tripleo

SSH connection to supplemental ipa VM takes minutes

Bug #1712081 reported by Martin André on 2017-08-21

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	tripleo	Fix Released	Medium	Harry Rybacki	tripleo queens-3

Bug Description

I'm seing SSH connection issues to the ipa VM when deploying quickstart with FreeIPA supplemental node:

TASK [freeipa-setup : Create FreeIPA deployment script] ************************
task path: /home/martin/.quickstart-gouda/usr/local/share/ansible/roles/freeipa-setup/tasks/main.yml:14
Monday 21 August 2017 13:16:09 +0200 (0:00:00.134) 0:06:54.713 *********
changed: [supplemental] => {"changed": true, "checksum": "a086b17ef53ed3d594877c09c0b91797f751b047", "dest": "/home/stack/deploy_freeipa.sh", "gid": 1000, "group": "stack", "md5sum": "81734f807caf1b05de579b490720f
59a", "mode": "0744", "owner": "stack", "secontext": "unconfined_u:object_r:user_home_t:s0", "size": 2607, "src": "/home/stack/.ansible/tmp/ansible-tmp-1503314340.09-233025111123421/source", "state": "file", "uid"
: 1000}

TASK [freeipa-setup : Deploy FreeIPA] ******************************************
task path: /home/martin/.quickstart-gouda/usr/local/share/ansible/roles/freeipa-setup/tasks/main.yml:20
Monday 21 August 2017 13:36:04 +0200 (0:19:54.773) 0:26:49.486 *********
<supplemental> ssh_retry: attempt: 0, caught exception(Timeout (12s) waiting for privilege escalation prompt: ) from cmd (/bin/sh -c 'sudo -H -S -n -u root /bin/sh -c '"'"'echo BECOME-SUCCESS-xnbsmvargakhrsqylbeyz
huzijngzodh; /usr/bin/python'"'"' && sleep 0'...), pausing for 0 seconds
<supplemental> ssh_retry: attempt: 1, caught exception(Timeout (12s) waiting for privilege escalation prompt: ) from cmd (/bin/sh -c 'sudo -H -S -n -u root /bin/sh -c '"'"'echo BECOME-SUCCESS-xnbsmvargakhrsqylbeyz
huzijngzodh; /usr/bin/python'"'"' && sleep 0'...), pausing for 1 seconds
<supplemental> ssh_retry: attempt: 2, caught exception(Timeout (12s) waiting for privilege escalation prompt: ) from cmd (/bin/sh -c 'sudo -H -S -n -u root /bin/sh -c '"'"'echo BECOME-SUCCESS-xnbsmvargakhrsqylbeyz
huzijngzodh; /usr/bin/python'"'"' && sleep 0'...), pausing for 3 seconds
fatal: [supplemental]: FAILED! => {"failed": true, "msg": "Timeout (12s) waiting for privilege escalation prompt: "}

The "Create FreeIPA deployment script" task takes 20 min (!!) to render a file on the ipa VM, then the following task fails when trying to connect to the VM via ssh.

From the node where I'm running quickstart it takes around 3 minutes to establish an ssh connection vm with:

ssh -F /home/martin/.quickstart-gouda/ssh.config.ansible supplemental

I used the following command to deploy:

bash ./quickstart.sh -w ~/.quickstart-gouda --teardown all --no-clone --clean --release master-tripleo-ci -e undercloud_memory=16384 -e undercloud_disk=60 -e undercloud_node_cpu=6 -N config/nodes/1ctlr_1comp_1supp.yml -c config/general_config/ipa.yml -e nameserver_from_virthost=false --tags "all" gouda

Tags:

Revision history for this message

Martin André (mandre) wrote on 2017-08-21:

I found this is a DNS issue:

[root@localhost ~]# cat /etc/resolv.conf
# Generated by NetworkManager
nameserver 10.11.5.19
search localdomain

After I changed the resolver to 192.168.23.1 (the virthost address) it's all speedy as it should be.

Revision history for this message

Harry Rybacki (hrybacki-h) wrote on 2017-08-21:

The IPA node must act as the DNS server for a given deployment. I'll submit a review allowing this to be customize able.

Changed in tripleo:
status:	New → Confirmed
assignee:	nobody → Harry Rybacki (hrybacki-h)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-08-21: Fix proposed to tripleo-quickstart (master)

Fix proposed to branch: master
Review: https://review.openstack.org/495899

Changed in tripleo:
status:	Confirmed → In Progress

wes hayutin (weshayutin) on 2017-08-22

Changed in tripleo:
importance:	Undecided → Medium
milestone:	none → queens-1

Emilien Macchi (emilienm) on 2017-10-23

Changed in tripleo:
milestone:	queens-1 → queens-2

OpenStack Infra (hudson-openstack) on 2017-11-15

Changed in tripleo:
assignee:	Harry Rybacki (hrybacki-h) → Juan Antonio Osorio Robles (juan-osorio-robles)

OpenStack Infra (hudson-openstack) on 2017-11-29

Changed in tripleo:
assignee:	Juan Antonio Osorio Robles (juan-osorio-robles) → Harry Rybacki (hrybacki-h)

Alex Schultz (alex-schultz) on 2017-12-05

Changed in tripleo:
milestone:	queens-2 → queens-3

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-12-14: Fix merged to tripleo-quickstart (master)

Reviewed: https://review.openstack.org/495899
Committed: https://git.openstack.org/cgit/openstack/tripleo-quickstart/commit/?id=d6501939b4b5747a58b66a445e474f4ec0580ef9
Submitter: Zuul
Branch: master

commit d6501939b4b5747a58b66a445e474f4ec0580ef9
Author: Harry Rybacki <email address hidden>
Date: Mon Aug 21 11:03:27 2017 -0400

Make FreeIPA supplemental node DNS server configureable

DNS server was previously hardcoded. Users may now customize the DNS
server set on the FreeIPA supplmental node prior to deployment.

Change-Id: I1669c323862a2634d997b08c630c74e7281d999b
Closes-bug: 1712081

Changed in tripleo:
status:	In Progress → Fix Released

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-05-14: Fix included in openstack/tripleo-quickstart 2.1.1

This issue was fixed in the openstack/tripleo-quickstart 2.1.1 release.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.