tripleo

cannot use enable-internal-tls.yaml due to /usr/share/openstack-tripleo-heat-templates/extraconfig/nova_metadata/krb-service-principals.yaml doesn't exist

Bug #1730650 reported by Juan Antonio Osorio Robles on 2017-11-07

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	tripleo	Fix Released	Critical	Martin André	tripleo queens-2

Bug Description

Description of problem:

TASK [containerized_deployment : Create /home/stack/templates/container_images.yaml to upload to local registry] ***
10:58:36 fatal: [undercloud-0]: FAILED! => {
10:58:36 "changed": true,
10:58:36 "cmd": "openstack overcloud container image prepare --namespace docker-registry.engineering.redhat.com/rhosp12 --tag 20171103.1 --prefix openstack --suffix docker --set ceph_namespace=docker-registry.engineering.redhat.com/ceph --set ceph_image=rhceph-2-rhel7 --set ceph_tag=latest -e /usr/share/openstack-tripleo-heat-templates/environments/ceph-ansible/ceph-ansible.yaml -e /usr/share/openstack-tripleo-heat-templates/environments/tls-everywhere-endpoints-dns.yaml -e /usr/share/openstack-tripleo-heat-templates/environments/services/haproxy-public-tls-certmonger.yaml -e /usr/share/openstack-tripleo-heat-templates/environments/enable-internal-tls.yaml -e /home/stack/cloud-names.yaml -e /home/stack/virt/network/network-environment.yaml > /home/stack/templates/container_images.yaml",
10:58:36 "delta": "0:00:00.644325",
10:58:36 "end": "2017-11-07 05:58:35.491117",
10:58:36 "failed": true,
10:58:36 "rc": 1,
10:58:36 "start": "2017-11-07 05:58:34.846792"
10:58:36 }
10:58:36
10:58:36 STDERR:
10:58:36
10:58:36 Could not fetch contents for file:///usr/share/openstack-tripleo-heat-templates/extraconfig/nova_metadata/krb-service-principals.yaml
10:58:36

[stack@undercloud-0 ~]$ cat /usr/share/openstack-tripleo-heat-templates/environments/enable-internal-tls.yaml
# ********************************************************************************
# DEPRECATED: Use tripleo-heat-templates/environments/ssl/enable-internal-tls.yaml
# instead.
# ********************************************************************************
# A Heat environment file which can be used to enable a
# a TLS for in the internal network via certmonger
parameter_defaults:
EnableInternalTLS: true
RabbitClientUseSSL: true

  # Required for novajoin to enroll the overcloud nodes
  ServerMetadata:
    ipa_enroll: True

resource_registry:
OS::TripleO::Services::CertmongerUser: ../puppet/services/certmonger-user.yaml

OS::TripleO::Services::HAProxyInternalTLS: ../puppet/services/haproxy-internal-tls-certmonger.yaml

# We use apache as a TLS proxy
OS::TripleO::Services::TLSProxyBase: ../puppet/services/apache.yaml

  # Creates nova metadata that will create the extra service principals per
  # node.
  OS::TripleO::ServiceServerMetadataHook: ../extraconfig/nova_metadata/krb-service-principals.yaml
[stack@undercloud-0 ~]$ cat /usr/share/openstack-tripleo-heat-templates/extraconfig/nova_metadata/krb-service-principals.yaml
cat: /usr/share/openstack-tripleo-heat-templates/extraconfig/nova_metadata/krb-service-principals.yaml: No such file or directory

Version-Release number of selected component (if applicable):
openstack-tripleo-heat-templates-7.0.3-0.20171023134948.el7ost.noarch

How reproducible:
always

Steps to Reproduce:
1.deploy undercloud
2.openstack overcloud container image prepare --namespace docker-registry.engineering.redhat.com/rhosp12 --tag 20171103.1 --prefix openstack --suffix docker --set ceph_namespace=docker-registry.engineering.redhat.com/ceph --set ceph_image=rhceph-2-rhel7 --set ceph_tag=latest -e /usr/share/openstack-tripleo-heat-templates/environments/ceph-ansible/ceph-ansible.yaml -e /usr/share/openstack-tripleo-heat-templates/environments/tls-everywhere-endpoints-dns.yaml -e /usr/share/openstack-tripleo-heat-templates/environments/services/haproxy-public-tls-certmonger.yaml -e /usr/share/openstack-tripleo-heat-templates/environments/enable-internal-tls.yaml -e /home/stack/cloud-names.yaml -e /home/stack/virt/network/network-environment.yaml > /home/stack/templates/container_images.yaml

Actual results:
/usr/share/openstack-tripleo-heat-templates/extraconfig/nova_metadata/krb-service-principals.yaml doesn't exist

Expected results:
container_images.yaml was generate

Tags:

Revision history for this message

Juan Antonio Osorio Robles (juan-osorio-robles) wrote on 2017-11-07:

It was introduced by https://review.openstack.org/#/c/486260/

Changed in tripleo:
importance:	Undecided → Critical
status:	New → Triaged

Revision history for this message

Juan Antonio Osorio Robles (juan-osorio-robles) wrote on 2017-11-07:

A simple way to reproduce it is this:

openstack overcloud container image prepare --env-file /home/stack/containers-default-parameters.yaml -e /usr/share/openstack-tripleo-heat-templates/environments/docker.yaml --namespace 192.168.24.1:8787/tripleomaster --tag latest -e /usr/share/openstack-tripleo-heat-templates/environments/enable-internal-tls.yaml

Emilien Macchi (emilienm) on 2017-11-07

Changed in tripleo:
milestone:	none → queens-2

Revision history for this message

Martin André (mandre) wrote on 2017-11-08:

Related patch at https://review.openstack.org/#/c/518589/ that makes it possible for the heatclient function we use to load the environment files to not error on missing file.

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-11-09: Fix proposed to python-tripleoclient (master)

Fix proposed to branch: master
Review: https://review.openstack.org/518688

Changed in tripleo:
assignee:	nobody → Martin André (mandre)
status:	Triaged → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-11-10: Fix merged to python-tripleoclient (master)

Reviewed: https://review.openstack.org/518688
Committed: https://git.openstack.org/cgit/openstack/python-tripleoclient/commit/?id=a68cbfd5157ec367020a753905f7e1802d127a0f
Submitter: Zuul
Branch: master

commit a68cbfd5157ec367020a753905f7e1802d127a0f
Author: Martin André <email address hidden>
Date: Thu Nov 9 09:50:46 2017 +0100

Ignore missing rendered heat envs in prepare

    Since we use j2 templates for some of the heat environments, and at the
    moment they are rendered when uploading them to swift at the beginning
    of the deployment workflow, it is possible that one of the heat
    environment file passed to the prepare command is, or references a file
    that is, not yet rendered.

This commit implements a custom object_request() function that makes
process_multiple_environments_and_files() ignore the missing files.

    Change-Id: I6f31898ca3db9563d3d8e8e6e0a9f0cdaebf24ca
    Co-Authored-By: Thomas Hervé <email address hidden>
    Closes-Bug: #1730650

Changed in tripleo:
status:	In Progress → Fix Released

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-11-13: Fix proposed to python-tripleoclient (stable/pike)

Fix proposed to branch: stable/pike
Review: https://review.openstack.org/519343

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-11-13: Fix merged to python-tripleoclient (stable/pike)

Reviewed: https://review.openstack.org/519343
Committed: https://git.openstack.org/cgit/openstack/python-tripleoclient/commit/?id=d43034f29df333db726553ac94421c8c931892f4
Submitter: Zuul
Branch: stable/pike

commit d43034f29df333db726553ac94421c8c931892f4
Author: Martin André <email address hidden>
Date: Thu Nov 9 09:50:46 2017 +0100

Ignore missing rendered heat envs in prepare

This commit implements a custom object_request() function that makes
process_multiple_environments_and_files() ignore the missing files.

    Change-Id: I6f31898ca3db9563d3d8e8e6e0a9f0cdaebf24ca
    Co-Authored-By: Thomas Hervé <email address hidden>
    Closes-Bug: #1730650
    (cherry picked from commit a68cbfd5157ec367020a753905f7e1802d127a0f)