OpenStack-Ansible

it's not possible to change cinder or nova ceph client via user_variables for the ceph_client role

Bug #1605302 reported by Marc Gariépy on 2016-07-21

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	OpenStack-Ansible	Fix Released	Low	Marc Gariépy

Bug Description

git tag used: f7d0a73 (tag: 13.1.3)
version of ansible : 1.9.4

step to reproduce the issue:

1- configure cinder to use ceph
2- change cinder ceph client: 'cinder_ceph_client: volumes' to your /etc/openstack_deploy/user_variables.yml
3- run the playbook
root@server:/opt/openstack-ansible/playbooks# openstack-ansible os-cinder-install.yml --tag ceph-client,cinder-config --limit controller01_cinder_volumes_container-1d90e689

cinder.conf gets the correct value for rbd_user.

EXPECTED the retrieve keyring task to get the key for client.volumes, but it fails with trying to get client.cinder key instead.

--- logs ---
TASK: [ceph_client | Retrieve keyrings for openstack clients from ceph cluster] ***
skipping: [controller01_cinder_volumes_container-1d90e689] => (item=({'component': 'glance_api', 'service': ['glance-api'], 'package': ['python-ceph']}, u'images'))
<172.16.20.9> ESTABLISH CONNECTION FOR USER: root
<172.16.20.9> REMOTE_MODULE command ceph auth get client.cinder >/dev/null && ceph auth get-or-create client.cinder #USE_SHELL
<172.16.20.9> EXEC ssh -C -v -o ControlMaster=auto -o ControlPersist=60s -o ControlPath="/root/.ansible/cp/ansible-ssh-%h-%p-%r" -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=120 172.16.20.9 /bin/sh -c 'LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python'
<172.16.20.9> REMOTE_MODULE command ceph auth get client.cinder >/dev/null && ceph auth get-or-create client.cinder #USE_SHELL
<172.16.20.9> EXEC ssh -C -v -o ControlMaster=auto -o ControlPersist=60s -o ControlPath="/root/.ansible/cp/ansible-ssh-%h-%p-%r" -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=120 172.16.20.9 /bin/sh -c 'LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python'
Result from run 1 is: {u'cmd': u'ceph auth get client.cinder >/dev/null && ceph auth get-or-create client.cinder', u'end': u'2016-07-21 15:22:26.694645', u'stdout': u'', u'changed': True, 'attempts': 1, u'start': u'2016-07-21 15:22:26.352757', u'delta': u'0:00:00.341888', u'stderr': u'Error ENOENT: failed to find client.cinder in keyring', u'rc': 2, u'warnings': []}
<172.16.20.9> REMOTE_MODULE command ceph auth get client.cinder >/dev/null && ceph auth get-or-create client.cinder #USE_SHELL
<172.16.20.9> EXEC ssh -C -v -o ControlMaster=auto -o ControlPersist=60s -o ControlPath="/root/.ansible/cp/ansible-ssh-%h-%p-%r" -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=120 172.16.20.9 /bin/sh -c 'LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python'
Result from run 2 is: {u'cmd': u'ceph auth get client.cinder >/dev/null && ceph auth get-or-create client.cinder', u'end': u'2016-07-21 15:22:32.185656', u'stdout': u'', u'changed': True, 'attempts': 2, u'start': u'2016-07-21 15:22:31.842537', u'delta': u'0:00:00.343119', u'stderr': u'Error ENOENT: failed to find client.cinder in keyring', u'rc': 2, u'warnings': []}
<172.16.20.9> REMOTE_MODULE command ceph auth get client.cinder >/dev/null && ceph auth get-or-create client.cinder #USE_SHELL
<172.16.20.9> EXEC ssh -C -v -o ControlMaster=auto -o ControlPersist=60s -o ControlPath="/root/.ansible/cp/ansible-ssh-%h-%p-%r" -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=120 172.16.20.9 /bin/sh -c 'LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python'
Result from run 3 is: {u'cmd': u'ceph auth get client.cinder >/dev/null && ceph auth get-or-create client.cinder', u'end': u'2016-07-21 15:22:37.674596', u'stdout': u'', u'changed': True, 'attempts': 3, u'start': u'2016-07-21 15:22:37.332419', u'delta': u'0:00:00.342177', u'stderr': u'Error ENOENT: failed to find client.cinder in keyring', u'rc': 2, u'warnings': []}
failed: [controller01_cinder_volumes_container-1d90e689 -> 172.16.20.9] => (item=({'component': 'cinder_volume', 'service': ['cinder-volume', 'cinder-backup'], 'package': ['ceph', 'ceph-common', 'python-ceph']}, u'cinder')) => {"attempts": 3, "changed": false, "cmd": "ceph auth get client.cinder >/dev/null && ceph auth get-or-create client.cinder", "delta": "0:00:00.342177", "end": "2016-07-21 15:22:37.674596", "failed": true, "item": [{"component": "cinder_volume", "package": ["ceph", "ceph-common", "python-ceph"], "service": ["cinder-volume", "cinder-backup"]}, "cinder"], "rc": 2, "start": "2016-07-21 15:22:37.332419", "stdout_lines": [], "warnings": []}
stderr: Error ENOENT: failed to find client.cinder in keyring
msg: Task failed as maximum retries was encountered
skipping: [controller01_cinder_volumes_container-1d90e689 -> 172.16.20.9] => (item=({'component': 'cinder_backup', 'service': ['cinder-volume', 'cinder-backup'], 'package': ['ceph', 'ceph-common', 'python-ceph']}, u'cinder-backup'))
skipping: [controller01_cinder_volumes_container-1d90e689 -> 172.16.20.9] => (item=({'component': 'nova_compute', 'service': ['nova-compute'], 'package': ['libvirt-bin', 'ceph', 'ceph-common', 'python-ceph']}, u'cinder'))

FATAL: all hosts have already failed -- aborting
--- end logs ---

proposed fix: https://review.openstack.org/#/c/335149/

Tags:

OpenStack Infra (hudson-openstack) on 2016-07-22

Changed in openstack-ansible:
assignee:	nobody → Jesse Pretorius (jesse-pretorius)
status:	New → In Progress

Jesse Pretorius (jesse-pretorius) on 2016-08-09

Changed in openstack-ansible:
assignee:	Jesse Pretorius (jesse-pretorius) → nobody

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-08-10: Fix proposed to openstack-ansible (stable/mitaka)

Fix proposed to branch: stable/mitaka
Review: https://review.openstack.org/353420

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-08-10: Change abandoned on openstack-ansible (master)

Change abandoned by Marc Gariépy (<email address hidden>) on branch: master
Review: https://review.openstack.org/335149
Reason: the override works correctly with Ansible 2.1.0 so dropping this patch.

Marc Gariépy (mgariepy) on 2016-08-10

Changed in openstack-ansible:
assignee:	nobody → Marc Gariépy (mgariepy)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-08-12: Change abandoned on openstack-ansible (stable/mitaka)

Change abandoned by Marc Gariépy (<email address hidden>) on branch: stable/mitaka
Review: https://review.openstack.org/353420
Reason: fixed in ansible 1.9.6

https://github.com/ansible/ansible/pull/14652

Jesse Pretorius (jesse-pretorius) on 2016-10-06

Changed in openstack-ansible:
status:	In Progress → New

Marc Gariépy (mgariepy) on 2016-10-06

Changed in openstack-ansible:
status:	New → Incomplete
status:	Incomplete → New

Revision history for this message

Jean-Philippe Evrard (jean-philippe-evrard) wrote on 2016-10-11:

In our bug triage of today, we decided to document this as a "known issue".

Changed in openstack-ansible:
status:	New → Confirmed
importance:	Undecided → Low
tags:	added: low-hanging-fruit

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-10-11: Fix proposed to openstack-ansible (stable/mitaka)

Fix proposed to branch: stable/mitaka
Review: https://review.openstack.org/385107

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-10-12: Fix merged to openstack-ansible (stable/mitaka)

Reviewed: https://review.openstack.org/385107
Committed: https://git.openstack.org/cgit/openstack/openstack-ansible/commit/?id=9489c8f5c9391ababf25f3d4fbf80340692ab081
Submitter: Jenkins
Branch: stable/mitaka

commit 9489c8f5c9391ababf25f3d4fbf80340692ab081
Author: Marc Gariepy <email address hidden>
Date: Tue Oct 11 13:42:58 2016 -0400

Add documentation for known-issue with ceph client.

Change-Id: If938fa254f7c6c50cf0b2fbc91ea740799a2c241
Closes-Bug: 1605302

tags:

added: in-stable-mitaka

Revision history for this message

Jesse Pretorius (jesse-pretorius) wrote on 2016-10-12:

Marking as fix released as I think the release note is good enough to cover it.

Changed in openstack-ansible:
status:	Confirmed → Fix Released

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-10-17: Fix included in openstack/openstack-ansible 13.3.5

This issue was fixed in the openstack/openstack-ansible 13.3.5 release.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.