StarlingX

keystone-fernet-keys-rotate-active script uses sysinv DB to grep for alarms

Bug #1862825 reported by Tao Liu
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
StarlingX
Fix Released
Medium
Tao Liu

Bug Description

Brief Description
-----------------
While monitoring the dcorch audit CPU usage, I attempted to trigger a fernet key rotation using the keystone-fernet-keys-rotate-active script. I noticed that the script grepping for Platform CPU threshold exceeded alarm from the sysinv DB, while the alarm tables had been moved to the FM DB.

The keystone-fernet-keys-rotate-active script would attempt to run the keystone key rotate command on an idle core, if the Platform CPU threshold exceeded alarm was active on a standard AIO system. Without the fix, it does not perform the action as above.

Severity
--------
Minor

Steps to Reproduce
------------------
sudo /usr/bin/keystone-fernet-keys-rotate-active
Password:
ERROR: relation "i_alarm" does not exist
LINE 1: SELECT alarm_id, entity_instance_id from i_alarm;

Expected Behavior
------------------
The script executes without errors.

Actual Behavior
----------------
The script executes with errors.

Reproducibility
---------------
100%

System Configuration
--------------------
Two node system

Branch/Pull Time/Commit
--------------------
Master pull on Feb 7,2020

Last Pass
---------
N/A

Test Activity
-------------
Developer Testing

Tao Liu (tliu88)
Changed in starlingx:
assignee: nobody → Tao Liu (tliu88)
Revision history for this message
Ghada Khalil (gkhalil) wrote :

stx.4.0 / medium priority - code not working as intended after changes to fault subsystem

tags: added: stx.distcloud
tags: added: stx.4.0
Changed in starlingx:
importance: Undecided → Medium
status: New → Triaged
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to upstream (master)

Fix proposed to branch: master
Review: https://review.opendev.org/707680

Changed in starlingx:
status: Triaged → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to upstream (master)

Reviewed: https://review.opendev.org/707680
Committed: https://git.openstack.org/cgit/starlingx/upstream/commit/?id=bda7fbe54df7b8458595638559565300e6969dbf
Submitter: Zuul
Branch: master

commit bda7fbe54df7b8458595638559565300e6969dbf
Author: Tao Liu <email address hidden>
Date: Thu Feb 13 11:02:58 2020 -0500

    Fix keystone-fernet-keys-rotate-active script

    The keystone-fernet-keys-rotate-active script greps for Platform
    CPU threshold exceeded alarm from the sysinv DB, while the alarm
    tables had been moved to the FM DB. The script would attempts to
    run the keystone key rotate command on an idle core, if the Platform
    CPU threshold exceeded alarm was active on a standard AIO system

    This update modifies keystone-fernet-keys-rotate-active script to
    grep for alarms from the FM DB.

    Change-Id: Ic43ba21acfe57f11bd60ad3c91b2588ebe8d4f7e
    Closes-Bug: 1862825
    Signed-off-by: Tao Liu <email address hidden>

Changed in starlingx:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to upstream (f/centos8)

Fix proposed to branch: f/centos8
Review: https://review.opendev.org/716157

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to upstream (f/centos8)

Reviewed: https://review.opendev.org/716157
Committed: https://git.openstack.org/cgit/starlingx/upstream/commit/?id=c6a37f41a17074fc635edf61e22b7f777c50533f
Submitter: Zuul
Branch: f/centos8

commit abc5b279122345f9ec4acd735a6dde6c2b6f8b90
Author: Teresa Ho <email address hidden>
Date: Mon Mar 2 22:27:34 2020 -0500

    Add oidc-auth and its dependencies

    Add oidc-auth to the platform clients docker image.
    The oidc-auth CLI requires the libraries python-mechanize,
    python-html5lib and python-webencodings.

    Story: 2006711
    Task: 38919
    Depends-On: https://review.opendev.org/#/c/710991/

    Change-Id: I2cae680a3d78ffa379879a590d153266537c0a81
    Signed-off-by: Teresa Ho <email address hidden>

commit bda7fbe54df7b8458595638559565300e6969dbf
Author: Tao Liu <email address hidden>
Date: Thu Feb 13 11:02:58 2020 -0500

    Fix keystone-fernet-keys-rotate-active script

    The keystone-fernet-keys-rotate-active script greps for Platform
    CPU threshold exceeded alarm from the sysinv DB, while the alarm
    tables had been moved to the FM DB. The script would attempts to
    run the keystone key rotate command on an idle core, if the Platform
    CPU threshold exceeded alarm was active on a standard AIO system

    This update modifies keystone-fernet-keys-rotate-active script to
    grep for alarms from the FM DB.

    Change-Id: Ic43ba21acfe57f11bd60ad3c91b2588ebe8d4f7e
    Closes-Bug: 1862825
    Signed-off-by: Tao Liu <email address hidden>

commit e060017fb6484fb6c34e43a750e6302b3e61994d
Author: Bin Qian <email address hidden>
Date: Fri Feb 7 09:27:18 2020 -0500

    Adding job to upload commits to GitHub

    Add job to publish upstream repo to GitHub

    Change-Id: I2b6b7630396f841d321dcda4f09b24af8a2090cb
    Story: 2007252
    Task: 38704
    Signed-off-by: Bin Qian <email address hidden>

tags: added: in-f-centos8
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.