Adding TLS Connection String To Database Connection Causes malformed URL in cell_mappings DB
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| | OpenStack Compute (nova) |
High
|
Unassigned | ||
| | Ocata |
High
|
Unassigned | ||
Bug Description
Description
===========
Fresh Install
Ubuntu 16.04
I followed Ubuntu install guide up to Install Nova on Controller, I configured Nova.conf and specified api_database and database connection string with SSL/TLS Parameters, then ran the DB commands. The following are successful.
su -s /bin/sh -c "nova-manage api_db sync" nova
su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova
su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova
The following command fails with error
su -s /bin/sh -c "nova-manage db sync" nova
ERROR: could not access cell mapping database - has api db been created?
My connection string is as follows
connection = mysql+pymysql:
The following connection string is what appears in the database table
mysql+pymysql:
<mriedem> on #openstack-nova suggests that this is a string substitution bug.
Steps to reproduce
===============
1. Install Ubuntu 16.04
2. Install Keystone
3. Configure Database connection string with TLS/SSL Parameters
4. Install Glance
5. Configure Database connection string with TLS/SSL Parameters
6. Install Nova
7. Configure Database connection string with TLS/SSL Parameters
8. Run the DB sync commands in order from the Docs
Failure at > su -s /bin/sh -c "nova-manage db sync" nova
Expected result
===============
Nova database Populates without error
Actual result
=============
Nova database does not populate and following error thrown
ERROR: could not access cell mapping database - has api db been created?
Environment
===========
Ocata
Ubuntu cloud Archive
nova-api 2:15.0.
nova-common 2:15.0.
nova-conductor 2:15.0.
nova-consoleauth 2:15.0.
nova-novncproxy 2:15.0.
nova-placement-api 2:15.0.
nova-scheduler 2:15.0.
python-nova 2:15.0.
python-novaclient 2:7.1.0-
OpenVSwitch
KVM
Logs & Configs
==============
[DEFAULT]
#debug = true
#######
#dhcpbridge_
#dhcpbridge=
#force_
#######
my_ip = my_ip
state_path = /var/lib/nova
####
enabled_apis = osapi_compute,
enabled_ssl_apis = osapi_compute,
####
osapi_compute_
osapi_compute_
####
metadata_host = $my_ip
metadata_listen = my_ip
metadata_
metadata_port = 8775
#####
rootwrap_config = /etc/nova/
api_paste_config = /etc/nova/
log_dir = /var/log/nova
use_neutron = True
firewall_driver = nova.virt.
######
cert = /etc/nova/
key = /etc/nova/
ssl_only = True
transport_url = rabbit:
compute_
[api]
auth_strategy = keystone
[api_database]
connection = mysql+pymysql:
#connection_debug = 1
[barbican]
[cache]
[cells]
enable=True
cell_type = api
[cinder]
[cloudpipe]
[conductor]
[console]
[consoleauth]
[cors]
[cors.subdomain]
[crypto]
##
cert_file = /etc/nova/
key_file = /etc/nova/
ca_file = /etc/nova/
##
[database]
connection = mysql+pymysql:
#connection_debug = 1
[ephemeral_
[filter_scheduler]
[glance]
api_servers = https:/
api_insecure = False
[guestfs]
[healthcheck]
[hyperv]
[image_file_url]
[ironic]
[key_manager]
[keystone_
auth_uri = https:/
auth_url = https:/
memcached_servers = my_ip:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = my_password
###
certfile = /etc/nova/
keyfile = /etc/nova/
cafile = /etc/nova/
service_
###
[libvirt]
[matchmaker_redis]
[metrics]
[mks]
[neutron]
[notifications]
[osapi_v21]
[oslo_concurrency]
lock_path=
[oslo_messaging
[oslo_messaging
[oslo_messaging
[oslo_messaging
rabbit_use_ssl = True
kombu_ssl_keyfile = /etc/nova/
kombu_ssl_certfile = /etc/nova/
kombu_ssl_ca_certs = /etc/nova/
kombu_ssl_version = TLSv1_2
rpc_reply_
rpc_retry_delay = 10.0
socket_timeout = 0.25
tcp_user_timeout = 10.0
[oslo_messaging
[oslo_middleware]
[oslo_policy]
[pci]
[placement]
os_region_name = RegionOne
project_domain_name = Default
project_name = service
user_domain_name = Default
username = placement
password = my_password
auth_url = https:/
auth_type = password
certfile = /etc/nova/
keyfile = /etc/nova/
cafile = /etc/nova/
insecure = False
[quota]
[rdp]
[remote_debug]
[scheduler]
[serial_console]
[service_user]
[spice]
[ssl]
cert_file = /etc/nova/
key_file = /etc/nova/
ca_file = /etc/nova/
ciphers = AES256-GCM-SHA384
version = TLSv1_2
[trusted_computing]
[upgrade_levels]
[vendordata_
[vmware]
[vnc]
enabled = True
vncserver_listen = 0.0.0.0
vncserver_
novncproxy_base_url = https:/
[workarounds]
[wsgi]
api_paste_
secure_
ssl_key_file = /etc/nova/
ssl_cert_file = /etc/nova/
ssl_ca_file = /etc/nova/
[xenserver]
[xvp]
| Kyle Dean (k.s-dean) wrote : | #1 |
| Matt Riedemann (mriedem) wrote : | #2 |
| Changed in nova: | |
| status: | New → Confirmed |
| importance: | Undecided → High |
| Matt Riedemann (mriedem) wrote : | #3 |
The workaround for now is specify the --database_
Reviewed: https:/
Committed: https:/
Submitter: Jenkins
Branch: master
commit 05f3d9d39b7b95f
Author: Matt Riedemann <email address hidden>
Date: Mon Jul 24 11:30:35 2017 -0400
Provide hints when nova-manage db sync fails to sync cell0
Lots of people get tripped up on the error message when
syncing cell0 fails and the question asked is confusing and
possibly misleading, so this change includes several questions
for troubleshooting and also dumps the actual error message.
Related-Bug: #1706118
Change-Id: I865f76705f1049
Related fix proposed to branch: stable/pike
Review: https:/
Related fix proposed to branch: stable/ocata
Review: https:/
Reviewed: https:/
Committed: https:/
Submitter: Jenkins
Branch: stable/pike
commit 423c7bbdb99e14f
Author: Matt Riedemann <email address hidden>
Date: Mon Jul 24 11:30:35 2017 -0400
Provide hints when nova-manage db sync fails to sync cell0
Lots of people get tripped up on the error message when
syncing cell0 fails and the question asked is confusing and
possibly misleading, so this change includes several questions
for troubleshooting and also dumps the actual error message.
Related-Bug: #1706118
Change-Id: I865f76705f1049
(cherry picked from commit 05f3d9d39b7b95f
| tags: | added: in-stable-pike |
Reviewed: https:/
Committed: https:/
Submitter: Jenkins
Branch: stable/ocata
commit b55ca354463a387
Author: Matt Riedemann <email address hidden>
Date: Mon Jul 24 11:30:35 2017 -0400
Provide hints when nova-manage db sync fails to sync cell0
Lots of people get tripped up on the error message when
syncing cell0 fails and the question asked is confusing and
possibly misleading, so this change includes several questions
for troubleshooting and also dumps the actual error message.
Related-Bug: #1706118
Change-Id: I865f76705f1049
(cherry picked from commit 05f3d9d39b7b95f
| tags: | added: in-stable-ocata |
As noted in IRC, it sounds like another variant of bug 1673613 which was fixed in Ocata 15.0.5:
https:/
Which is what's being used here, so probably another case we need to handle in this code:
https:/
And that's parsed from the nova (cell1) database connection string, which from above is this:
"mysql+