tripleo

tripleo_passwords_rotate doesn't work without swift

Bug #1960527 reported by Damien Ciabrini
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
tripleo
Fix Released
Undecided
Unassigned

Bug Description

Undercloud no longer store passwords in the plan with Swift, but rather
under a file (/home/stack/overcloud-deploy/overcloud/overcloud-passwords.yaml).

The ansible module tripleo_passwords_rotate assumes that the current
passwords can be fetched from Swift, which is no longer the case.
Consequently, running the module fails with:

$ ansible-playbook --verbose -i inventory.yaml -e container=overcloud rotate-passwords.yaml
Using /etc/ansible/ansible.cfg as config file

PLAY [Rotate passwords] *********************************************************************************************************************************************************************************************************

TASK [Set passwords_environment_path] *******************************************************************************************************************************************************************************************
ok: [undercloud] => {"ansible_facts": {"passwords_environment_path": "/home/stack/rotated_passwords.yaml"}, "changed": false}

TASK [Rotate passwords] *********************************************************************************************************************************************************************************************************
fatal: [undercloud]: FAILED! => {"changed": false, "error": "Could not find requested endpoint in Service Catalog.", "msg": "Error rotating passwords for plan overcloud: Could not find requested endpoint in Service Catalog.", "passwords": {}, "success": false}

NO MORE HOSTS LEFT **************************************************************************************************************************************************************************************************************

PLAY RECAP **********************************************************************************************************************************************************************************************************************
undercloud : ok=1 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0

OpenStack Infra (hudson-openstack)
Changed in tripleo:
status: New → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix proposed to tripleo-common (master)

Related fix proposed to branch: master
Review: https://review.opendev.org/c/openstack/tripleo-common/+/830994

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix merged to tripleo-common (master)

Reviewed: https://review.opendev.org/c/openstack/tripleo-common/+/830994
Committed: https://opendev.org/openstack/tripleo-common/commit/1513e31328caedf59c8bfcb4efeed08a582dfe0c
Submitter: "Zuul (22348)"
Branch: master

commit 1513e31328caedf59c8bfcb4efeed08a582dfe0c
Author: Damien Ciabrini <email address hidden>
Date: Fri Feb 25 15:21:30 2022 +0100

    Export default location of password file

    tripleo-client stores generated passwords into a
    file in a default location.

    Other modules might need to know this location
    (e.g. tripleo-passwords-rotate [1]), so expose
    this default value in tripleo-common.

    [1] I69361215efcca69c1bbeb24f427a0c309ff2806f

    Related-Bug: #1960527
    Change-Id: Ib799533e2a60413620639bc9d0af44ac31006159

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to tripleo-ansible (master)

Reviewed: https://review.opendev.org/c/openstack/tripleo-ansible/+/825816
Committed: https://opendev.org/openstack/tripleo-ansible/commit/01012b224936e616f60804e21b8d8664adcd2676
Submitter: "Zuul (22348)"
Branch: master

commit 01012b224936e616f60804e21b8d8664adcd2676
Author: Damien Ciabrini <email address hidden>
Date: Fri Jan 21 15:56:05 2022 +0100

    load existing password file prior to rotation

    When Swift is not used, passwords are store in a
    dedicated yaml file on disk. Try to load the default
    file to retrieve the existing passwords prior to
    rotate them. If no such file exists, fall back to
    try to load them from the plan (Swift).

    Closes-Bug: #1960527

    Depends-On: Ib799533e2a60413620639bc9d0af44ac31006159
    Change-Id: I69361215efcca69c1bbeb24f427a0c309ff2806f

Changed in tripleo:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/tripleo-ansible 4.2.0

This issue was fixed in the openstack/tripleo-ansible 4.2.0 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix proposed to tripleo-common (stable/wallaby)

Related fix proposed to branch: stable/wallaby
Review: https://review.opendev.org/c/openstack/tripleo-common/+/864201

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to tripleo-ansible (stable/wallaby)

Fix proposed to branch: stable/wallaby
Review: https://review.opendev.org/c/openstack/tripleo-ansible/+/864250

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix merged to tripleo-common (stable/wallaby)

Reviewed: https://review.opendev.org/c/openstack/tripleo-common/+/864201
Committed: https://opendev.org/openstack/tripleo-common/commit/f5a7907da23ef1aeeed0e224c608616e15cbdd18
Submitter: "Zuul (22348)"
Branch: stable/wallaby

commit f5a7907da23ef1aeeed0e224c608616e15cbdd18
Author: Damien Ciabrini <email address hidden>
Date: Fri Feb 25 15:21:30 2022 +0100

    Export default location of password file

    tripleo-client stores generated passwords into a
    file in a default location.

    Other modules might need to know this location
    (e.g. tripleo-passwords-rotate [1]), so expose
    this default value in tripleo-common.

    [1] I69361215efcca69c1bbeb24f427a0c309ff2806f

    Related-Bug: #1960527
    Change-Id: Ib799533e2a60413620639bc9d0af44ac31006159
    (cherry picked from commit 1513e31328caedf59c8bfcb4efeed08a582dfe0c)

tags: added: in-stable-wallaby
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Change abandoned on tripleo-ansible (stable/wallaby)

Change abandoned by "Ghanshyam <email address hidden>" on branch: stable/wallaby
Review: https://review.opendev.org/c/openstack/tripleo-ansible/+/864250
Reason: TrieplO project is retiring now, for details, please see https://review.opendev.org/c/openstack/governance/+/905145 or reach out to OpenStack TC.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.