barbican service not functional until after initial controller unlock
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
StarlingX |
Fix Released
|
Medium
|
Alexander Kozyrev |
Bug Description
Brief Description
-----------------
The barbican service is not functional after bootstrapping and before the initial controller-0 unlock. This prevents configuring a BMC username and password on controller-0 prior to the unlock.
The problem appears to be related to the Barbican service not being functional prior to unlocking controller-0. See sysinv.log below which show failures to store the BMC password prior to the unlock.
Also, prior to the unlock, the "openstack secrets" command which are backed by Barbican do not work (but does work after the unlock):
[sysadmin@
5xx Server error: Service Unavailable
Service Unavailable
...even though barbican shows up in the openstack endpoint list:
| 34fd29efbc114d8
| dc41804f6c31465
| e15ef042e4e34c1
Severity
--------
Major, controller-0 cannot be configured for BMC access until after the system has been configured.
Steps to Reproduce
------------------
1. bootstrap the system using Ansible
2. configured controller-0 as per the wiki instructions
3. configure a bmc type, user, password on controller-0
4. unlock controller-0
5. observe that there is an alarm raised against the BMC access on controller-0
Expected Behavior
------------------
The end user should be able to configure a BMC user/password prior to unlocking controller-0.
Actual Behavior
----------------
An alarm is raised and BMC access is not functional.
Reproducibility
---------------
100%
System Configuration
-------
Any system with physical BMC devices.
Branch/Pull Time/Commit
-------
20190628T013000Z
Last Pass
---------
Unknown
Timestamp/Logs
--------------
This alarm will be raised if the BMC is configured prior to unlocking controller-0:
controller-0 access to board management module has failed.
This appears to be as a result of failing to access barbican prior to the unlock as is shown by these sysinv.log logs.
2019-06-28 06:44:09.610 104162 INFO sysinv.
2019-06-28 06:44:09.610 104162 INFO sysinv.
2019-06-28 06:44:09.610 104162 INFO sysinv.
2019-06-28 06:44:09.611 104162 INFO sysinv.
2019-06-28 06:44:09.611 104162 INFO sysinv.
2019-06-28 06:44:10.044 90155 ERROR barbicanclient.
2019-06-28 06:44:10.045 90155 ERROR sysinv.
2019-06-28 06:44:10.055 90155 ERROR barbicanclient.
<head>
<title>503 Service Unavailable</title>
</head>
<body>
<h1>503 Service Unavailable</h1>
The server is currently unavailable. Please try again at a later time.<br /><br />
The Keystone service is temporarily unavailable.
</body>
</html>
2019-06-28 06:44:10.055 90155 ERROR sysinv.
2019-06-28 06:44:10.061 104162 INFO sysinv.
2019-06-28 06:44:10.061 104162 INFO sysinv.
2019-06-28 06:44:10.062 104162 INFO sysinv.
2019-06-28 06:44:10.078 104162 INFO sysinv.
2019-06-28 06:44:10.081 104162 INFO sysinv.
2019-06-28 06:44:10.081 104162 INFO sysinv.
2019-06-28 06:44:10.083 104162 INFO sysinv.
Test Activity
-------------
Sanity testing
description: | updated |
Changed in starlingx: | |
assignee: | nobody → Alex Kozyrev (akozyrev) |
tags: | added: stx.config |
Currently, Barbican is not started as part of the bootstrap. It only gets started on the unlock by SM. However, it appears that the endpoints are registered. We'll need to look at whether Barbican can get started earlier since sysinv has a dependency on it.