M/N upgrade: undercloud upgrade fails when using ssl.
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
tripleo |
Fix Released
|
Critical
|
Sofer Athlan-Guyot |
Bug Description
Hi,
this bug was first opened
https:/
better grip on the problem I prefer to start a new one for clarity.
So, when using ssl, all the important services are under keepalived ip
where haproxy binds.
During a M/N upgrade, the file os-net-
(mtu is added to the parameters).
Then we run puppet, os-net-config is unconditionally run during the
pre-main stage (before everything). The python script catch the diff
and re-apply the configuration. In the process all keepalived ip are
cleaned up:
Nov 08 09:50:48 instack.localdomain Keepalived_
Nov 08 09:50:48 instack.localdomain Keepalived_
Nov 08 09:50:48 instack.localdomain Keepalived_
Nov 08 09:50:48 instack.localdomain Keepalived_
Nov 08 09:50:48 instack.localdomain Keepalived_
Nov 08 09:50:48 instack.localdomain Keepalived_
Nov 08 09:50:48 instack.localdomain Keepalived_
Nov 08 09:50:48 instack.localdomain Keepalived_
Nov 08 10:01:53 instack.localdomain Keepalived_
Nov 08 10:01:53 instack.localdomain Keepalived_
Nov 08 10:01:55 instack.localdomain Keepalived_
Nov 08 10:01:55 instack.localdomain Keepalived_
Nov 08 10:01:55 instack.localdomain Keepalived_
Nov 08 10:01:55 instack.localdomain Keepalived_
Nov 08 10:01:55 instack.localdomain Keepalived_
Nov 08 10:01:55 instack.localdomain Keepalived_
Nov 08 10:01:55 instack.localdomain Keepalived_
Nov 08 10:01:55 instack.localdomain Keepalived_
Nov 08 10:01:55 instack.localdomain Keepalived_
Nov 08 10:01:55 instack.localdomain Keepalived_
Nov 08 10:01:55 instack.localdomain Keepalived_
Nov 08 10:01:55 instack.localdomain Keepalived_
Nov 08 10:01:55 instack.localdomain Keepalived_
Nov 08 10:01:55 instack.localdomain Keepalived_
Nov 08 10:01:55 instack.localdomain Keepalived_
Nov 08 10:01:55 instack.localdomain Keepalived_
Nov 08 10:01:55 instack.localdomain Keepalived_
Nov 08 10:01:55 instack.localdomain Keepalived_
Nov 08 10:01:55 instack.localdomain Keepalived_
Nov 08 10:01:55 instack.localdomain Keepalived_
Nov 08 10:01:55 instack.localdomain Keepalived_
Nov 08 10:01:55 instack.localdomain Keepalived_
Nov 08 10:01:55 instack.localdomain Keepalived_
Nov 08 10:01:55 instack.localdomain Keepalived_
Nov 08 10:01:55 instack.localdomain Keepalived_
Nov 08 10:01:55 instack.localdomain Keepalived_
Nov 08 10:01:55 instack.localdomain Keepalived_
Nov 08 10:01:55 instack.localdomain Keepalived_
Nov 08 10:01:55 instack.localdomain Keepalived_
Nov 08 10:01:55 instack.localdomain Keepalived_
Nov 08 10:02:01 instack.localdomain Keepalived_
Nov 08 10:02:01 instack.localdomain Keepalived_
Then puppet continues and fails with
Could not evaluate: Execution of '/bin/openstack token issue
--format value' returned 1: Unable to establish connection to
https:/
170 seconds)
as services like keystone don't respond on they disappeared https ip
address.
ip on br-ctrlplane before os-net-config:
br-ctlplane: <BROADCAST,
link/ether 00:19:a2:59:cd:1d brd ff:ff:ff:ff:ff:ff
inet 192.0.2.1/24 brd 192.0.2.255 scope global br-ctlplane
valid_lft forever preferred_lft forever
inet 192.0.2.3/32 scope global br-ctlplane
valid_lft forever preferred_lft forever
inet 192.0.2.2/32 scope global br-ctlplane
valid_lft forever preferred_lft forever
inet6 fe80::219:
valid_lft forever preferred_lft forever
ip after:
br-ctlplane: <BROADCAST,
link/ether 00:19:a2:59:cd:1d brd ff:ff:ff:ff:ff:ff
inet 192.0.2.1/24 brd 192.0.2.255 scope global br-ctlplane
valid_lft forever preferred_lft forever
inet6 fe80::219:
valid_lft forever preferred_lft forever
Fix proposed to branch: master /review. openstack. org/395053
Review: https:/