kolla-ansible

HAProxy precheck fails when kolla_externally_managed_cert is used.

  1. Series xena
  2. Bug #1940286
Bug #1940286 reported by Marc Schmitt
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
kolla-ansible
Fix Released
Medium
Magnus Lööf
Xena
In Progress
Medium
Magnus Lööf
Yoga
In Progress
Medium
Magnus Lööf
Zed
Fix Committed
Medium
Magnus Lööf

Bug Description

Running `kolla-ansible prechecks` when setting `kolla_externally_managed_cert` to True.

What happened:

```
TASK [haproxy : Fail if internal haproxy certificate is absent] *******************************************************************************************************************************************************************************
Monday 16 August 2021 19:30:03 +0200 (0:00:00.061) 0:00:50.999 *********
fatal: [node-1]: FAILED! => {"msg": "The conditional check 'not haproxy_internal_cert_file.stat.exists' failed. The error was: error while evaluating conditional (not haproxy_internal_cert_file.stat.exists): 'dict object'
 has no attribute 'stat'\n\nThe error appears to be in '/nix/store/2aghpgb78qhmflan8wz58vwcxz7b2yww-python3.9-kolla-ansible-12.1.0.dev1/share/kolla-ansible/ansible/roles/haproxy/tasks/precheck.yml': line 73, column 3, but may\nbe elsewhere
 in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n\n- name: Fail if internal haproxy certificate is absent\n ^ here\n"}
```

What you expected to happen: no error

How to reproduce it (minimal and precise):

**Environment**:
* OS (e.g. from /etc/os-release):
  * Deploy host: NixOS 21.05
  * Control/Compute: Ubuntu 20.04
* Kolla-Ansible version (e.g. `git head or tag or stable branch` or pip package version if using release): ef67fb3fc33d0f058f4d88f00c56503b3a02fcb

Revision history for this message
Marc Schmitt (risson) wrote :

The fix is available in https://review.opendev.org/c/openstack/kolla-ansible/+/804793.

OpenStack Infra (hudson-openstack)
Changed in kolla-ansible:
status: New → In Progress
Mark Goddard (mgoddard)
Changed in kolla-ansible:
importance: Undecided → Medium
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to kolla-ansible (master)

Reviewed: https://review.opendev.org/c/openstack/kolla-ansible/+/804793
Committed: https://opendev.org/openstack/kolla-ansible/commit/0858d5487e0cb2928278ee2fac66e8ad661b3f32
Submitter: "Zuul (22348)"
Branch: master

commit 0858d5487e0cb2928278ee2fac66e8ad661b3f32
Author: Marc 'risson' Schmitt <email address hidden>
Date: Mon Aug 16 19:43:12 2021 +0200

    Fix haproxy precheck when kolla_externally_managed_cert is used

    Signed-off-by: Marc 'risson' Schmitt <email address hidden>
    Closes-Bug: #1940286
    Change-Id: I647f8615e9fd0cc0db7c737ce4afbd1bdd0d40d4

Changed in kolla-ansible:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to kolla-ansible (stable/wallaby)

Fix proposed to branch: stable/wallaby
Review: https://review.opendev.org/c/openstack/kolla-ansible/+/805560

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to kolla-ansible (stable/wallaby)

Reviewed: https://review.opendev.org/c/openstack/kolla-ansible/+/805560
Committed: https://opendev.org/openstack/kolla-ansible/commit/30117a04ad449addf9ee20eb5a0e00ca1d7126e2
Submitter: "Zuul (22348)"
Branch: stable/wallaby

commit 30117a04ad449addf9ee20eb5a0e00ca1d7126e2
Author: Marc 'risson' Schmitt <email address hidden>
Date: Mon Aug 16 19:43:12 2021 +0200

    Fix haproxy precheck when kolla_externally_managed_cert is used

    Signed-off-by: Marc 'risson' Schmitt <email address hidden>
    Closes-Bug: #1940286
    Change-Id: I647f8615e9fd0cc0db7c737ce4afbd1bdd0d40d4
    (cherry picked from commit 0858d5487e0cb2928278ee2fac66e8ad661b3f32)

tags: added: in-stable-wallaby
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/kolla-ansible 12.2.0

This issue was fixed in the openstack/kolla-ansible 12.2.0 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/kolla-ansible 13.0.0.0rc1

This issue was fixed in the openstack/kolla-ansible 13.0.0.0rc1 release candidate.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix proposed to kolla-ansible (master)

Related fix proposed to branch: master
Review: https://review.opendev.org/c/openstack/kolla-ansible/+/866938

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix merged to kolla-ansible (master)

Reviewed: https://review.opendev.org/c/openstack/kolla-ansible/+/866938
Committed: https://opendev.org/openstack/kolla-ansible/commit/fdacf9d1d9819f3d9ebe4c2bbdace11b502086a9
Submitter: "Zuul (22348)"
Branch: master

commit fdacf9d1d9819f3d9ebe4c2bbdace11b502086a9
Author: Magnus Lööf <email address hidden>
Date: Wed Dec 7 18:44:12 2022 +0100

    Fix faulty precheck for RabbitMQ

    When using externally managed certificates, according to [1],
    one should set `kolla_externally_managed_cert: yes` and ensure
    that the certificates are in the correct place.

    However, RabbitMQ precheck still expects the certificates to be
    available on the controller node. This is incorrect.

    Fix by not running the tasks in question when `kolla_externally_managed_cert: yes`

    [1] https://docs.openstack.org/kolla-ansible/latest/admin/tls.html

    Closes-Bug: 1999081
    Related-Bug: 1940286
    Signed-off-by: Magnus Lööf <email address hidden>
    Change-Id: I9f845a7bdf5055165e199ab1887ed3ccbfb9d808

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix proposed to kolla-ansible (stable/xena)

Related fix proposed to branch: stable/xena
Review: https://review.opendev.org/c/openstack/kolla-ansible/+/881319

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix proposed to kolla-ansible (stable/zed)

Related fix proposed to branch: stable/zed
Review: https://review.opendev.org/c/openstack/kolla-ansible/+/881320

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Change abandoned on kolla-ansible (stable/zed)

Change abandoned by "Magnus Lööf <email address hidden>" on branch: stable/zed
Review: https://review.opendev.org/c/openstack/kolla-ansible/+/881320
Reason: wrong branch

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix proposed to kolla-ansible (stable/yoga)

Related fix proposed to branch: stable/yoga
Review: https://review.opendev.org/c/openstack/kolla-ansible/+/881321

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix merged to kolla-ansible (stable/zed)

Reviewed: https://review.opendev.org/c/openstack/kolla-ansible/+/881320
Committed: https://opendev.org/openstack/kolla-ansible/commit/5f01fa1d53919ca84e35d3021729f69779547e04
Submitter: "Zuul (22348)"
Branch: stable/zed

commit 5f01fa1d53919ca84e35d3021729f69779547e04
Author: Magnus Lööf <email address hidden>
Date: Wed Dec 7 18:44:12 2022 +0100

    Fix faulty precheck for RabbitMQ

    When using externally managed certificates, according to [1],
    one should set `kolla_externally_managed_cert: yes` and ensure
    that the certificates are in the correct place.

    However, RabbitMQ precheck still expects the certificates to be
    available on the controller node. This is incorrect.

    Fix by not running the tasks in question when `kolla_externally_managed_cert: yes`

    [1] https://docs.openstack.org/kolla-ansible/latest/admin/tls.html

    Closes-Bug: 1999081
    Related-Bug: 1940286
    Signed-off-by: Magnus Lööf <email address hidden>
    Change-Id: I9f845a7bdf5055165e199ab1887ed3ccbfb9d808
    (cherry picked from commit fdacf9d1d9819f3d9ebe4c2bbdace11b502086a9)

tags: added: in-stable-zed
Maksim Malchuk (mmalchuk)
Changed in kolla-ansible:
assignee: nobody → Magnus Lööf (magnus-loof)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix merged to kolla-ansible (stable/yoga)

Reviewed: https://review.opendev.org/c/openstack/kolla-ansible/+/881321
Committed: https://opendev.org/openstack/kolla-ansible/commit/ca25ca18e92f6ce2720e83620feb9172e9eb7d1a
Submitter: "Zuul (22348)"
Branch: stable/yoga

commit ca25ca18e92f6ce2720e83620feb9172e9eb7d1a
Author: Magnus Lööf <email address hidden>
Date: Wed Dec 7 18:44:12 2022 +0100

    Fix faulty precheck for RabbitMQ

    When using externally managed certificates, according to [1],
    one should set `kolla_externally_managed_cert: yes` and ensure
    that the certificates are in the correct place.

    However, RabbitMQ precheck still expects the certificates to be
    available on the controller node. This is incorrect.

    Fix by not running the tasks in question when `kolla_externally_managed_cert: yes`

    [1] https://docs.openstack.org/kolla-ansible/latest/admin/tls.html

    Closes-Bug: 1999081
    Related-Bug: 1940286
    Signed-off-by: Magnus Lööf <email address hidden>
    Change-Id: I9f845a7bdf5055165e199ab1887ed3ccbfb9d808
    (cherry picked from commit fdacf9d1d9819f3d9ebe4c2bbdace11b502086a9)

tags: added: in-stable-yoga
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix merged to kolla-ansible (stable/xena)

Reviewed: https://review.opendev.org/c/openstack/kolla-ansible/+/881319
Committed: https://opendev.org/openstack/kolla-ansible/commit/3252bbf61f437f7729c106594a33e7f7c06f2e8f
Submitter: "Zuul (22348)"
Branch: stable/xena

commit 3252bbf61f437f7729c106594a33e7f7c06f2e8f
Author: Magnus Lööf <email address hidden>
Date: Wed Dec 7 18:44:12 2022 +0100

    Fix faulty precheck for RabbitMQ

    When using externally managed certificates, according to [1],
    one should set `kolla_externally_managed_cert: yes` and ensure
    that the certificates are in the correct place.

    However, RabbitMQ precheck still expects the certificates to be
    available on the controller node. This is incorrect.

    Fix by not running the tasks in question when `kolla_externally_managed_cert: yes`

    [1] https://docs.openstack.org/kolla-ansible/latest/admin/tls.html

    Closes-Bug: 1999081
    Related-Bug: 1940286
    Signed-off-by: Magnus Lööf <email address hidden>
    Change-Id: I9f845a7bdf5055165e199ab1887ed3ccbfb9d808
    (cherry picked from commit fdacf9d1d9819f3d9ebe4c2bbdace11b502086a9)

tags: added: in-stable-xena
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.