it's not possible to change cinder or nova ceph client via user_variables for the ceph_client role

Bug #1605302 reported by Marc Gariépy on 2016-07-21
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
openstack-ansible
Low
Marc Gariépy

Bug Description

git tag used: f7d0a73 (tag: 13.1.3)
version of ansible : 1.9.4

step to reproduce the issue:

1- configure cinder to use ceph
2- change cinder ceph client: 'cinder_ceph_client: volumes' to your /etc/openstack_deploy/user_variables.yml
3- run the playbook
root@server:/opt/openstack-ansible/playbooks# openstack-ansible os-cinder-install.yml --tag ceph-client,cinder-config --limit controller01_cinder_volumes_container-1d90e689

cinder.conf gets the correct value for rbd_user.

EXPECTED the retrieve keyring task to get the key for client.volumes, but it fails with trying to get client.cinder key instead.

--- logs ---
TASK: [ceph_client | Retrieve keyrings for openstack clients from ceph cluster] ***
skipping: [controller01_cinder_volumes_container-1d90e689] => (item=({'component': 'glance_api', 'service': ['glance-api'], 'package': ['python-ceph']}, u'images'))
<172.16.20.9> ESTABLISH CONNECTION FOR USER: root
<172.16.20.9> REMOTE_MODULE command ceph auth get client.cinder >/dev/null && ceph auth get-or-create client.cinder #USE_SHELL
<172.16.20.9> EXEC ssh -C -v -o ControlMaster=auto -o ControlPersist=60s -o ControlPath="/root/.ansible/cp/ansible-ssh-%h-%p-%r" -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=120 172.16.20.9 /bin/sh -c 'LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python'
<172.16.20.9> REMOTE_MODULE command ceph auth get client.cinder >/dev/null && ceph auth get-or-create client.cinder #USE_SHELL
<172.16.20.9> EXEC ssh -C -v -o ControlMaster=auto -o ControlPersist=60s -o ControlPath="/root/.ansible/cp/ansible-ssh-%h-%p-%r" -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=120 172.16.20.9 /bin/sh -c 'LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python'
Result from run 1 is: {u'cmd': u'ceph auth get client.cinder >/dev/null && ceph auth get-or-create client.cinder', u'end': u'2016-07-21 15:22:26.694645', u'stdout': u'', u'changed': True, 'attempts': 1, u'start': u'2016-07-21 15:22:26.352757', u'delta': u'0:00:00.341888', u'stderr': u'Error ENOENT: failed to find client.cinder in keyring', u'rc': 2, u'warnings': []}
<172.16.20.9> REMOTE_MODULE command ceph auth get client.cinder >/dev/null && ceph auth get-or-create client.cinder #USE_SHELL
<172.16.20.9> EXEC ssh -C -v -o ControlMaster=auto -o ControlPersist=60s -o ControlPath="/root/.ansible/cp/ansible-ssh-%h-%p-%r" -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=120 172.16.20.9 /bin/sh -c 'LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python'
Result from run 2 is: {u'cmd': u'ceph auth get client.cinder >/dev/null && ceph auth get-or-create client.cinder', u'end': u'2016-07-21 15:22:32.185656', u'stdout': u'', u'changed': True, 'attempts': 2, u'start': u'2016-07-21 15:22:31.842537', u'delta': u'0:00:00.343119', u'stderr': u'Error ENOENT: failed to find client.cinder in keyring', u'rc': 2, u'warnings': []}
<172.16.20.9> REMOTE_MODULE command ceph auth get client.cinder >/dev/null && ceph auth get-or-create client.cinder #USE_SHELL
<172.16.20.9> EXEC ssh -C -v -o ControlMaster=auto -o ControlPersist=60s -o ControlPath="/root/.ansible/cp/ansible-ssh-%h-%p-%r" -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=120 172.16.20.9 /bin/sh -c 'LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python'
Result from run 3 is: {u'cmd': u'ceph auth get client.cinder >/dev/null && ceph auth get-or-create client.cinder', u'end': u'2016-07-21 15:22:37.674596', u'stdout': u'', u'changed': True, 'attempts': 3, u'start': u'2016-07-21 15:22:37.332419', u'delta': u'0:00:00.342177', u'stderr': u'Error ENOENT: failed to find client.cinder in keyring', u'rc': 2, u'warnings': []}
failed: [controller01_cinder_volumes_container-1d90e689 -> 172.16.20.9] => (item=({'component': 'cinder_volume', 'service': ['cinder-volume', 'cinder-backup'], 'package': ['ceph', 'ceph-common', 'python-ceph']}, u'cinder')) => {"attempts": 3, "changed": false, "cmd": "ceph auth get client.cinder >/dev/null && ceph auth get-or-create client.cinder", "delta": "0:00:00.342177", "end": "2016-07-21 15:22:37.674596", "failed": true, "item": [{"component": "cinder_volume", "package": ["ceph", "ceph-common", "python-ceph"], "service": ["cinder-volume", "cinder-backup"]}, "cinder"], "rc": 2, "start": "2016-07-21 15:22:37.332419", "stdout_lines": [], "warnings": []}
stderr: Error ENOENT: failed to find client.cinder in keyring
msg: Task failed as maximum retries was encountered
skipping: [controller01_cinder_volumes_container-1d90e689 -> 172.16.20.9] => (item=({'component': 'cinder_backup', 'service': ['cinder-volume', 'cinder-backup'], 'package': ['ceph', 'ceph-common', 'python-ceph']}, u'cinder-backup'))
skipping: [controller01_cinder_volumes_container-1d90e689 -> 172.16.20.9] => (item=({'component': 'nova_compute', 'service': ['nova-compute'], 'package': ['libvirt-bin', 'ceph', 'ceph-common', 'python-ceph']}, u'cinder'))

FATAL: all hosts have already failed -- aborting
--- end logs ---

proposed fix: https://review.openstack.org/#/c/335149/

Changed in openstack-ansible:
assignee: nobody → Jesse Pretorius (jesse-pretorius)
status: New → In Progress
Changed in openstack-ansible:
assignee: Jesse Pretorius (jesse-pretorius) → nobody

Change abandoned by Marc Gariépy (<email address hidden>) on branch: master
Review: https://review.openstack.org/335149
Reason: the override works correctly with Ansible 2.1.0 so dropping this patch.

Marc Gariépy (mgariepy) on 2016-08-10
Changed in openstack-ansible:
assignee: nobody → Marc Gariépy (mgariepy)

Change abandoned by Marc Gariépy (<email address hidden>) on branch: stable/mitaka
Review: https://review.openstack.org/353420
Reason: fixed in ansible 1.9.6

https://github.com/ansible/ansible/pull/14652

Changed in openstack-ansible:
status: In Progress → New
Marc Gariépy (mgariepy) on 2016-10-06
Changed in openstack-ansible:
status: New → Incomplete
status: Incomplete → New

In our bug triage of today, we decided to document this as a "known issue".

Changed in openstack-ansible:
status: New → Confirmed
importance: Undecided → Low
tags: added: low-hanging-fruit

Reviewed: https://review.openstack.org/385107
Committed: https://git.openstack.org/cgit/openstack/openstack-ansible/commit/?id=9489c8f5c9391ababf25f3d4fbf80340692ab081
Submitter: Jenkins
Branch: stable/mitaka

commit 9489c8f5c9391ababf25f3d4fbf80340692ab081
Author: Marc Gariepy <email address hidden>
Date: Tue Oct 11 13:42:58 2016 -0400

    Add documentation for known-issue with ceph client.

    Change-Id: If938fa254f7c6c50cf0b2fbc91ea740799a2c241
    Closes-Bug: 1605302

tags: added: in-stable-mitaka

Marking as fix released as I think the release note is good enough to cover it.

Changed in openstack-ansible:
status: Confirmed → Fix Released

This issue was fixed in the openstack/openstack-ansible 13.3.5 release.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers