tripleo

Deployment on IPv6 fails post-deployment initialization

Bug #1612463 reported by Giulio Fidente on 2016-08-11

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	tripleo	Fix Released	High	Giulio Fidente	tripleo newton-3 "newton-3"

Bug Description

overcloud deploy fails on following error:

2016-08-11 15:01:33.311 1839 ERROR openstack [ admin admin] Command '['ssh', '-oStrictHostKeyChecking=no', '-t', '-l', 'heat-admin', u'[fd00:fd00:fd00:2000::250]', 'sudo', 'key
stone-manage', 'pki_setup', '--keystone-user', "$(getent passwd | grep '^keystone' | cut -d: -f1)", '--keystone-group', "$(getent group | grep '^keystone' | cut -d: -f1)"]' ret
urned non-zero exit status 255

running it manually from undercloud without brackets works:

$ ssh -oStrictHostKeyChecking=no -t -l heat-admin fd00:fd00:fd00:2000::250 sudo keystone-manage pki_setup --keystone-user "$(getent passwd | grep '^keystone' | cut -d: -f1)" --keystone-group "$(getent group | grep '^keystone' | cut -d: -f1)"
Add correct host key in /home/stack/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /home/stack/.ssh/known_hosts:2
Password authentication is disabled to avoid man-in-the-middle attacks.
Keyboard-interactive authentication is disabled to avoid man-in-the-middle attacks.
The following cert files already exist, use --rebuild to remove the existing files before regenerating:
/etc/keystone/ssl/certs/ca.pem already exists
/etc/keystone/ssl/private/signing_key.pem already exists
/etc/keystone/ssl/certs/signing_cert.pem already exists
Connection to fd00:fd00:fd00:2000::250 closed.

Tags:

Giulio Fidente (gfidente) on 2016-08-11

Changed in tripleo:
importance:	Undecided → High
status:	New → Confirmed
milestone:	none → newton-3

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-08-11: Fix proposed to python-tripleoclient (master)

Fix proposed to branch: master
Review: https://review.openstack.org/354443

Changed in tripleo:
assignee:	nobody → Giulio Fidente (gfidente)
status:	Confirmed → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-08-16: Fix proposed to python-tripleoclient (stable/mitaka)

Fix proposed to branch: stable/mitaka
Review: https://review.openstack.org/355876

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-08-16: Fix proposed to python-tripleoclient (stable/liberty)

Fix proposed to branch: stable/liberty
Review: https://review.openstack.org/355882

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-08-16: Fix merged to python-tripleoclient (stable/mitaka)

Reviewed: https://review.openstack.org/355876
Committed: https://git.openstack.org/cgit/openstack/python-tripleoclient/commit/?id=4e67a9b844460a92d22baf2f747ab522261cdb2c
Submitter: Jenkins
Branch: stable/mitaka

commit 4e67a9b844460a92d22baf2f747ab522261cdb2c
Author: Giulio Fidente <email address hidden>
Date: Fri Aug 12 01:30:19 2016 +0200

Use non-bracketed version of addresses for keystone.initialize

    os-cloud-config will add brackets around IPv6 addresses [1] as
    needed, we can't use bracketed version for the ssh command
    so this change restores use of KeystoneAdminVip output,
    previously removed by I0cf9ada1110f6b1452480039c136aee1fc3ccc82

1. https://github.com/openstack/os-cloud-config/blob/master/os_cloud_config/keystone.py#L542

Closes-Bug: 1612463

Change-Id: I7d82f93b9d4e38e6a2da5c6b6a6d7b803890b440
(cherry picked from commit 3665888fe4c045b40c5a3a98ebbf727ed2f21d9f)

tags:

added: in-stable-mitaka

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-08-19: Fix merged to python-tripleoclient (master)

Reviewed: https://review.openstack.org/354443
Committed: https://git.openstack.org/cgit/openstack/python-tripleoclient/commit/?id=3665888fe4c045b40c5a3a98ebbf727ed2f21d9f
Submitter: Jenkins
Branch: master

commit 3665888fe4c045b40c5a3a98ebbf727ed2f21d9f
Author: Giulio Fidente <email address hidden>
Date: Fri Aug 12 01:30:19 2016 +0200

Use non-bracketed version of addresses for keystone.initialize

1. https://github.com/openstack/os-cloud-config/blob/master/os_cloud_config/keystone.py#L542

Closes-Bug: 1612463

Change-Id: I7d82f93b9d4e38e6a2da5c6b6a6d7b803890b440

Changed in tripleo:
status:	In Progress → Fix Released

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-08-25: Fix merged to python-tripleoclient (stable/liberty)

Reviewed: https://review.openstack.org/355882
Committed: https://git.openstack.org/cgit/openstack/python-tripleoclient/commit/?id=bd782d9b6f5ea0c63e4ea5dd981f1582b5a7a52e
Submitter: Jenkins
Branch: stable/liberty

commit bd782d9b6f5ea0c63e4ea5dd981f1582b5a7a52e
Author: Giulio Fidente <email address hidden>
Date: Fri Aug 12 01:30:19 2016 +0200

Use non-bracketed version of addresses for keystone.initialize

1. https://github.com/openstack/os-cloud-config/blob/master/os_cloud_config/keystone.py#L542

Closes-Bug: 1612463

Change-Id: I7d82f93b9d4e38e6a2da5c6b6a6d7b803890b440
(cherry picked from commit 3665888fe4c045b40c5a3a98ebbf727ed2f21d9f)

tags:

added: in-stable-liberty

Revision history for this message

Doug Hellmann (doug-hellmann) wrote on 2016-08-30: Fix included in openstack/python-tripleoclient 2.1.0

This issue was fixed in the openstack/python-tripleoclient 2.1.0 release.

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-09-01: Fix included in openstack/python-tripleoclient 5.0.0

This issue was fixed in the openstack/python-tripleoclient 5.0.0 release.

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-11-10: Fix included in openstack/python-tripleoclient 2.1.0

This issue was fixed in the openstack/python-tripleoclient 2.1.0 release.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.