StarlingX

Compute unlock on multinode configuration fails due to missing DNS requirement

Bug #1817126 reported by Erich Cordoba on 2019-02-21

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	StarlingX	Fix Released	High	Erich Cordoba

Bug Description

Brief Description
-----------------
The system host-unlock compute-x is failing with a puppet error regarding a missing resource for Platform::Dns

Severity
--------
Major

Steps to Reproduce
------------------
On containerized environment with a multinode configuration, try to unlock a compute.

Expected Behavior
------------------
The compute should be unlocked.

Actual Behavior
----------------
The unlock process fails and the puppet.log in the compute reports the following error:

Could not find resource 'Class[Platform::Dns]' for relationship on 'File[/etc/sysctl.d/k8s.conf]' on node compute-0

Reproducibility
---------------
100%

System Configuration
--------------------
Multi node system

Branch/Pull Time/Commit
-----------------------
stx-config master 28766a8d43f579fb027f4152c3f6586418e1eb9d

Tags:

Ghada Khalil (gkhalil) on 2019-02-21

Changed in starlingx:
assignee:	nobody → Erich Cordoba (ericho)
importance:	Undecided → High

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-02-21: Fix merged to stx-config (master)

Reviewed: https://review.openstack.org/638466
Committed: https://git.openstack.org/cgit/openstack/stx-config/commit/?id=cba2b66e9b27efc077b89fb5e661b8dffc890fd8
Submitter: Zuul
Branch: master

commit cba2b66e9b27efc077b89fb5e661b8dffc890fd8
Author: Erich Cordoba <email address hidden>
Date: Thu Feb 21 11:21:28 2019 -0600

Move DNS requirement into kubernetes::master

This was causing a failure in computes unlock process where the
Platform::Dns class cannot be found.

    Closes-bug: 1817126
    Change-Id: I0a9e9b60580944a49b9672803fc05216f204b222
    Signed-off-by: Erich Cordoba <email address hidden>

Changed in starlingx:
status:	New → Fix Released

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-02-21: Fix proposed to stx-config (f/stein)

Fix proposed to branch: f/stein
Review: https://review.openstack.org/638513

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-02-21: Fix merged to stx-config (f/stein)

Reviewed: https://review.openstack.org/638513
Committed: https://git.openstack.org/cgit/openstack/stx-config/commit/?id=160ec4eca9b999c7dfc1c0a60d40c41998d1e9ed
Submitter: Zuul
Branch: f/stein

commit 52a829d1803056da8222f30dcc002c39c86c6f54
Author: Matt Peters <email address hidden>
Date: Thu Feb 21 11:20:15 2019 -0500

Temporarily disable iptables restore during puppet

    Docker and kubernetes add rules to iptables, which can end up
    persisted in /etc/sysconfig/iptables by calls to iptables-save.
    When the puppet manifest is applied during node initialization,
    kubernetes is not yet running, and any related iptables rules
    will fail.

    This update disables the restoration of iptables rules from
    previous boots, to ensure the puppet manifest does not fail
    to apply due to invalid rules. However, this means that in
    a DOR scenario (Dead Office Recovery, where both controllers
    will be intializing at the same time), the firewall rules
    will not get reapplied.

Firewall management will be moved to Calico under story 2005066,
at which point this code will be removed.

    Change-Id: I43369dba34e6859088af3794de25a68571c7154c
    Closes-Bug: 1815124
    Signed-off-by: Don Penney <email address hidden>

commit cba2b66e9b27efc077b89fb5e661b8dffc890fd8
Author: Erich Cordoba <email address hidden>
Date: Thu Feb 21 11:21:28 2019 -0600

Move DNS requirement into kubernetes::master

This was causing a failure in computes unlock process where the
Platform::Dns class cannot be found.

    Closes-bug: 1817126
    Change-Id: I0a9e9b60580944a49b9672803fc05216f204b222
    Signed-off-by: Erich Cordoba <email address hidden>

commit 4b35404d6a03c4bfe6ea12e176d8624710a10b2c
Author: Don Penney <email address hidden>
Date: Thu Feb 21 11:33:30 2019 -0500

Ignore error on k8s taint removal from puppet

    There are cases where the kubernetes taint is not present on,
    or has already been removed from, a newly configured standby
    controller. This causes the taint removal command run by the
    puppet manifest to fail. This failure can be safely ignored,
    so the command is updated by this commit to always return
    success.

    Change-Id: Icdb55738e052c65a28e44582e345038b0de83c37
    Closes-Bug: 1815795
    Signed-off-by: Don Penney <email address hidden>

Reviewed:  https://review.openstack.org/638513
Committed: https://git.openstack.org/cgit/openstack/stx-config/commit/?id=160ec4eca9b999c7dfc1c0a60d40c41998d1e9ed
Submitter: Zuul
Branch:    f/stein

commit 52a829d1803056da8222f30dcc002c39c86c6f54
Author: Matt Peters <matt.peters@windriver.com>
Date:   Thu Feb 21 11:20:15 2019 -0500

Temporarily disable iptables restore during puppet
    
    Docker and kubernetes add rules to iptables, which can end up
    persisted in /etc/sysconfig/iptables by calls to iptables-save.
    When the puppet manifest is applied during node initialization,
    kubernetes is not yet running, and any related iptables rules
    will fail.
    
    This update disables the restoration of iptables rules from
    previous boots, to ensure the puppet manifest does not fail
    to apply due to invalid rules. However, this means that in
    a DOR scenario (Dead Office Recovery, where both controllers
    will be intializing at the same time), the firewall rules
    will not get reapplied.
    
    Firewall management will be moved to Calico under story 2005066,
    at which point this code will be removed.
    
    Change-Id: I43369dba34e6859088af3794de25a68571c7154c
    Closes-Bug: 1815124
    Signed-off-by: Don Penney <don.penney@windriver.com>

commit cba2b66e9b27efc077b89fb5e661b8dffc890fd8
Author: Erich Cordoba <erich.cordoba.malibran@intel.com>
Date:   Thu Feb 21 11:21:28 2019 -0600

Move DNS requirement into kubernetes::master
    
    This was causing a failure in computes unlock process where the
    Platform::Dns class cannot be found.
    
    Closes-bug: 1817126
    Change-Id: I0a9e9b60580944a49b9672803fc05216f204b222
    Signed-off-by: Erich Cordoba <erich.cordoba.malibran@intel.com>

commit 4b35404d6a03c4bfe6ea12e176d8624710a10b2c
Author: Don Penney <don.penney@windriver.com>
Date:   Thu Feb 21 11:33:30 2019 -0500

Ignore error on k8s taint removal from puppet
    
    There are cases where the kubernetes taint is not present on,
    or has already been removed from, a newly configured standby
    controller. This causes the taint removal command run by the
    puppet manifest to fail. This failure can be safely ignored,
    so the command is updated by this commit to always return
    success.
    
    Change-Id: Icdb55738e052c65a28e44582e345038b0de83c37
    Closes-Bug: 1815795
    Signed-off-by: Don Penney <don.penney@windriver.com>

tags:

added: in-f-stein

Ghada Khalil (gkhalil) on 2019-02-25

tags:

added: stx.2019.05 stx.containers

Ken Young (kenyis) on 2019-04-05

tags:

added: stx.2.0
removed: stx.2019.05

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.