4.0.1.0-89~mitaka.
"provision_role_sequence": "{'completed': [(u'server2', 'keepalived', '2017_09_26__19_50_35'), (u'server1', 'keepalived', '2017_09_26__19_50_36'), (u'server3', 'keepalived', '2017_09_26__19_55_03'), (u'server2', 'haproxy', '2017_09_26__19_55_19'), (u'server1', 'haproxy', '2017_09_26__19_55_20'), (u'server3', 'haproxy', '2017_09_26__19_55_20'), (u'server1', 'openstack', '2017_09_26__20_02_26'), (u'server3', 'openstack', '2017_09_26__20_24_15')], 'steps': [[(u'server2', u'openstack')], [(u'server2', u'pre_exec_vnc_galera')], [(u'server1', u'pre_exec_vnc_galera')], [(u'server3', u'pre_exec_vnc_galera')], [(u'server2', u'post_exec_vnc_galera')], [(u'server1', u'post_exec_vnc_galera')], [(u'server3', u'post_exec_vnc_galera')], [(u'server1', 'post_provision'), (u'server2', 'post_provision'), (u'server3', 'post_provision')]]}",
Sep 26 22:22:59 server2 puppet-agent[5203]: Not managing Keystone_role[_member_] due to earlier Keystone API failures.
Sep 26 22:22:59 server2 puppet-agent[5203]: (/Stage[openstack]/Contrail::Profile::Openstack::Provision/Keystone_role[_member_]/ensure) change from absent to present failed: Not managing Keystone_role[_member_] due to earlier Keystone API failures.
Sep 26 20:03:32 server2 puppet-agent[6685]: (/Stage[openstack]/Contrail::Profile::Openstack::Provision/Keystone_user[admin::Default]) Could not evaluate: Execution of '/usr/bin/openstack domain list --quiet --format csv' returned 1: Certificate did not match expected hostname: 10.10.0.100. Certificate: {'notAfter': 'Sep 14 19:47:00 2027 GMT', 'subjectAltName': (('DNS', 'server2'), ('DNS', 'server2.englab.juniper.net'), ('IP Address', '10.10.0.5'), ('IP Address', '10.0.0.5')), 'subject': ((('commonName', u'server2'),),)}
Certificates generated for servers doesn’t have ip-address of internal-vip and causing the failure. This is blocking r4.0 mitaka.