Contrail :: 16.04 18 newton :: openstack puppet provisioning fails to start due to metadata ssl config.

Setup:- R4.1 build 18 Newton multi node setup.

nodei19 10.204.217.131 openstack
nodec28 10.204.217.13 controller, analytics, analyticsdb
nodec10 10.204.217.176 controller, analytics, analyticsdb
nodec33 10.204.217.168 controller, analytics, analyticsdb
nodeg37 10.204.217.77 lb
nodei17 10.204.217.129 compute
nodei20 10.204.217.132 compute

*************************************************************************************
*************************************************************************************
cluster json configuration:-

{
    "cluster": [
        {
            "parameters": {
                "provision": {
                    "contrail_4": {
                        "metadata_ssl_enable": true

*************************************************************************************
*************************************************************************************
puppet agent logs:-

Oct 18 12:17:33 nodei19 puppet-agent[19208]: Not using cache on failed catalog
Oct 18 12:17:33 nodei19 puppet-agent[19208]: Could not retrieve catalog; skipping run
Oct 18 12:17:36 nodei19 puppet-agent[19629]: Local environment: "production" doesn't match server specified node environment "contrail_newton", switching agent to "contrail_newton".
Oct 18 12:17:43 nodei19 puppet-agent[19629]: Could not retrieve catalog from remote server: Error 400 on SERVER: Duplicate declaration: Nova_config[DEFAULT/enabled_ssl_apis] is already declared in file /etc/puppet/environments/contrail_newton/modules/nova/manifests/init.pp:747; cannot redeclare at /etc/puppet/environments/contrail_newton/modules/contrail/manifests/profile/openstack/nova.pp:358 on node nodei19.englab.juniper.net
Oct 18 12:17:43 nodei19 puppet-agent[19629]: Not using cache on failed catalog
Oct 18 12:17:43 nodei19 puppet-agent[19629]: Could not retrieve catalog; skipping run
Oct 18 12:17:46 nodei19 puppet-agent[20031]: Local environment: "production" doesn't match server specified node environment "contrail_newton", switching agent to "contrail_newton".
Oct 18 12:17:53 nodei19 puppet-agent[20031]: Could not retrieve catalog from remote server: Error 400 on SERVER: Duplicate declaration: Nova_config[DEFAULT/enabled_ssl_apis] is already declared in file /etc/puppet/environments/contrail_newton/modules/nova/manifests/init.pp:747; cannot redeclare at /etc/puppet/environments/contrail_newton/modules/contrail/manifests/profile/openstack/nova.pp:358 on node nodei19.englab.juniper.net

*************************************************************************************
*************************************************************************************

root@nodec28:~# awk 'NR >= 740 && NR <= 750' /etc/puppet/environments/contrail_newton/modules/nova/manifests/init.pp
    }
  } else {
    nova_config {
      'DEFAULT/enabled_ssl_apis' : ensure => absent;
      'ssl/cert_file' : ensure => absent;
      'ssl/key_file' : ensure => absent;
      'ssl/ca_file' : ensure => absent;
    }
  }

  oslo::messaging::default { 'nova_config':
root@nodec28:~# awk 'NR >= 350 && NR <= 360' /etc/puppet/environments/contrail_newton/modules/contrail/manifests/profile/openstack/nova.pp
    }
    nova_config {
      'DEFAULT/enabled_ssl_apis': value => "metadata";
      'DEFAULT/nova_metadata_protocol': value => "https";
      'DEFAULT/nova_metadata_insecure': value => "True";
      'DEFAULT/ssl_cert_file': value => "/etc/nova/ssl/certs/nova.pem";
      'DEFAULT/ssl_key_file': value => "/etc/nova/ssl/private/novakey.pem";
      'DEFAULT/ssl_ca_file': value => "/etc/nova/ssl/certs/ca.pem";
    }
  }

root@nodec28:~#