stack update operation fails in containerized HA deployments

Bug #1739771 reported by Damien Ciabrini
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
tripleo
Fix Released
High
Damien Ciabrini

Bug Description

After a HA overcloud has been successfully deployed, subsequent stack update operation fail in docker-puppet-rabbitmq container.

This is because the tripleo puppet module [1] that configures rabbitmq create a rabbitmq_user resource by calling an explicit puppet provider:

    if $stack_action == 'UPDATE' {
      # Required for changing password on update scenario. Password will be changed only when
      # called explicity, if the rabbitmq service is already running.
      rabbitmq_user { $rabbitmq_user :
        password => $rabbitmq_pass,
        provider => 'rabbitmqctl',
        admin => true,
      }
    }

By doing so, the usual noop_resource override cannot be used, and puppet triggers a call to
/usr/bin/rabbitmqctl. This unwanted call then fails because the container is not configured to allow calls to rabbitmq or access to the Erlang VM.

[1] tripleo/manifests/profile/base/rabbitmq.pp

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to puppet-tripleo (master)

Fix proposed to branch: master
Review: https://review.openstack.org/529827

Changed in tripleo:
status: Confirmed → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to puppet-tripleo (stable/pike)

Fix proposed to branch: stable/pike
Review: https://review.openstack.org/529856

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to puppet-tripleo (master)

Reviewed: https://review.openstack.org/529827
Committed: https://git.openstack.org/cgit/openstack/puppet-tripleo/commit/?id=a9f059f540231bc5a35e540cb03ea362fe86b743
Submitter: Zuul
Branch: master

commit a9f059f540231bc5a35e540cb03ea362fe86b743
Author: Damien Ciabrini <email address hidden>
Date: Fri Dec 22 13:47:26 2017 +0100

    Do not force provider in rabbitmq base profile

    We cannot force the provider when defining the rabbitmq_user on
    stack update operation, because otherwise the noop_resource [1]
    function cannot override the resource behaviour and the config
    generation fails with unexpected calls to /usr/bin/rabbitmqctl.

    We don't need to force the provider, so stop doing so.

    [1] tripleo/lib/puppet/parser/functions/noop_resource.pp

    Change-Id: If718dd50147b3430f9f72fa59c297ae65440f71a
    Closes-Bug: #1739771

Changed in tripleo:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to puppet-tripleo (stable/pike)

Reviewed: https://review.openstack.org/529856
Committed: https://git.openstack.org/cgit/openstack/puppet-tripleo/commit/?id=955e489b8394cdc666f1d1d13454c9a4f9d24bcd
Submitter: Zuul
Branch: stable/pike

commit 955e489b8394cdc666f1d1d13454c9a4f9d24bcd
Author: Damien Ciabrini <email address hidden>
Date: Fri Dec 22 13:47:26 2017 +0100

    Do not force provider in rabbitmq base profile

    We cannot force the provider when defining the rabbitmq_user on
    stack update operation, because otherwise the noop_resource [1]
    function cannot override the resource behaviour and the config
    generation fails with unexpected calls to /usr/bin/rabbitmqctl.

    We don't need to force the provider, so stop doing so.

    [1] tripleo/lib/puppet/parser/functions/noop_resource.pp

    Change-Id: If718dd50147b3430f9f72fa59c297ae65440f71a
    Closes-Bug: #1739771
    (cherry picked from commit a9f059f540231bc5a35e540cb03ea362fe86b743)

tags: added: in-stable-pike
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/puppet-tripleo 7.4.7

This issue was fixed in the openstack/puppet-tripleo 7.4.7 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/puppet-tripleo 8.2.0

This issue was fixed in the openstack/puppet-tripleo 8.2.0 release.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.