kolla-ansible

Keystone container exited after configure federation and add certificate_file pem

Bug #2057925 reported by vandsten7 on 2024-03-14

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	kolla-ansible	New	Undecided	Unassigned

Bug Description

Hi everyone,

I have kolla-ansible and am setting up federation with openid.
- I have an all-in-one environment:
- version kolla-ansible version 17.0.3
Everything works fine, but when I connect to IDP I have the following error. The error when I don't have certificate_file configured is the following:

oidc_util_http_call: curl_easy_perform() failed on: https://idp/idp/module.php/oidc/jwks.php (error:0A000152:SSL routines::unsafe legacy renegotiation disabled)
2024-03-13 07:24:18.234126 oidc_proto_get_keys_from_jwks_uri: could not refresh JSON Web Keys
2024-03-13 07:24:18.234135 oidc_proto_parse_idtoken: id_token signature could not be validated, aborting

And when I configure the pem file with the certificate_file variable, the following output appears when launching a deploy:

TASK [keystone : Creating admin project, user, role, service, and endpoint] ***************************************************************************************************************************************
task path: /home/kolla/mivenvs/share/kolla-ansible/ansible/roles/keystone/tasks/register.yml:2
<localhost> ESTABLISH LOCAL CONNECTION FOR USER: kolla
<localhost> EXEC /bin/sh -c 'echo ~kolla && sleep 0'
<localhost> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /home/kolla/.ansible/tmp `"&& mkdir "` echo /home/kolla/.ansible/tmp/ansible-tmp-1710415234.0050304-442931-60270736372110 `" && echo ansible-tmp-1710415234.0050304-442931-60270736372110="` echo /home/kolla/.ansible/tmp/ansible-tmp-1710415234.0050304-442931-60270736372110 `" ) && sleep 0'
Using module file /home/kolla/mivenvs/lib/python3.10/site-packages/ansible/modules/command.py
<localhost> PUT /home/kolla/.ansible/tmp/ansible-local-422131qi7mpkm7/tmpgls4ixbr TO /home/kolla/.ansible/tmp/ansible-tmp-1710415234.0050304-442931-60270736372110/AnsiballZ_command.py
<localhost> EXEC /bin/sh -c 'chmod u+x /home/kolla/.ansible/tmp/ansible-tmp-1710415234.0050304-442931-60270736372110/ /home/kolla/.ansible/tmp/ansible-tmp-1710415234.0050304-442931-60270736372110/AnsiballZ_command.py && sleep 0'
<localhost> EXEC /bin/sh -c 'sudo -H -S -n -u root /bin/sh -c '"'"'echo BECOME-SUCCESS-cwhlsqlpomcpagswjsvdnmtmwakvhktp ; /usr/bin/python3 /home/kolla/.ansible/tmp/ansible-tmp-1710415234.0050304-442931-60270736372110/AnsiballZ_command.py'"'"' && sleep 0'
<localhost> EXEC /bin/sh -c 'rm -f -r /home/kolla/.ansible/tmp/ansible-tmp-1710415234.0050304-442931-60270736372110/ > /dev/null 2>&1 && sleep 0'
failed: [localhost] (item=RegionOne) => {
    "ansible_loop_var": "item",
    "changed": true,
    "changed_when_result": "The conditional check '(keystone_bootstrap.stdout | from_json).changed' failed. The error was: Expecting value: line 1 column 1 (char 0)",
    "cmd": [
        "docker",
        "exec",
        "keystone",
        "kolla_keystone_bootstrap",
        "admin",
        "D5SoEXU0yHTABsaboy6LnpycvcaWqPP2QprtJtrv",
        "admin",
        "admin",
        "https://10.5.15.252:5000",
        "https://cloud.example.es:5000",
        "RegionOne"
    ],
    "delta": "0:00:00.024159",
    "end": "2024-03-14 12:20:34.207124",
    "invocation": {
        "module_args": {
            "_raw_params": "docker exec keystone kolla_keystone_bootstrap admin D5SoEXU0yHTABsaboy6LnpycvcaWqPP2QprtJtrv admin admin https://10.5.15.252:5000 https://cloud.example.es:5000 RegionOne\n",
            "_uses_shell": false,
            "argv": null,
            "chdir": null,
            "creates": null,
            "executable": null,
            "removes": null,
            "stdin": null,
            "stdin_add_newline": true,
            "strip_empty_ends": true
        }
    },
    "item": "RegionOne",
    "msg": "non-zero return code",
    "rc": 1,
    "start": "2024-03-14 12:20:34.182965",
    "stderr": "Error response from daemon: Container bff50ef6e0810b032263bdaf969fd23bb0d41cadda416486b403888636047323 is not running",
    "stderr_lines": [
        "Error response from daemon: Container bff50ef6e0810b032263bdaf969fd23bb0d41cadda416486b403888636047323 is not running"
    ],
    "stdout": "",
    "stdout_lines": []
}

I have harcoded somes dns registers, sorry.

Something wrong here, any help?

Best regards

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.