Juniper Openstack

Only "xmpp_auth_enable" set in control node after provisioning XMPP auth from sm-lite

Bug #1549827 reported by Shashikiran H
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Juniper Openstack
Status tracked in Trunk
R3.0
Won't Fix
Medium
prasad miriyala
Juniper Openstack r3.0-fcs
R3.1
Invalid
Medium
prasad miriyala
Juniper Openstack r3.1.0.0-fcs
Trunk
Invalid
Medium
prasad miriyala

Bug Description

Version: 3.0.0.0-2717

Topo:
env.roledefs = {
    'all': [host1, host2, host3, host4, host5, host6, host7],
    'cfgm': [host1],
    'openstack':[host1],
    'collector': [host1],
    'webui': [host1],
    'control': [host1, host2, host3],
    'compute': [host4, host5, host6, host7],
    'database': [host1],
    'build': [host_build],
}

env.hostnames = {
   'all': ['nodec22', 'nodec26', 'nodeg10', 'nodeg8', 'nodeg14', 'nodec15', 'nodec11']
}

Steps:
1. Reimage the nodes
2. Start provisioning with sm-lite. Cancel the provisioning after cluster.json is generated.
3. Set the auth parameters (xmpp_auth_enable and xmpp_dns_auth_enable) in cluster.json and restart provisioning.

The cert files are in proper places and cacert.pem is the same on all the nodes.
The agent conf files have the relevant knobs set.
The control conf has only one knob "xmpp_auth_enable" set to true. The rest are missing.

The xmpp session is stuck at "OpenConfirm" state and xmpp peers don't show up in ShowBgpNeighborSummaryResp, with these messages repeated in control logs:

2016-02-25 Thu 17:57:32:595.560 IST nodec22 [Thread 139999809713920, Pid 16665]: XMPP [SYS_NOTICE]: XmppEventLog: Mode Server: PassiveOpen in state: Idle peer ip: 10.204.217.48 ( ) controller/src/xmpp/xmpp_state_machine.cc 1342

2016-02-25 Thu 17:59:02:582.138 IST nodec22 [Thread 139999813912320, Pid 16665]: XMPP [SYS_NOTICE]: XmppEventLog: Mode Server: Event: Tcp Connection Closed peer ip: 10.204.217.48 ( nodeg8 ) controller/src/xmpp/xmpp_state_machine.cc 1329

2016-02-25 Thu 18:03:39:455.225 IST nodec22 [Thread 139999813912320, Pid 16665]: XMPP [SYS_NOTICE]: XmppEventLog: Mode Server: Event: HoldTimer Expired peer ip: 10.204.217.48 ( nodeg8 ) controller/src/xmpp/xmpp_state_machine.cc 1300

See original description
Shashikiran H (skiranh)
tags: added: blocker
Shashikiran H (skiranh)
description: updated
Revision history for this message
Sudheendra Rao (sudheendra-k) wrote :

problem is seen with ServerManager also.

Revision history for this message
Nipa (nipak) wrote :

For R3.0, it is suffcient to have xmpp_auth_enable OR xmpp_dns_auth_enable set, all certs are picked up from default location by
the respective daemons. This is not a bug as certs are generated and saved at default location.

For R3.0
1) we will set the xmpp_auth_enable = true or xmpp_dns_auth_enable = true.
2) parser to read from testbed.py and set the flag.

For R3.0 and beyond, we will use this bug to
1) Display the path of the certs in the respective .conf files of the daemon.
xmpp_server_cert=/etc/contrail/ssl/certs/server.pem
xmpp_server_key=/etc/contrail/ssl/private/server-privkey.pem
xmpp_ca_cert=/etc/contrail/ssl/certs/ca-cert.pem
2) testbed.py parser to accept the path of certs.

Revision history for this message
prasad miriyala (pmiriyala) wrote :

Sudhee,

We had discussion on past and now on the following topic. Nipa updated the bug with more information about, how it is working now.
I am going to move this bug to 3.0+ and lower the severity, since it is not functional blocking and it is working as designed.
We are going to enhance to the following with location filed configurable.

Thanks,
Prasad

Changed in juniperopenstack:
importance: Critical → Medium
Revision history for this message
prasad miriyala (pmiriyala) wrote :

R3.0 it is working as expected.
We are going to enhance this request for post 3.0.
/Prasad

Ashish Ranjan (aranjan-n)
tags: removed: blocker
information type: Proprietary → Public
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.