quickstart fails on task: Run virt-customize on the provided image

I was able to find the repo_setup.sh.log file and found the error message:

sudo yum install -y yum-plugin-priorities
Loaded plugins: fastestmirror, priorities
http://mirror1.ci.centos.org/centos/7/os/x86_64/repodata/repomd.xml: [Errno 14] curl#6 - "Could not resolve host: mirror1.ci.centos.org; Name or service not known"
Trying other mirror.
https://trunk.rdoproject.org/centos7-newton/12/aa/12aa7ccceb7d93cbf9d68c1b3338195bf8ce5564_5143f79b/repodata/repomd.xml: [Errno 14] curl#60 - "Peer's Certificate issuer is not recognized."

I have been running into a few certificate issues while trying to run quickstart.sh. For installing pip, I had to add this to a pip.conf file under the .pip directory:

[global]
cert = /etc/pki/tls/certs/ca-bundle.crt

When installing the undercloud, I had to add this to the yum.conf file within the undercloud VM:

sslverify=false

I do not know why I am running into a certificate issue, in this case, as I had already made it past this step and have sslverify=false set in the yum.conf file. I have also tried adding 'insecure' to the .curlrc file.

I hit the same errors as originally reported in this bug, but the root cause of my error was different:

[ooo@hci-float11 tasks]$ sudo virt-customize --run /home/stack/repo_setup.sh -a /home/stack/overcloud-full.qcow2
[ 0.0] Examining the guest ...
virt-customize: error: libguestfs error: could not create appliance through
libvirt.

Try running qemu directly without libvirt using this environment variable:
export LIBGUESTFS_BACKEND=direct

Original error from libvirt: Cannot access storage file
'/home/stack/overcloud-full.qcow2' (as uid:107, gid:107): Permission denied
[code=38 int1=13]

If reporting bugs, run virt-customize with debugging enabled and include
the complete output:

  virt-customize -v -x [...]
[ooo@hci-float11 tasks]$

My last update was me failing to troubleshot under the conditions of https://bugzilla.redhat.com/show_bug.cgi?id=1045069 which quickstart already has a workaround for.

I think the issue I am hitting is this...

[root@hci-float11 stack]# tail -100 /home/stack/_home_stack_repo_setup.sh.log
...
--> Running transaction check
---> Package libcap-ng.i686 0:0.7.5-4.el7 will be installed
---> Package libstdc++.i686 0:4.8.5-16.el7 will be installed
---> Package python2-ipaclient.noarch 0:4.5.0-21.el7.centos.1.2 will be an update
--> Processing Dependency: python-dns >= 1.12.0-3 for package: python2-ipaclient-4.5.0-21.el7.centos.1.2.noarch
---> Package python2-ipalib.noarch 0:4.5.0-21.el7.centos.1.2 will be an update
--> Processing Dependency: python-dns >= 1.12.0-3 for package: python2-ipalib-4.5.0-21.el7.centos.1.2.noarch
--> Finished Dependency Resolution
Error: Package: python2-ipalib-4.5.0-21.el7.centos.1.2.noarch (quickstart-centos-updates)
           Requires: python-dns >= 1.12.0-3
           Installed: python-dns-1.12.0-2.20150617git465785f.el7.noarch (@base)
               python-dns = 1.12.0-2.20150617git465785f.el7
           Available: python-dns-1.12.0-1.el7.noarch (delorean-pike-testing)
               python-dns = 1.12.0-1.el7
Error: Package: python2-ipaclient-4.5.0-21.el7.centos.1.2.noarch (quickstart-centos-updates)
           Requires: python-dns >= 1.12.0-3
           Installed: python-dns-1.12.0-2.20150617git465785f.el7.noarch (@base)
               python-dns = 1.12.0-2.20150617git465785f.el7
           Available: python-dns-1.12.0-1.el7.noarch (delorean-pike-testing)
               python-dns = 1.12.0-1.el7
 You could try using --skip-broken to work around the problem
** Found 4 pre-existing rpmdb problem(s), 'yum check' output follows:
ipa-admintools-4.4.0-14.el7.centos.7.noarch has installed conflicts freeipa-admintools: ipa-admintools-4.4.0-14.el7.centos.7.noarch
ipa-client-4.4.0-14.el7.centos.7.x86_64 has installed conflicts freeipa-client: ipa-client-4.4.0-14.el7.centos.7.x86_64
ipa-client-common-4.4.0-14.el7.centos.7.noarch has installed conflicts freeipa-client-common: ipa-client-common-4.4.0-14.el7.centos.7.noarch
ipa-common-4.4.0-14.el7.centos.7.noarch has installed conflicts freeipa-common: ipa-common-4.4.0-14.el7.centos.7.noarch
virt-customize: error: /home/stack/repo_setup.sh: command exited with an
error

If reporting bugs, run virt-customize with debugging enabled and include
the complete output:

  virt-customize -v -x [...]
[root@hci-float11 stack]# tail -100 /home/stack/_home_stack_repo_setup.sh.log

I recently just made it past this issue and was able to successfully deploy OpenStack with quickstart. I had realized the cause of this issue was because the script was trying to download repomd.xml while already connected to the undercloud VM, in which did not have sslverify=false in the yum.conf file yet. I was able to get past this by removing the repo setup playbook file.

However, the real solution was to run the quickstart script in steps instead of the whole script at once, as explained at https://docs.openstack.org/tripleo-quickstart/latest/getting-started.html. I was then able to first set up libvirt with the undercloud VM created. SSH to the undercloud and set sslverify=false in the yum.conf file (also needed to install deltarpm on the undercloud). Then I was able to install the undercloud and deploy the overcloud successfully.

My issue was the following:

 https://bugs.launchpad.net/tripleo/+bug/1717550

Since my issue is a duplicate of 1717550 and since the method to resolve Ryan's issue is described above, I'd like to close this bug to make it easier for the maintainers (one less bug to triage).

Hi. I still got this bug when trying to set sslverify=false or try to run the quickstart script in steps. Do you have other solution for this?