kolla

fernet deploy fails

Bug #1635795 reported by bjolo on 2016-10-22

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	kolla	Fix Released	High	Mohammed Naser	kolla pike-2 "pike"

Bug Description

env: kolla stable/newton centos binary

TASK [keystone : Initialise fernet key authentication _raw_params=docker exec -t keystone_fernet kolla_keystone_bootstrap {{ keystone_username }} {{ keystone_groupname }}] ***
task path: /root/kolla-newton/ansible/roles/keystone/tasks/init_fernet.yml:2
<eselde02u32.mydomain.net> ESTABLISH SSH CONNECTION FOR USER: None
<eselde02u32.mydomain.net> SSH: EXEC ssh -C -q -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/root/.ansible/cp/ansible-ssh-%h-%p-%r eselde02u32.mydomain.net '/bin/
sh -c '"'"'LANG=en_US.UTF-8 LC_ALL=en_US.UTF-8 LC_MESSAGES=en_US.UTF-8 /usr/bin/python && sleep 0'"'"''
fatal: [eselde02u32.mydomain.net]: FAILED! => {"failed": true, "msg": "The conditional check '(fernet_create.stdout.split()[2] == 'SUCCESS') or (fernet_create.stdout.find('Key repository is already initialized') != -1)' failed. The error was: error while evaluating conditional ((fernet_create.stdout.split()[2] == 'SUCCESS') or (fernet_create.stdout.find('Key repository is
already initialized') != -1)): list object has no element 2"}

Tags:

Revision history for this message

Jeffrey Zhang (jeffrey4l) wrote on 2016-10-22:

could u provide the keystone_fernet container logs ` docker logs keystone_fernet` and run kolla keystone bootstrap manually `docker exec -t keystone_fernet kolla_keystone_bootstrap keystone keystone`

Revision history for this message

George Zhao (georgezhao) wrote on 2016-10-30:

Edit fernet-node-sync.sh.j2 and fernet-rotate.sh.j2

Enable shell for keystone user before running rsync command, if you like you can disable shell access after rsync finish.

Revision history for this message

George Zhao (georgezhao) wrote on 2016-10-31:

Ignore the previous post, wrong place. Should change the dockerfile of keystone-ssh, enable shell access for user keystone.

Paul Bourke (pauldbourke) on 2016-11-24

Changed in kolla:
status:	New → Triaged
importance:	Undecided → High

Jeffrey Zhang (jeffrey4l) on 2016-12-16

Changed in kolla:
milestone:	none → ocata-3

Jeffrey Zhang (jeffrey4l) on 2017-01-29

Changed in kolla:
milestone:	ocata-3 → ocata-rc1

Jeffrey Zhang (jeffrey4l) on 2017-02-16

Changed in kolla:
milestone:	ocata-rc1 → pike-1

Revision history for this message

Mohammed Naser (mnaser) wrote on 2017-03-17:

This is now resolved in master:

https://review.openstack.org/#/c/445690/

It has been backported to stable/newton and pending backport to stable/ocata

https://review.openstack.org/#/c/446249/
https://review.openstack.org/#/c/446248/

tags:	added: in-stable-newton
Changed in kolla:
status:	Triaged → Fix Committed
assignee:	nobody → Mohammed Naser (mnaser)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-03-18: Fix proposed to kolla (stable/newton)

Fix proposed to branch: stable/newton
Review: https://review.openstack.org/447226

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-03-20: Fix merged to kolla (stable/newton)

Reviewed: https://review.openstack.org/447226
Committed: https://git.openstack.org/cgit/openstack/kolla/commit/?id=5460ec1e9b50f2ec0abb132b3e093e783ad9fee6
Submitter: Jenkins
Branch: stable/newton

commit 5460ec1e9b50f2ec0abb132b3e093e783ad9fee6
Author: Mohammed Naser <email address hidden>
Date: Sat Mar 18 14:02:13 2017 -0400

Turn on SSH for Keystone for all distros.

    With the previous patch that was done to enable SSH access, it was
    mistakingly done to be handled only in the Ubuntu case. It should
    always be done as SSH is always needed.

    This is only a problem for the backport, the change introduced in
    master and stable/ocata relies on the new configure_user macro
    which runs regardless.

Change-Id: Ibef580748cc139f0ebf207609f934f1469222624
Closes-Bug: #1635795

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-03-27: Fix included in openstack/kolla 3.0.3

This issue was fixed in the openstack/kolla 3.0.3 release.

Jeffrey Zhang (jeffrey4l) on 2018-06-20