Missing ACL for keystone on internal interface causes openstack service outages
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
MySQL InnoDB Cluster Charm |
Invalid
|
Undecided
|
Unassigned |
Bug Description
As seen in this test run: https:/
Crashdump: https:/
Bundle: https:/
Full artifacts: https:/
This was a Ussuri OpenStack cloud on Focal using the latest stable revision of the charms.
Initial problem with the deployment appears as a nova-scheduler service error putting the nova-cloud-
keystone/0 /var/log/
...
2021-05-11 17:08:57.001317 File "/usr/lib/
2021-05-11 17:08:57.001320 return Connection(*args, **kwargs)
2021-05-11 17:08:57.001327 File "/usr/lib/
2021-05-11 17:08:57.001330 self.connect()
2021-05-11 17:08:57.001337 File "/usr/lib/
2021-05-11 17:08:57.001340 self._request_
2021-05-11 17:08:57.001347 File "/usr/lib/
2021-05-11 17:08:57.001350 auth_packet = self._process_
2021-05-11 17:08:57.001361 File "/usr/lib/
2021-05-11 17:08:57.001364 return _auth.sha256_
2021-05-11 17:08:57.001371 File "/usr/lib/
2021-05-11 17:08:57.001374 return _roundtrip(conn, data)
2021-05-11 17:08:57.001381 File "/usr/lib/
2021-05-11 17:08:57.001384 pkt = conn._read_packet()
2021-05-11 17:08:57.001391 File "/usr/lib/
2021-05-11 17:08:57.001394 packet.
2021-05-11 17:08:57.001401 File "/usr/lib/
2021-05-11 17:08:57.001404 err.raise_
2021-05-11 17:08:57.001411 File "/usr/lib/
2021-05-11 17:08:57.001414 raise errorclass(errno, errval)
2021-05-11 17:08:57.001434 sqlalchemy.
2021-05-11 17:08:57.001438 (Background on this error at: http://
Meaning that keystone unit did not get the correct access set up on its internal binding for mysql. The other two units in the cluster don't appear to have this issue (empty keystone_error log).
Closing this due to inactivity (low number of occurrences, and no hit for more than one year)