DistributedCloud: armada 'service' project error on initial subcloud sync
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
StarlingX |
Fix Released
|
Medium
|
Angie Wang |
Bug Description
Brief Description
-----------------
In a Distributed Cloud System, on initial manage of subcloud, the initial sync enounters an error attempting to assign role to a 'service' project. The identity sync alarm requires an extra audit (20 minutes) cycle to clear due to error on missing 'service' project.
The 'service' project was introduced for Helm v3 and Armada.
Severity
--------
Minor: System/Feature is usable with minor issue
Steps to Reproduce
------------------
In a Distributed Cloud system, add a subcloud and perform the initial manage.
Expected Behavior
------------------
Initial sync should complete without error.
Actual Behavior
----------------
The identity sync alarm requires an audit cycle to clear; the following ERROR log is noted on the initial manage:
2020-12-01 08:03:09.113 106271 ERROR dcorch.
Reproducibility
---------------
Reproducible, on initial subcloud manage.
System Configuration
-------
Distributed Cloud system
Branch/Pull Time/Commit
-------
stx5.0/master
2020-11-27_00-00-09
Last Pass
---------
Did this test scenario pass previously?
Yes. It was observed to pass prior to the introduction of the 'service' project.
Timestamp/Logs
--------------
ERROR in log: Unable to assign role to user on project reference (The project is 'service', not 'services').
2020-12-01 08:03:09.113 106271 ERROR dcorch.
id | uuid | resource_type | master_id
| created_at | updated_at | deleted_at | deleted | capabilities
----+--
-------
29 | 4fd70497-
89694bbc3406 | 2020-12-01 08:03:08.895386 | | | 0 |
(1 row)
dcorch=# \q
[sysadmin@
+------
| ID | Name |
+------
| 3133dc3d25ac4fb
| d582d115a0f64f2
| 466f984c13d648c
+------
The ‘service’ project was introduced for “Helm v3 and containerized Armada” via https:/
"armada" user and "service" project during bootstrap, in /usr/share/
192 - name: Create keystone credentials for armada domain (local host client only)
193 shell: "source /etc/platform/
194 openstack domain create {{ armada_domain }}; \
195 openstack project create --domain {{ armada_domain }} 'service'; \
196 openstack user create --domain {{ armada_domain }} \
197 --project service --project-domain {{ armada_domain }} \
198 --password {{ armada_password }} {{ armada_user }}; \
199 openstack role add --project-domain {{ armada_domain }} \
200 --user-domain {{ armada_domain }} --user {{ armada_user }} \
201 --project service admin"
line 195 creates a new project "service", while there is an existing project "services".
Any reason we need a new project instead of using the existing "services" project?
Test Activity
-------------
Developer Testing
Workaround
----------
Wait for 280.002 identity sync alarm to clear.
summary: |
- DistributedCloud: armada 'service' project delays subcloud sync + DistributedCloud: armada 'service' project error on initial subcloud + sync |
tags: | added: stx.distcloud |
tags: | added: stx.containers |
Changed in starlingx: | |
assignee: | nobody → Angie Wang (angiewang) |
importance: | Undecided → Medium |
status: | New → Triaged |
tags: | added: stx.5.0 |
Armada user, project, and domain are not needed as keystone authentication is not being used in our Armada requests in the application workflow. The decision is made to remove these.
This issue is addressed in commit https:/ /review. opendev. org/c/starlingx /ansible- playbooks/ +/741024.
The commit is still on review.