Fuel for OpenStack

Controller deployment consistently fails at 84% with "invalid vc_ca_file" error in puppet

Bug #1667857 reported by Romar
12
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Fuel for OpenStack
Invalid
Undecided
Unassigned

Bug Description

I am using Fuel 9.0 with VMware DVS plugin 3.1.0. for integration with vcenter 6.0. Even I have enabled "Bypass vCenter certificate verification" i am getting above error. what is the probable reason for this issue if anyone can identify?

Simply deploy the controller from the Fuel Master node, on a VmWare infrastructure - dedicated cluster, host and datastore.
Configure "by the book" the networking and VmWare settings including providing the vCenter self-signed CA bundle as per below
https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2108294

Checked the "bypass CA verification" option and still failing. Errors visible in the astute log on the Fuel master and on the deployer controller in the puppet log (as if it retried 3 times or so)
2017-02-24 23:14:03 ERR /usr/bin/puppet:8:in `<main>'
2017-02-24 23:14:03 ERR /usr/lib/ruby/vendor_ruby/puppet/util/command_line.rb:92:in `execute'
2017-02-24 23:14:03 ERR /usr/lib/ruby/vendor_ruby/puppet/util/command_line.rb:146:in `run'
2017-02-24 23:14:03 ERR /usr/lib/ruby/vendor_ruby/puppet/application.rb:381:in `run'
... etc ...
2017-02-24 23:14:03 ERR /usr/lib/ruby/vendor_ruby/puppet/parser/resource.rb:80:in `block in evaluate'
2017-02-24 23:14:03 ERR /usr/lib/ruby/vendor_ruby/puppet/parser/resource.rb:110:in `finish'
2017-02-24 23:14:03 ERR /usr/lib/ruby/vendor_ruby/puppet/parser/resource.rb:270:in `validate'
2017-02-24 23:14:03 ERR /usr/lib/ruby/vendor_ruby/puppet/parser/resource.rb:270:in `each'
2017-02-24 23:14:03 ERR /usr/lib/ruby/vendor_ruby/puppet/parser/resource.rb:271:in `block in validate'
2017-02-24 23:14:03 ERR /usr/lib/ruby/vendor_ruby/puppet/resource.rb:502:in `validate_parameter'
2017-02-24 23:14:03 ERR Invalid parameter vc_ca_file on Vmware::Compute::Ha[0] on node node-5.domain.tld

Looking at the astute.yaml file on the controller the cert file was correctly imported in the vc_ca_file attribute and certificate validation is disabled.

glance:
  db_password: ******
  user_password: ******
  vc_ca_file:
    content: "-----BEGIN CERTIFICATE------**** etc **** ----END CERTIFICATE----
    name: bundle.cert
  vc_datacenter: hsh
  vc_datastore: MOS_datastore
  vc_host: 192.168.198.149
  vc_insecure: true
  vc_password: ******
  vc_user: <email address hidden>

...
vcenter:
  computes:
  - availability_zone_name: MOS_avzone
    datastore_regex: MOS_datastore
    service_name: compute-mos-1
    target_node: controllers
    vc_ca_file:
      content: "-----BEGIN CERTIFICATE-----**** etc ****-----END CERTIFICATE-----
      name: bundle.cert
    vc_cluster: MOS_cluster
    vc_host: 192.168.198.149
    vc_insecure: true
    vc_password: ******
    vc_user: <email address hidden>

Cinder entry is basically identical (but cinder not enabled in the deployment)

Revision history for this message
Romar (romar) wrote :

Affects the automated controller deployment via Fuel Master

affects: fuel-plugin-vmware-dvs → fuel
Revision history for this message
Romar (romar) wrote :
Revision history for this message
Oleksiy Molchanov (omolchanov) wrote :

It seems you should update your fuel to 9.2, it's puppet code can handle vc_ca_file

Changed in fuel:
status: New → Invalid
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.