tripleo-ansible role tripleo_create_admin needs idempotence protection

Bug #1918188 reported by John Fulton
14
This bug affects 2 people
Affects Status Importance Assigned to Milestone
tripleo
Fix Committed
High
John Fulton

Bug Description

Sometimes when THT CI runs tripleo_create_admin it's possible for tasks to be rerun and the non-idempotent ansible user module can fail if it tries to create the same user twice [1].

We should add a task to the create_user.yml task file [2] so it checks if the user exists before calling the user module [3].

[1] http://paste.openstack.org/show/803354/

[2] https://github.com/openstack/tripleo-ansible/blob/master/tripleo_ansible/roles/tripleo_create_admin/tasks/create_user.yml

[3] https://docs.ansible.com/ansible/latest/collections/ansible/builtin/user_module.html

Revision history for this message
John Fulton (jfulton-org) wrote :
Changed in tripleo:
status: Triaged → In Progress
Revision history for this message
John Fulton (jfulton-org) wrote :

The standalone inventory [1] has Undercloud and Standalone but they are both the same host.
The logs [2] show two hosts ran:

2021-03-09 18:11:28,668 p=96474 u=root n=ansible | localhost : ok=16 changed=3 unreachable=0 failed=0 skipped=7 rescued=0 ignored=0
2021-03-09 18:11:28,669 p=96474 u=root n=ansible | standalone : ok=2 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0

So it tries to enable the account on the "first" host and then fails when trying to create it on the second?

How can I get it to run on just one and what is the point of the tripleo_target_host [3]?

[1] https://f14d9b704a9d947abb07-39d40a512ecd567406090b9a01c1d98a.ssl.cf1.rackcdn.com/767294/64/check/tripleo-ci-centos-8-scenario001-standalone/5891a47/logs/undercloud/home/zuul/standalone-ansible-nt6zd6np/cephadm/inventory.yml

[2] https://f14d9b704a9d947abb07-39d40a512ecd567406090b9a01c1d98a.ssl.cf1.rackcdn.com/767294/64/check/tripleo-ci-centos-8-scenario001-standalone/5891a47/logs/undercloud/home/zuul/standalone-ansible-nt6zd6np/cephadm/cephadm_enable_user_key.log

[3] https://github.com/openstack/tripleo-ansible/blob/master/tripleo_ansible/playbooks/cli-enable-ssh-admin.yaml#L17

Revision history for this message
John Fulton (jfulton-org) wrote :

The double behaviour is explained by this line:

 hosts: localhost:tripleo_queues

from [1]. Though you can workaround it for the standalone (only) by setting "ssh_servers: []" in ceph-admin.yml, for the case that we're using standalone that seems a bad idea. This cli-enable-ssh-admin.yaml was only meant to run via the tripleo client with multinode. Since the tripleo_create_admin role exists, we might be able to just use that role the way the playbook does [2] but with our own playbook for cephadm and avoid the line that's causing trouble.

[1] https://github.com/openstack/tripleo-ansible/blob/master/tripleo_ansible/playbooks/cli-enable-ssh-admin.yaml#L185

[2] https://github.com/openstack/tripleo-ansible/blob/master/tripleo_ansible/playbooks/cli-enable-ssh-admin.yaml#L206-L210

Revision history for this message
John Fulton (jfulton-org) wrote :
Changed in tripleo:
milestone: wallaby-3 → wallaby-rc1
Revision history for this message
John Fulton (jfulton-org) wrote :
Changed in tripleo:
status: In Progress → Fix Committed
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/tripleo-ansible 3.1.0

This issue was fixed in the openstack/tripleo-ansible 3.1.0 release.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.