When one uncomments password items in undercloud.conf, the deployment will fail with a puppet hiera error.
The following fields were uncommented:
Raw
[stack@undercloud ~]$ grep None -B2 undercloud.conf
# appropriately. If set, the undercloud install will configure all
# system hostname settings. (string value)
#undercloud_hostname = <None>
--
# Password used for MySQL databases. If left unset, one will be
# automatically generated. (string value)
undercloud_db_password = <None>
--
# Keystone admin token. If left unset, one will be automatically
# generated. (string value)
undercloud_admin_token = <None>
--
# Keystone admin password. If left unset, one will be automatically
# generated. (string value)
undercloud_admin_password = <None>
--
# Glance service password. If left unset, one will be automatically
# generated. (string value)
undercloud_glance_password = <None>
--
# Heat db encryption key(must be 16, 24, or 32 characters. If left
# unset, one will be automatically generated. (string value)
undercloud_heat_encryption_key = <None>
--
# Heat service password. If left unset, one will be automatically
# generated. (string value)
undercloud_heat_password = <None>
--
# Neutron service password. If left unset, one will be automatically
# generated. (string value)
undercloud_neutron_password = <None>
--
# Nova service password. If left unset, one will be automatically
# generated. (string value)
undercloud_nova_password = <None>
--
# Ironic service password. If left unset, one will be automatically
# generated. (string value)
undercloud_ironic_password = <None>
--
# Aodh service password. If left unset, one will be automatically
# generated. (string value)
undercloud_aodh_password = <None>
--
# Ceilometer service password. If left unset, one will be
# automatically generated. (string value)
undercloud_ceilometer_password = <None>
--
# Ceilometer metering secret. If left unset, one will be automatically
# generated. (string value)
undercloud_ceilometer_metering_secret = <None>
--
# Ceilometer snmpd password. If left unset, one will be automatically
# generated. (string value)
undercloud_ceilometer_snmpd_password = <None>
--
# Swift service password. If left unset, one will be automatically
# generated. (string value)
undercloud_swift_password = <None>
--
# Mistral service password. If left unset, one will be automatically
# generated. (string value)
undercloud_mistral_password = <None>
--
# Rabbitmq cookie. If left unset, one will be automatically generated.
# (string value)
undercloud_rabbit_cookie = <None>
--
# Rabbitmq password. If left unset, one will be automatically
# generated. (string value)
undercloud_rabbit_password = <None>
--
# Rabbitmq username. If left unset, one will be automatically
# generated. (string value)
undercloud_rabbit_username = <None>
--
# Heat stack domain admin password. If left unset, one will be
# automatically generated. (string value)
undercloud_heat_stack_domain_admin_password = <None>
--
# Swift hash suffix. If left unset, one will be automatically
# generated. (string value)
undercloud_swift_hash_suffix = <None>
--
# Sensu service password. If left unset, one will be automatically
# generated. (string value)
undercloud_sensu_password = <None>
--
# HAProxy stats password. If left unset, one will be automatically
# generated. (string value)
undercloud_haproxy_stats_password = <None>
This leads to the following error message
Raw
[stack@undercloud ~]$ openstack undercloud install
Logging to /home/stack/.instack/install-undercloud.log
Checking for a FQDN hostname...
Static hostname detected as undercloud.example.com
Transient hostname detected as undercloud.example.com
Running instack
(...)
dib-run-parts Sat Dec 17 14:16:16 EST 2016 Running /usr/libexec/os-refresh-config/configure.d/50-puppet-stack-config
+ set -o pipefail
+ set +e
+ puppet apply --detailed-exitcodes /etc/puppet/manifests/puppet-stack-config.pp
Error: (<unknown>): did not find expected alphabetic or numeric character while scanning an anchor at line 38 column 27 at /etc/puppet/manifests/puppet-stack-config.pp:16 on node undercloud.example.com
Wrapped exception:
(<unknown>): did not find expected alphabetic or numeric character while scanning an anchor at line 38 column 27
Error: (<unknown>): did not find expected alphabetic or numeric character while scanning an anchor at line 38 column 27 at /etc/puppet/manifests/puppet-stack-config.pp:16 on node undercloud.example.com
+ rc=1
+ set -e
+ echo 'puppet apply exited with exit code 1'
puppet apply exited with exit code 1
+ '[' 1 '!=' 2 -a 1 '!=' 0 ']'
+ exit 1
[2016-12-17 14:16:21,003] (os-refresh-config) [ERROR] during configure phase. [Command '['dib-run-parts', '/usr/libexec/os-refresh-config/configure.d']' returned non-zero exit status 1]
[2016-12-17 14:16:21,003] (os-refresh-config) [ERROR] Aborting...
Traceback (most recent call last):
File "<string>", line 1, in <module>
File "/usr/lib/python2.7/site-packages/instack_undercloud/undercloud.py", line 845, in install
_run_orc(instack_env)
File "/usr/lib/python2.7/site-packages/instack_undercloud/undercloud.py", line 735, in _run_orc
_run_live_command(args, instack_env, 'os-refresh-config')
File "/usr/lib/python2.7/site-packages/instack_undercloud/undercloud.py", line 406, in _run_live_command
raise RuntimeError('%s failed. See log for details.' % name)
RuntimeError: os-refresh-config failed. See log for details.
Command 'instack-install-undercloud' returned non-zero exit status 1
Generated undercloud-passwords.conf ...
Raw
[stack@rhosp9-dir-01 ~]$ cat undercloud-passwords.conf
[auth]
undercloud_db_password=<None>
undercloud_admin_token=<None>
undercloud_admin_password=<None>
undercloud_glance_password=<None>
undercloud_heat_encryption_key=<None>
undercloud_heat_password=<None>
undercloud_neutron_password=<None>
undercloud_nova_password=<None>
undercloud_ironic_password=<None>
undercloud_aodh_password=<None>
undercloud_ceilometer_password=<None>
undercloud_ceilometer_metering_secret=<None>
undercloud_ceilometer_snmpd_user=ro_snmp_user
undercloud_ceilometer_snmpd_password=<None>
undercloud_swift_password=<None>
undercloud_mistral_password=<None>
undercloud_rabbit_cookie=<None>
undercloud_rabbit_password=<None>
undercloud_rabbit_username=<None>
undercloud_heat_stack_domain_admin_password=<None>
undercloud_swift_hash_suffix=<None>
undercloud_sensu_password=<None>
undercloud_haproxy_stats_password=<None>
... leads to the following hiera data, which is invalid yaml syntax
Raw
[stack@rhosp9-dir-01 ~]$ sudo cat /etc/puppet/hieradata/puppet-stack-config.yaml | grep None
swift::swift_hash_suffix: <None>
swift::proxy::authtoken::admin_password: <None>
swift::keystone::auth::password: <None>
glance::api::keystone_password: <None>
glance::api::database_connection: mysql+pymysql://glance:<None>@192.0.2.1/glance
glance::registry::keystone_password: <None>
glance::registry::database_connection: mysql+pymysql://glance:<None>@192.0.2.1/glance
glance::keystone::auth::password: <None>
glance::backend::swift::swift_store_key: <None>
glance::notify::rabbitmq::rabbit_userid: <None>
glance::notify::rabbitmq::rabbit_password: <None>
heat_stack_domain_admin_password: <None>
heat::engine::auth_encryption_key: <None>
heat::rabbit_userid: <None>
heat::rabbit_password: <None>
heat::keystone_password: <None>
heat::keystone::domain::domain_password: <None>
heat::database_connection: mysql+pymysql://heat:<None>@192.0.2.1/heat
heat_dsn: mysql+pymysql://heat:<None>@192.0.2.1/heat
heat::keystone::auth::password: <None>
keystone::admin_token: <None>
keystone::database_connection: mysql+pymysql://keystone:<None>@192.0.2.1/keystone
keystone::roles::admin::password: <None>
keystone::rabbit_userid: <None>
keystone::rabbit_password: <None>
admin_password: <None>
neutron::rabbit_password: <None>
neutron::rabbit_user: <None>
neutron::server::database_connection: mysql+pymysql://neutron:<None>@192.0.2.1/neutron
neutron::server::auth_password: <None>
neutron::agents::metadata::auth_password: <None>
neutron::server::notifications::password: <None>
neutron::keystone::auth::password: <None>
pass: <None>
sensu::rabbitmq_user: <None>
sensu::rabbitmq_password: <None>
sensu::api_password: <None>
command: 'oschecks-check_keystone_api --os-auth-url http://192.0.2.1:5000/v2.0 --os-username admin --os-password <None> --os-tenant-name service'
ceilometer::metering_secret: <None>
ceilometer::rabbit_userid: <None>
ceilometer::rabbit_password: <None>
ceilometer::api::keystone_password: <None>
ceilometer::db::database_connection: mysql+pymysql://ceilometer:<None>@192.0.2.1/ceilometer
ceilometer::agent::auth::auth_password: <None>
snmpd_readonly_user_password: <None>
ceilometer::keystone::auth::password: <None>
aodh::rabbit_userid: <None>
aodh::rabbit_password: <None>
aodh::api::keystone_password: <None>
aodh::db::database_connection: mysql+pymysql://ceilometer:<None>@192.0.2.1/ceilometer
aodh::auth::auth_password: <None>
aodh::keystone::auth::password: <None>
nova::rabbit_userid: <None>
nova::rabbit_password: <None>
nova::api::admin_password: <None>
nova::database_connection: mysql+pymysql://nova:<None>@192.0.2.1/nova
nova::api_database_connection: mysql+pymysql://nova_api:<None>@192.0.2.1/nova_api
nova::compute::ironic::admin_password: <None>
nova::keystone::auth::password: <None>
ironic::api::admin_password: <None>
ironic::database_connection: mysql+pymysql://ironic:<None>@192.0.2.1/ironic
ironic::rabbit_userid: <None>
ironic::rabbit_password: <None>
ironic::keystone::auth::password: <None>
ironic::keystone::auth_inspector::password: <None>
rabbit_cookie: <None>
rabbitmq::default_user: <None>
rabbitmq::default_pass: <None>
mistral::rabbit_userid: <None>
mistral::rabbit_password: <None>
mistral::database_connection: mysql+pymysql://mistral:<None>@192.0.2.1/mistral
mistral::keystone_password: <None>
mistral::keystone::auth::password: <None>
tripleo::loadbalancer::haproxy_stats_password: <None>
This may be more of a documentation bug:
~~~
# Swift hash suffix. If left unset, one will be automatically
# generated. (string value)
undercloud_swift_hash_suffix = <None>
~~~
Users may misunderstand this, thinking that <None> actually means that this value is unset. A quick fix could be to change the wording, e.g.:
~~~
# Swift hash suffix. If left unset, one will be automatically
# generated. This value needs to start with an alphabetic or numeric character.
# Setting this to <None> will lead to a deployment error. (string value)
undercloud_swift_hash_suffix = <None>
~~~
This is not a bug. <None> is not a valid string value. If you un-comment the parameter, you need to give a value like IXQUPsHD1oe9KQJx for example.