tripleo

SSL enabled undercloud installation fails due to haproxy user and group not existing

Bug #1623805 reported by Juan Antonio Osorio Robles on 2016-09-15

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	tripleo	Fix Released	High	Juan Antonio Osorio Robles	tripleo newton-rc2 "newton-rc2"

Bug Description

Description of problem:
Deploy SSL enabled undercloud with generate_service_certificate=True in undercloud.conf.

This happens in nodes that don't have haproxy pre-installed. this is why we don't see this in CI, because the undercloud images we use have it already.

How reproducible:
100%

Steps to Reproduce:
1. openstack undercloud install

Actual results:

Undercloud installation fails:

2016-09-12 02:47:07 - Notice: /Stage[main]/Glance::Api/Oslo::Middleware[glance_api_config]/Glance_api_config[oslo_middleware/enable_proxy_headers_parsing]/value: value changed 'False' to 'True'
2016-09-12 02:47:07 - Error: Could not find user haproxy
2016-09-12 02:47:07 - Error: /Stage[main]/Tripleo::Profile::Base::Haproxy/Tripleo::Certmonger::Haproxy[undercloud-haproxy-public]/Concat[/etc/pki/tls/certs/undercloud-192.168.0.2.pem]/File[/etc/pki/tls/certs/undercloud-192.168.0.2.pem]/owner: change from root to haproxy failed: Could not find user haproxy
2016-09-12 02:47:07 - Error: Could not find group haproxy
2016-09-12 02:47:07 - Error: /Stage[main]/Tripleo::Profile::Base::Haproxy/Tripleo::Certmonger::Haproxy[undercloud-haproxy-public]/Concat[/etc/pki/tls/certs/undercloud-192.168.0.2.pem]/File[/etc/pki/tls/certs/undercloud-192.168.0.2.pem]/group: change from root to haproxy failed: Could not find group haproxy
2016-09-12 02:47:07 - Notice: /Stage[main]/Tripleo::Profile::Base::Haproxy/Tripleo::Certmonger::Haproxy[undercloud-haproxy-public]/Concat[/etc/pki/tls/certs/undercloud-192.168.0.2.pem]/File[/etc/pki/tls/certs/undercloud-192.168.0.2.pem]/mode: mode changed '0600' to '0640'
2016-09-12 02:47:07 - Notice: /Stage[main]/Zaqar::Keystone::Authtoken/Keystone::Resource::Authtoken[zaqar_config]/Zaqar_config[keystone_authtoken/auth_uri]/value: value changed 'http://192.168.0.1:5000/v3' to 'https://192.168.0.2:13000/v3'
2016-09-12 02:47:15 - Notice: /Stage[main]/Haproxy/Haproxy::Instance[haproxy]/Haproxy::Install[haproxy]/Package[haproxy]/ensure: created

Additional info:

We can see that the haproxy package gets installed in a later step which also creates the haproxy user and group so on a 2nd openstack undercloud install run the installation completes fine.

Juan Antonio Osorio Robles (juan-osorio-robles) on 2016-09-15

Changed in tripleo:
milestone:	none → newton-rc1
status:	New → Triaged
assignee:	nobody → Juan Antonio Osorio Robles (juan-osorio-robles)
importance:	Undecided → High

Emilien Macchi (emilienm) on 2016-09-16

Changed in tripleo:
milestone:	newton-rc1 → newton-rc2

Revision history for this message

Juan Antonio Osorio Robles (juan-osorio-robles) wrote on 2016-09-19:

This was the fix https://review.openstack.org/#/c/370577/

Changed in tripleo:
status:	Triaged → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.