SUCCESS in 1h 52m 57s |
maximsava12
force-pushed
the
glance-ceph-s3-backend
branch
from
4b8a24b to
0e4c85c
Compare
|
Build failed (check pipeline). Post https://softwarefactory-project.io/zuul/t/rdoproject.org/buildset/3e7b0388f2294c399c0f70c8320e9605 ✔️ openstack-k8s-operators-content-provider SUCCESS in 1h 49m 48s |
maximsava12
force-pushed
the
glance-ceph-s3-backend
branch
from
0e4c85c to
de78135
Compare
maximsava12
force-pushed
the
glance-ceph-s3-backend
branch
from
e5ca0a5 to
4aded04
Compare
|
Merge Failed. This change or one of its cross-repo dependencies was unable to be automatically merged with the current state of its repository. Please rebase the change and upload a new patchset. |
maximsava12
force-pushed
the
glance-ceph-s3-backend
branch
from
e555e69 to
4aded04
Compare
|
Merge Failed. This change or one of its cross-repo dependencies was unable to be automatically merged with the current state of its repository. Please rebase the change and upload a new patchset. |
maximsava12
force-pushed
the
glance-ceph-s3-backend
branch
from
4aded04 to
aa8f9eb
Compare
|
Merge Failed. This change or one of its cross-repo dependencies was unable to be automatically merged with the current state of its repository. Please rebase the change and upload a new patchset. |
maximsava12
force-pushed
the
glance-ceph-s3-backend
branch
from
aa8f9eb to
097bf6d
Compare
|
Build failed (check pipeline). Post https://softwarefactory-project.io/zuul/t/rdoproject.org/buildset/18beaefd57554225b7aade549a5d8b8a ✔️ openstack-k8s-operators-content-provider SUCCESS in 2h 26m 19s |
maximsava12
force-pushed
the
glance-ceph-s3-backend
branch
from
097bf6d to
ad7a3cf
Compare
|
Build failed (check pipeline). Post https://softwarefactory-project.io/zuul/t/rdoproject.org/buildset/1e47746c03eb42deb1f1ae08629a4ce4 ✔️ openstack-k8s-operators-content-provider SUCCESS in 2h 29m 16s |
maximsava12
force-pushed
the
glance-ceph-s3-backend
branch
from
ad7a3cf to
d744754
Compare
|
Build failed (check pipeline). Post https://softwarefactory-project.io/zuul/t/rdoproject.org/buildset/486201c7f8a74c60a3629e505eeb0005 ✔️ openstack-k8s-operators-content-provider SUCCESS in 2h 19m 59s |
This patch enhances the cifmw_ceph_client/cifmw_cephadm roles to: - Automatically discover Ceph RGW (RADOS Gateway) endpoint and credentials - Create Glance secrets using the discovered RGW settings - Configure glance with Ceph RGW secrets - Creating a dedicated 'glance' S3 user in RGW (cifmw_cephadm role) This integration configures Glance with Ceph RGW access credentials, enabling it to use RGW as an Glance backend when object storage is enabled Changes: - Add RGW discovery playbook - Add logic to create Glance secrets with RGW config Signed-off-by: Maxim Sava <msava@redhat.com>
maximsava12
force-pushed
the
glance-ceph-s3-backend
branch
from
d744754 to
f8da9f0
Compare
|
[APPROVALNOTIFIER] This PR is APPROVED Approval requirements bypassed by manually added approval. This pull-request has been approved by: The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:Approvers can indicate their approval by writing |
|
Build failed (check pipeline). Post https://softwarefactory-project.io/zuul/t/rdoproject.org/buildset/1ac61bd0392c4365bab869ea950acde3 ✔️ openstack-k8s-operators-content-provider SUCCESS in 1h 23m 47s |
|
recheck |
| # under the License. | ||
|
|
||
| - name: Create glance S3 RGW user and fetch object-store endpoint | ||
| when: cifmw_cephadm_rgw_s3_glance | default(false) | bool |
There was a problem hiding this comment.
nit: put the cifmw_cephadm_rgw_s3_glance into defaults.yml. Thanks!
There was a problem hiding this comment.
I think we have cifmw_cephadm_rgw_s3_glance in roles/cifmw_cephadm/defaults/main.yaml
| failed_when: false | ||
| until: > | ||
| rgw_daemon_status.rc == 0 and | ||
| (rgw_daemon_status.stdout | default('[]') | from_json | default([], true)) | |
There was a problem hiding this comment.
nit: second default does not make sense.
| --display-name="Glance S3 User" | ||
| become: true | ||
| when: | ||
| - cifmw_ceph_s3_glance_user_check is not skipped |
There was a problem hiding this comment.
the condition for that tasks are almost fine. What is missing: keep logic.
In previous task you check when: cifmw_cephadm_ceph_cli is defined.
Here you use that binary, so if previous task fails, it is skipped, rc != 0, then if cifmw_cephadm_ceph_cli is not defined, it would raise an error.
Do I understand correctly? I'm not familiar with "skipping" in condition and when it is ignore_errors.
There was a problem hiding this comment.
Yes,cover two cases if cifmw_cephadm_ceph_cli is not defined means skipped and if user not exist we check with rc code
fultonj
left a comment
fultonj
left a comment
There was a problem hiding this comment.
I think we're getting close to merging.
Just a few more things to fix before we can. I left a request for a small change. I think @danpawlik has some valid suggestions so please reply in the review when you have addressed them.
| ansible.builtin.import_role: | ||
| name: cifmw_cephadm | ||
| tasks_from: glance_s3_info | ||
|
|
There was a problem hiding this comment.
Please add the following to this call
when: cifmw_cephadm_rgw_s3_glance | default(false) | boolThere was a problem hiding this comment.
I think we can't use when: cifmw_cephadm_rgw_s3_glance | default(false) | bool when we import role .Added when: cifmw_cephadm_rgw_s3_glance | default(false) | bool at begining of glance_s3_info task
8 participants
This patch enhances the cifmw_ceph_client role to:
This integration allows Glance to leverage Ceph RGW for secret storage when object store backends are enabled in the environment.
Changes: