commit 387a20ab23b000b99692abab494c42bc6b6a76cb
Author: Andy Ning <email address hidden>
Date: Wed Jan 22 09:11:09 2020 -0500
Populate barbican region_name during bootstrap
During DC System Controller deployment, the ansible script
intermittently fails during the barbican credential creation
on ansible re-play. Even in the re-play case, it is a random
failure depending on the order of the endpoints in the service
catalog.
The reason for this to happen is that, during the initial play, the
barbican secrets are created prior to initial system configuration
population so endpoints for SystemController region are not created.
Barbican will use the RegionOne keystone endpoint. But after initial
play finished, endpoints for SystemController region are created thus
there are two keystone endpoints (RegionOne and SystemController).
With two region keystone endpoints during re-play, Barbican may pickup
SystemController region keystone endpoint during credential creation.
Yet the service for SystemController region (dcorch identity proxy) has
not started, causing the credential creation to fail.
The fix is to explicitly configure Barbican region_name to RegionOne
during bootstrap so re-play will use RegionOne keystone endpoint. Then
update Barbican region_name after service endpoints reconfiguration to
make region_name consistent with keystone service catalog, so requests
to Barbican will always succeed.
Change-Id: I7afda2806aad6437f746ca8ff39adee2d29571cf
Closes-Bug: 1859726
Signed-off-by: Andy Ning <email address hidden>
Reviewed: https:/ /review. opendev. org/703821 /git.openstack. org/cgit/ starlingx/ config/ commit/ ?id=387a20ab23b 000b99692abab49 4c42bc6b6a76cb
Committed: https:/
Submitter: Zuul
Branch: master
commit 387a20ab23b000b 99692abab494c42 bc6b6a76cb
Author: Andy Ning <email address hidden>
Date: Wed Jan 22 09:11:09 2020 -0500
Populate barbican region_name during bootstrap
During DC System Controller deployment, the ansible script
intermittently fails during the barbican credential creation
on ansible re-play. Even in the re-play case, it is a random
failure depending on the order of the endpoints in the service
catalog.
The reason for this to happen is that, during the initial play, the
barbican secrets are created prior to initial system configuration
population so endpoints for SystemController region are not created.
Barbican will use the RegionOne keystone endpoint. But after initial
play finished, endpoints for SystemController region are created thus
there are two keystone endpoints (RegionOne and SystemController).
With two region keystone endpoints during re-play, Barbican may pickup oller region keystone endpoint during credential creation.
SystemContr
Yet the service for SystemController region (dcorch identity proxy) has
not started, causing the credential creation to fail.
The fix is to explicitly configure Barbican region_name to RegionOne
during bootstrap so re-play will use RegionOne keystone endpoint. Then
update Barbican region_name after service endpoints reconfiguration to
make region_name consistent with keystone service catalog, so requests
to Barbican will always succeed.
Change-Id: I7afda2806aad64 37f746ca8ff39ad ee2d29571cf
Closes-Bug: 1859726
Signed-off-by: Andy Ning <email address hidden>