OpenStack-Ansible

[os_keystone] Error when installing keystone with LDAP

Bug #1800425 reported by Christian Zunker on 2018-10-29

This bug affects 3 people

Affects		Status	Importance	Assigned to	Milestone
	OpenStack-Ansible	Fix Released	Undecided	Unassigned

Bug Description

osa version: 17.1.1 on Ubuntu

We are trying to upgrade pike to queens with osa 17.1.1.
We have a three controller setup and keystone installation works on the first container, but fails on the remaining two during the task "Create Keystone LDAP domains":
SSL exception connecting to https://172.29.236.254:35357/v3/auth/tokens: HTTPSConnectionPool(host='172.29.236.254', port=35357): Max retries exceeded with url: /v3/auth/tokens (Caused by SSLError(SSLEOFError(8, u'EOF occurred in violation of protocol

The problem is the HAProxy backend. Alle keystone backends are in status MAINT. With the first container, only one container gets disabled in the backend, but not enabled again, after the keystone installation is finished for this container.

These are the tasks:
TASK [Set haproxy service state] **************************************************************************************************************************************************************************************************************************************************************************************************************************************************************
Monday 29 October 2018 06:10:40 +0000 (0:00:00.167) 0:02:27.497 ********
[WARNING]: The loop variable 'item' is already in use. You should set the `loop_var` value in the `loop_control` option for the task to something else to avoid variable collisions and unexpected behavior.

ok: [ctr003_keystone_container-2bdcda67 -> 172.20.20.23] => (item=ctr003)
ok: [ctr003_keystone_container-2bdcda67 -> 172.20.20.14] => (item=ctr002)
ok: [ctr003_keystone_container-2bdcda67 -> 172.20.20.16] => (item=ctr001)

TASK [Set haproxy service state] **************************************************************************************************************************************************************************************************************************************************************************************************************************************************************
Monday 29 October 2018 06:10:44 +0000 (0:00:03.771) 0:02:31.268 ********
[WARNING]: The loop variable 'item' is already in use. You should set the `loop_var` value in the `loop_control` option for the task to something else to avoid variable collisions and unexpected behavior.

My guess is, this only happens when tasks are executed which need access to keystone while keystone is installed.
The only other hint I found is about cinder:
http://eavesdrop.openstack.org/irclogs/%23openstack-ansible/%23openstack-ansible.2018-03-23.log.html#t2018-03-23T01:20:42

The above problem might be gone, when this is merged:
https://review.openstack.org/#/c/504795/

Revision history for this message

Christian Zunker (christian-zunker) wrote on 2018-10-29:

The way it is done in stable/rocky works for me with queens:
https://github.com/openstack/openstack-ansible/blob/stable/rocky/playbooks/os-keystone-install.yml#L117

Revision history for this message

Mohammed Naser (mnaser) wrote on 2018-10-30:

This was fixed here:

https://github.com/openstack/openstack-ansible/commit/d350df49f30f38d180422af7b7b4559ac6b31b30

Pending the next release of OSA Queens.

Changed in openstack-ansible:
status:	New → Fix Committed

Revision history for this message

Jesse Pretorius (jesse-pretorius) wrote on 2018-10-30:

Actually, it was released in 17.1.2

Changed in openstack-ansible:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.