OpenStack HA Cluster Charm

DNS HA configuration should be able to update MAAS API credentials

Bug #1765714 reported by Gábor Mészáros
24
This bug affects 4 people
Affects Status Importance Assigned to Milestone
OpenStack HA Cluster Charm
Confirmed
Medium
Unassigned

Bug Description

It is currently not possible to update maas credentials via the charm configuration, as it does not trigger the necessary pacemaker resource configuration update.
If the unit was deployed with a bogus maas credential (or the MAAS API credential had to be updated for security reasons), the charm will fail to connect to MAAS to maintain its DNS entry.
Current workaround is to manually adjust the credential for the resource, but this could be easily done by the charm upon config-changed.

Revision history for this message
Frode Nordahl (fnordahl) wrote :

Could you share anything about the frequency of hitting this issue?

Changed in charm-hacluster:
status: New → Incomplete
Revision history for this message
Gábor Mészáros (gabor.meszaros) wrote :

Hi Frode,

it happens always, in case of faulty maas credential configuration in the bundle.
Let me paste here a snippet:

# Copyright (c) 2017 Canonical USA Inc. All rights reserved.
#
# Foundation Converged
#
series: xenial
variables:
...

  # MAAS info
  maas_url: &maas_url http://100.99.5.100/MAAS
  maas_credentials: &maas_credentials e2Nr84yjuTBAYkJAqN:kZvmpm8Qt3TS9Hcv2d:jQ5waMrLWRtJWkeXpGLuqUFmyYXP3bch
  maas_source: &maas_source ""
...

machines:
  "0":
    constraints: tags=4-management
    series: xenial
  "1":
    constraints: tags=5-management
    series: xenial
  "2":
    constraints: tags=6-management
    series: xenial
...
applications:
  hacluster-cinder:
    charm: ../charms/hacluster
    options:
      cluster_count: 3
      maas_url: *maas_url
      maas_credentials: *maas_credentials
      maas_source: *maas_source
...
  cinder:
    charm: ../charms/cinder
    num_units: 3
    constraints: *ceph-access-constr
    bindings:
      "": *oam-space
      public: *public-space
      admin: *admin-space
      internal: *internal-space
      shared-db: *internal-space
    options:
      worker-multiplier: *worker-multiplier
...
    to:
    - lxd:0
    - lxd:1
    - lxd:2
...
relations:
  - [ cinder, hacluster-cinder ]
...

This is just a cut&paste, but I hope it gives you the basic idea how I have this setup.
From hereon, when I try
    juju config hacluster-cinder maas_credentials=ABCD
nothing happens in the charm, it does not handle the maas creds reconfiguration.

Revision history for this message
Launchpad Janitor (janitor) wrote :

[Expired for OpenStack hacluster charm because there has been no activity for 60 days.]

Changed in charm-hacluster:
status: Incomplete → Expired
Revision history for this message
Vern Hart (vern) wrote :

Reopening this.

Customer's deployment has units in multiple subnets so can't use L2 vip. If the MAAS API key changes, running juju config does not update the pacemaker configuration.

After running:

  juju config hacluster-mysql maas_credentials='<new api key>'

Checking pacemaker shows the old key:

  juju ssh hacluster-mysql/0 sudo crm configure show

Changed in charm-hacluster:
status: Expired → New
Revision history for this message
Alex Kavanagh (ajkavanagh) wrote :

The config-changed hook doesn't attempt to update the credentials in the pacemaker; it looks like it is currently an install only option. It's obviously useful for it to be configurable on an installed system.

Changed in charm-hacluster:
status: New → Confirmed
importance: Undecided → Medium
Revision history for this message
Pedro Victor Lourenço Fragola (pedrovlf) wrote :

I have the same issue using the Masakari+hacluster and the only way to update the maas_credentials was manually adjust the credential:

crm config edit st-maas

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.