SSH connection to supplemental ipa VM takes minutes

Bug #1712081 reported by Martin André on 2017-08-21
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
tripleo
Medium
Harry Rybacki

Bug Description

I'm seing SSH connection issues to the ipa VM when deploying quickstart with FreeIPA supplemental node:

TASK [freeipa-setup : Create FreeIPA deployment script] ************************
task path: /home/martin/.quickstart-gouda/usr/local/share/ansible/roles/freeipa-setup/tasks/main.yml:14
Monday 21 August 2017 13:16:09 +0200 (0:00:00.134) 0:06:54.713 *********
changed: [supplemental] => {"changed": true, "checksum": "a086b17ef53ed3d594877c09c0b91797f751b047", "dest": "/home/stack/deploy_freeipa.sh", "gid": 1000, "group": "stack", "md5sum": "81734f807caf1b05de579b490720f
59a", "mode": "0744", "owner": "stack", "secontext": "unconfined_u:object_r:user_home_t:s0", "size": 2607, "src": "/home/stack/.ansible/tmp/ansible-tmp-1503314340.09-233025111123421/source", "state": "file", "uid"
: 1000}

TASK [freeipa-setup : Deploy FreeIPA] ******************************************
task path: /home/martin/.quickstart-gouda/usr/local/share/ansible/roles/freeipa-setup/tasks/main.yml:20
Monday 21 August 2017 13:36:04 +0200 (0:19:54.773) 0:26:49.486 *********
<supplemental> ssh_retry: attempt: 0, caught exception(Timeout (12s) waiting for privilege escalation prompt: ) from cmd (/bin/sh -c 'sudo -H -S -n -u root /bin/sh -c '"'"'echo BECOME-SUCCESS-xnbsmvargakhrsqylbeyz
huzijngzodh; /usr/bin/python'"'"' && sleep 0'...), pausing for 0 seconds
<supplemental> ssh_retry: attempt: 1, caught exception(Timeout (12s) waiting for privilege escalation prompt: ) from cmd (/bin/sh -c 'sudo -H -S -n -u root /bin/sh -c '"'"'echo BECOME-SUCCESS-xnbsmvargakhrsqylbeyz
huzijngzodh; /usr/bin/python'"'"' && sleep 0'...), pausing for 1 seconds
<supplemental> ssh_retry: attempt: 2, caught exception(Timeout (12s) waiting for privilege escalation prompt: ) from cmd (/bin/sh -c 'sudo -H -S -n -u root /bin/sh -c '"'"'echo BECOME-SUCCESS-xnbsmvargakhrsqylbeyz
huzijngzodh; /usr/bin/python'"'"' && sleep 0'...), pausing for 3 seconds
fatal: [supplemental]: FAILED! => {"failed": true, "msg": "Timeout (12s) waiting for privilege escalation prompt: "}

The "Create FreeIPA deployment script" task takes 20 min (!!) to render a file on the ipa VM, then the following task fails when trying to connect to the VM via ssh.

From the node where I'm running quickstart it takes around 3 minutes to establish an ssh connection vm with:

ssh -F /home/martin/.quickstart-gouda/ssh.config.ansible supplemental

I used the following command to deploy:

bash ./quickstart.sh -w ~/.quickstart-gouda --teardown all --no-clone --clean --release master-tripleo-ci -e undercloud_memory=16384 -e undercloud_disk=60 -e undercloud_node_cpu=6 -N config/nodes/1ctlr_1comp_1supp.yml -c config/general_config/ipa.yml -e nameserver_from_virthost=false --tags "all" gouda

Martin André (mandre) wrote :

I found this is a DNS issue:

[root@localhost ~]# cat /etc/resolv.conf
# Generated by NetworkManager
nameserver 10.11.5.19
search localdomain

After I changed the resolver to 192.168.23.1 (the virthost address) it's all speedy as it should be.

Harry Rybacki (hrybacki-h) wrote :

The IPA node must act as the DNS server for a given deployment. I'll submit a review allowing this to be customize able.

Changed in tripleo:
status: New → Confirmed
assignee: nobody → Harry Rybacki (hrybacki-h)

Fix proposed to branch: master
Review: https://review.openstack.org/495899

Changed in tripleo:
status: Confirmed → In Progress
wes hayutin (weshayutin) on 2017-08-22
Changed in tripleo:
importance: Undecided → Medium
milestone: none → queens-1
Changed in tripleo:
milestone: queens-1 → queens-2
Changed in tripleo:
assignee: Harry Rybacki (hrybacki-h) → Juan Antonio Osorio Robles (juan-osorio-robles)
Changed in tripleo:
assignee: Juan Antonio Osorio Robles (juan-osorio-robles) → Harry Rybacki (hrybacki-h)
Changed in tripleo:
milestone: queens-2 → queens-3

Reviewed: https://review.openstack.org/495899
Committed: https://git.openstack.org/cgit/openstack/tripleo-quickstart/commit/?id=d6501939b4b5747a58b66a445e474f4ec0580ef9
Submitter: Zuul
Branch: master

commit d6501939b4b5747a58b66a445e474f4ec0580ef9
Author: Harry Rybacki <email address hidden>
Date: Mon Aug 21 11:03:27 2017 -0400

    Make FreeIPA supplemental node DNS server configureable

    DNS server was previously hardcoded. Users may now customize the DNS
    server set on the FreeIPA supplmental node prior to deployment.

    Change-Id: I1669c323862a2634d997b08c630c74e7281d999b
    Closes-bug: 1712081

Changed in tripleo:
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers