os_keystone(master): task "Distribute the fernet key repository" fails
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| OpenStack-Ansible |
Fix Released
|
Undecided
|
Unassigned | ||
Bug Description
With master branch, the task "Distribute the fernet key repository" of os_keystone fails with the following error:
"stderr_lines": ["Warning: Permanently added '192.168.10.249' (ECDSA) to the list of known hosts.", "keystone@
Reason of this is that keystone containers have not been configured to let keystone user SSH connect properly.
Proposed fix is to configure authorized_key the same way it was previously done with the task keystone_
Suggested fix:
iff --git a/tasks/
index 287173b..e8da41a 100644
--- a/tasks/
+++ b/tasks/
@@ -43,3 +43,14 @@
file:
path: "{{ keystone_
state: absent
+
+# Suggested fix: needed for distributing the fernet key repository
+- name: Create authorized keys file from host vars
+ authorized_key:
+ user: "{{ keystone_
+ key: "{{ lookup('file', '{{ keystone_pubkey }}') }}"
+ vars:
+ keystone_pubkey: "{{ keystone_
+ when: _keystone_
+ delegate_to: "{{ item }}"
+ with_items: "{{ ansible_play_hosts }}"
| Arash Sadeghi (ar-sadeghi) wrote | #1 |
| Dmitriy Rabotyagov (noonedeadpunk) wrote | #2 |
| OpenStack Infra (hudson-openstack) wrote Fix proposed to openstack-ansible (master) | #3 |
| Changed in openstack-ansible: | |
| status: | New → In Progress |
| OpenStack Infra (hudson-openstack) wrote Fix merged to openstack-ansible (master) | #4 |
| Changed in openstack-ansible: | |
| status: | In Progress → Fix Released |
| OpenStack Infra (hudson-openstack) wrote Fix included in openstack/openstack-ansible 25.0.0.0b1 | #5 |
Unfortunately this fix didn't work for me. I had to copy the keys to the new keystone container and set the permissions manually.