tripleo

scenario010 failure Permission denied: '/etc/openstack/clouds.yaml

Bug #1815872 reported by Quique Llorente
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
tripleo
Fix Released
High
Brent Eagles

Bug Description

After fixing tht for sceanrio010 with [1] now it fails at tripleo-common trying to create the keypair with the public key
http://logs.openstack.org/71/636571/3/check/tripleo-ci-centos-7-scenario010-multinode-oooq-container/31f82be/logs/undercloud/home/zuul/overcloud_deploy.log.txt.gz#_2019-02-13_16_51_28
2019-02-13 16:51:28 | ok: [undercloud]
2019-02-13 16:51:28 |
2019-02-13 16:51:28 | TASK [octavia-undercloud : upload pub key to overcloud] ************************
2019-02-13 16:51:28 | fatal: [undercloud]: FAILED! => {"changed": true, "cmd": "openstack keypair show octavia-ssh-key || openstack keypair create --public-key /tmp/ansible.0S_N5N octavia-ssh-key", "delta": "0:00:03.967089", "end": "2019-02-13 16:51:19.316664", "msg": "non-zero return code", "rc": 1, "start": "2019-02-13 16:51:15.349575", "stderr": "Could not read clouds.yaml configuration file\n[Errno 13] Permission denied: '/etc/openstack/clouds.yaml'\nCould not read clouds.yaml configuration file\n[Errno 13] Permission denied: '/etc/openstack/clouds.yaml'", "stderr_lines": ["Could not read clouds.yaml configuration file", "[Errno 13] Permission denied: '/etc/openstack/clouds.yaml'", "Could not read clouds.yaml configuration file", "[Errno 13] Permission denied: '/etc/openstack/clouds.yaml'"], "stdout": "", "stdout_lines": []}
2019-02-13 16:51:28 |
2019-02-13 16:51:28 | PLAY RECAP *********************************************************************
2019-02-13 16:51:28 | undercloud : ok=6 changed=2 unreachable=0 failed=1
2019-02-13 16:51:28 |
2019-02-13 16:51:28 |
2019-02-13 16:51:28 | STDERR:

Fix is here https://review.openstack.org/#/c/636844/

[1] https://review.openstack.org/#/c/636571/

Revision history for this message
Juan Antonio Osorio Robles (juan-osorio-robles) wrote :

Is this still an issue?

OpenStack Infra (hudson-openstack)
Changed in tripleo:
assignee: Quique Llorente (quiquell) → Brent Eagles (beagles)
Revision history for this message
Brent Eagles (beagles) wrote :

Actually this problem doesn't appear to have a simple fix and the non-standalone octavia deployment is completely broken. The ansible playbooks are run as the tripleo-admin user which AFAICT, cannot sudo so "become" doesn't appear to work properly. There is no clouds.yaml that it has access to so the openstack client cannot work. Furthermore, once you get past the undercloud part the tasks cannot access /var/lib/mistral/overcloud/ssh_private_key either as it belongs to 42430 (mistral maybe?)

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to tripleo-heat-templates (master)

Reviewed: https://review.openstack.org/636571
Committed: https://git.openstack.org/cgit/openstack/tripleo-heat-templates/commit/?id=c61c052fd1aacfc248bd53bcf713b4db91314172
Submitter: Zuul
Branch: master

commit c61c052fd1aacfc248bd53bcf713b4db91314172
Author: Quique Llorente <email address hidden>
Date: Wed Feb 13 09:44:52 2019 +0100

    Use tripleo-admin as octavia groups_vars owner

    Now we use tripleo-admin as user and it does not have access to
    /var/lib/mistral, this change the owner of the group_vars dir to this
    user.

    Closes-Bug: #1815872

    Change-Id: I06b184483a05b7b79b8ccf867b373429e698f396

Changed in tripleo:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/tripleo-heat-templates 10.5.0

This issue was fixed in the openstack/tripleo-heat-templates 10.5.0 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Change abandoned on tripleo-common (master)

Change abandoned by Sorin Sbarnea (<email address hidden>) on branch: master
Review: https://review.opendev.org/636844

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.