Puppet fails during updating ceilometer node

Bug #1354494 reported by Ihor Kalnytskyi on 2014-08-08
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Fuel for OpenStack
Critical
Vladimir Kuklin
5.0.x
Critical
Fuel Library (Deprecated)
5.1.x
Critical
Vladimir Kuklin
6.0.x
Medium
Dmitry Ilyin
6.1.x
Medium
Fuel Library (Deprecated)

Bug Description

Repro step:

1. Run Fuel 5.0 (ISO 26)
2. Deploy environment with ceilometer node
3. Upgrade master node to 5.1
4. Update env to 5.0.2

Expected result:

    Successfull update

Actual result:

    Puppet fails with the following error: "Could not evaluate: Execution of '/usr/bin/mongo --quiet --eval db.getMongo().getDBNames()' returned 252"

Log:

    http://paste.openstack.org/raw/92112/

Łukasz Oleś (loles) wrote :

I couldn 't reproduce this.

Ihor Kalnytskyi (ikalnytskyi) wrote :

Łukasz, do you know about our mongo implementation? If so I can give you a tunnel when I meet this issue again.

listDatabases failed:{ "ok" : 0, "errmsg" : "unauthorized" } at src/mongo/shell/mongo.js:46

Dina Belova (dbelova) wrote :

Why don't we have the snapshots attached to this bug? Actually that's impossible to understand what was happening while the upgrade on the nodes without them

Changed in fuel:
assignee: Fuel Library Team (fuel-library) → Denis Egorenko (degorenko)

Need to reproduce and provide the access to tha lab.

Dmitry Ilyin (idv1985) wrote :

Lokks like Puppet's mongodb module is trying to gem list of databases to determin if it should create one or not. But there is absolutely no auth support in this module. Probabbly it relies on "localhost exception" when you can connect to mongo without login and password from local interface. But it works only when there are no users created. After the first Puppet run admin and ceilometer users and ther rights are created and mongo no longer can connect to the database without password. So it doesn't work on the second and later runs.

This kinda sucks there is no easy fix but to implement auth mechanism in Mongo Puppet module.

Changed in fuel:
status: New → Incomplete
Dmitry Ilyin (idv1985) on 2014-08-11
Changed in fuel:
assignee: Denis Egorenko (degorenko) → Dmitry Ilyin (idv1985)
Changed in fuel:
status: Incomplete → Confirmed
Changed in fuel:
status: Confirmed → In Progress

Fix proposed to branch: master
Review: https://review.openstack.org/114297

Changed in fuel:
assignee: Dmitry Ilyin (idv1985) → Vladimir Kuklin (vkuklin)

Change abandoned by Dmitry Ilyin (<email address hidden>) on branch: master
Review: https://review.openstack.org/113602
Reason: close

Reviewed: https://review.openstack.org/114297
Committed: https://git.openstack.org/cgit/stackforge/fuel-library/commit/?id=21e1efbe9ce1d51a6f84dbb0d3fccd6896346235
Submitter: Jenkins
Branch: master

commit 21e1efbe9ce1d51a6f84dbb0d3fccd6896346235
Author: Dmitry Ilyin <email address hidden>
Date: Mon Aug 11 20:43:14 2014 +0400

    Add auth and remote connections support to MongoDB

    Add options to provide admin user login and
    password to be used while managing databases
    and users.

    Admin user should have at least permissions
    'root' and 'restore'.

    If there is no admin user mongo will work
    in 'localhost exception' mode allowing
    administration from the local interface.

    Closes-Bug: 1354494

    Change-Id: I253ee50523fba66586e7a42a7f0772adebe96e83

Changed in fuel:
status: In Progress → Fix Committed

Reviewed: https://review.openstack.org/115324
Committed: https://git.openstack.org/cgit/stackforge/fuel-library/commit/?id=2e55e9a7436ff6d833536c994e9d8eb68ab87eff
Submitter: Jenkins
Branch: stable/5.0

commit 2e55e9a7436ff6d833536c994e9d8eb68ab87eff
Author: Dmitry Ilyin <email address hidden>
Date: Mon Aug 11 20:43:14 2014 +0400

    Add auth and remote connections support to MongoDB

    Add options to provide admin user login and
    password to be used while managing databases
    and users.

    Admin user should have at least permissions
    'root' and 'restore'.

    If there is no admin user mongo will work
    in 'localhost exception' mode allowing
    administration from the local interface.

    Closes-Bug: 1354494

    Change-Id: I253ee50523fba66586e7a42a7f0772adebe96e83

Dmitry Borodaenko (angdraug) wrote :

Please submit this patch to upstream, so that in 6.0 (or later if it takes too long) we can resync with an upstream version that includes this functionality. Targeting to 6.0 as Medium to track that.

Bogdan Dobrelya (bogdando) wrote :

Why this bug is open for 6.1?

Stanislaw Bogatkin (sbogatkin) wrote :

We don't support that type of patching anymore. So, closed.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers