heat config generation fails

Bug #1489947 reported by Jesse Pretorius on 2015-08-28
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
openstack-ansible
High
Kevin Carter
Juno
High
Jesse Pretorius
Kilo
High
Jesse Pretorius
Trunk
High
Kevin Carter

Bug Description

seen several times in gate jobs:

2015-08-28 08:53:49,305 p=31456 u=root | TASK: [os_heat | Generate heat Config] ****************************************
2015-08-28 08:53:49,728 p=31456 u=root | fatal: [aio1_heat_engine_container-10498cca] => {'msg': "AnsibleUndefinedVariable: One or more undefined variables: 'dict object' has no attribute 'stack_user_domain_id'", 'failed': True}
2015-08-28 08:53:49,728 p=31456 u=root | fatal: [aio1_heat_engine_container-10498cca] => {'msg': 'One or more items failed.', 'failed': True, 'changed': False, 'results': [{'msg': "AnsibleUndefinedVariable: One or more undefined variables: 'dict object' has no attribute 'stack_user_domain_id'", 'failed': True}]}

CVE References

Changed in openstack-ansible:
status: Triaged → In Progress

The instance I've seen of this error was a downstream problem, caused by an SSH error in the heat_api container.

The problem is that the stack_user_domain_id variable is set as part of the heat_domain_setup role, which runs only for the first heat container in the group, normally the one for heat-api. If for whatever reason this container bad, the variable will not get registered.

Then the heat_post_install task runs for all heat containers, and expect this variable to be set, causing this error.

I recommend that we drop the use of the stack_user_domain_id variable and instead specify the domain by name using stack_user_domain_name. Either one of these vars can be specified in the heat config. See https://github.com/openstack/heat/blob/27525fb0e446ff36e94c8eff0c93af473e67a3e2/heat/common/config.py#L64-L73.

Jesse, feel free to assign to me if you want me to make this change.

Thanks Miguel - we already have a review up for master: https://review.openstack.org/218184

juno review: https://review.openstack.org/217098

This affects juno as we're needing to update the clients used and the updated openstack client works a little differently.

@Miguel Does the update in juno affect the solution tab?

Reviewed: https://review.openstack.org/217098
Committed: https://git.openstack.org/cgit/stackforge/os-ansible-deployment/commit/?id=5bb99c8fbac479e74c93f954b48d316e7c1755d4
Submitter: Jenkins
Branch: juno

commit 5bb99c8fbac479e74c93f954b48d316e7c1755d4
Author: Jesse Pretorius <email address hidden>
Date: Wed Aug 26 12:23:41 2015 +0100

    Updated juno to include fix for CVE-2015-3241 - 26 Aug 2015

    Updates all repo SHAs to include:
     - [OSSA 2015-015] Nova instance migration process does not stop when
       instance is deleted (CVE-2015-3241)
     - Cannot rebuild a VM created from a Cinder volume backed by NetApp
       https://review.openstack.org/203253

    This patch removes all SHA specifications for the OpenStack clients
    so that any client requirement versions are determined solely from
    the requirements of the OpenStack service and Global requirements
    files.

    This resolves issues where the client versions we carry are
    incompatible with the services, resulting in unexpected failures.

    Tempest requirements are specifically ignored as the tempest role
    downloads its required clients directly from pip.

    Finally, due to the change in the openstack-client version used the
    heat domain/role/user tasks fail as they require the CLI to specify
    the user and project domain name/id. This patch includes the CLI
    changes to ensure that the deployment completes properly.

    Change-Id: I88e705d063575f55c32350ead25bc7cc0bcdec08
    Closes-Bug: #1489947
    Closes-Bug: #1488315
    Closes-Bug: #1400881

Reviewed: https://review.openstack.org/218184
Committed: https://git.openstack.org/cgit/stackforge/os-ansible-deployment/commit/?id=a12dcaff629da2ea3ce9548f674c871e94de59c2
Submitter: Jenkins
Branch: master

commit a12dcaff629da2ea3ce9548f674c871e94de59c2
Author: kevin <email address hidden>
Date: Fri Aug 28 11:04:23 2015 +0100

    Fix the heat stack user create

    The heat stack user was being using the openstack cli tools. This has
    changed such that its now using our library. This will ensure that the
    roles, users, groups, projects, domains are created properly without
    the variability of the CLI interface and returned data.

    Closes-Bug: #1489947
    Change-Id: I3f0af0589825fa506e3618f6f39a54bf89c87d14

Changed in openstack-ansible:
status: In Progress → Fix Committed

Reviewed: https://review.openstack.org/223249
Committed: https://git.openstack.org/cgit/openstack/openstack-ansible/commit/?id=893f51a453dfbbb4e1d4e2c0c94836ed5210a6d1
Submitter: Jenkins
Branch: kilo

commit 893f51a453dfbbb4e1d4e2c0c94836ed5210a6d1
Author: kevin <email address hidden>
Date: Fri Aug 28 11:04:23 2015 +0100

    Fix the heat stack user create

    The heat stack user was being using the openstack cli tools. This has
    changed such that its now using our library. This will ensure that the
    roles, users, groups, projects, domains are created properly without
    the variability of the CLI interface and returned data.

    Closes-Bug: #1489947
    Change-Id: I3f0af0589825fa506e3618f6f39a54bf89c87d14
    (cherry-picked from commit a12dcaff629da2ea3ce9548f674c871e94de59c2)

This issue was fixed in the openstack/openstack-ansible 11.2.11 release.

This issue was fixed in the openstack/openstack-ansible 11.2.12 release.

This issue was fixed in the openstack/openstack-ansible 11.2.14 release.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers