tripleo

Failed to connect to the host via ssh: Warning: Permanently added '10.0.1.234' (ED25519) to the list of known hosts.\r\ncentos@10.0.1.234: Permission denied (publickey,gssapi-keyex,gssapi-with-mic - Deploy the FreeIPA server

Bug #1956563 reported by Ananya Banerjee
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
tripleo
Fix Released
Critical
Unassigned
tripleo yoga-2

Bug Description

periodic-tripleo-ci-centos-9-ovb-3ctlr_1comp_1supp-featureset064-master and periodic-tripleo-ci-centos-9-ovb-3ctlr_1comp_1supp-featureset039-master are failing with:

2022-01-05 08:57:34.025118 | primary | PLAY [Deploy the FreeIPA server] ***********************************************
2022-01-05 08:57:34.035492 | primary |
2022-01-05 08:57:34.035526 | primary | TASK [Gathering Facts] *********************************************************
2022-01-05 08:57:34.035696 | primary | Wednesday 05 January 2022 08:57:34 -0500 (0:00:00.139) 0:00:08.318 *****
2022-01-05 08:57:38.529443 | primary | fatal: [supplemental]: UNREACHABLE! => {"changed": false, "msg": "Failed to connect to the host via ssh: Warning: Permanently added '10.0.1.234' (ED25519) to the list of known hosts.\r\ncentos@10.0.1.234: Permission denied (publickey,gssapi-keyex,gssapi-with-mic).", "unreachable": true}

https://logserver.rdoproject.org/74/35174/14/check/periodic-tripleo-ci-centos-9-ovb-3ctlr_1comp_1supp-featureset039-master/a6684bc/job-output.txt

https://logserver.rdoproject.org/39/37739/3/check/periodic-tripleo-ci-centos-9-ovb-3ctlr_1comp_1supp-featureset064-master/c665158/job-output.txt

Ananya Banerjee (frenzyfriday)
Changed in tripleo:
status: New → Triaged
importance: Undecided → Critical
milestone: none → xena-3
tags: added: ci
tags: added: promotion-blocker
chandan kumar (chkumar246)
Changed in tripleo:
milestone: xena-3 → yoga-1
milestone: yoga-1 → yoga-2
Revision history for this message
Ananya Banerjee (frenzyfriday) wrote :

Still hitting this

https://logserver.rdoproject.org/39/37739/4/check/periodic-tripleo-ci-centos-9-ovb-3ctlr_1comp_1supp-featureset064-master/e17d01a/job-output.txt

https://logserver.rdoproject.org/74/35174/18/check/periodic-tripleo-ci-centos-9-ovb-3ctlr_1comp_1supp-featureset039-master/2222ab8/job-output.txt

Revision history for this message
Ade Lee (alee-3) wrote :

The issue appears to be that the magic user in the image has been changed from 'centos' to 'cloud_user'. I tried logging in as that user and I see the correct key in authorized_keys. There is no 'centos' user.

Revision history for this message
Alan Pevec (apevec) wrote :

Right, CS9 as RHEL upstream is now using the same kickstarts to build images, and in RHEL cloud images user was always cloud-user, this diff must have been already handled in CI to support RHEL8 vs CentOS 8 before?

Revision history for this message
Ronelle Landy (rlandy) wrote :

We never ran this test on RHEL before so this is our first hit on the issue

Revision history for this message
Ronelle Landy (rlandy) wrote :

Attempted change:

https://review.opendev.org/c/openstack/tripleo-quickstart/+/824644 DNM: Testing change supp user per ansible_distribution_major_version

Revision history for this message
Ronelle Landy (rlandy) wrote :

With ^^ patch, the job does start deploying the IPA server:

 https://logserver.rdoproject.org/54/36254/59/check/periodic-tripleo-ci-centos-9-ovb-3ctlr_1comp_1supp-featureset039-master/d16b733/logs/supplemental/home/cloud-user/deploy_freeipa.log.txt.gz

Complete!
+ dnf install -yq ipa-server ipa-server-dns curl epel-release iptables
Error: Unable to find a match: epel-release

^^ latest error

Revision history for this message
Alan Pevec (apevec) wrote (last edit ):

uhm why epel-release, where is that coming from? We are avoiding deps from EPEL, if something from EPEL is required, we need to add it to RDO deps.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix proposed to tripleo-quickstart-extras (master)

Related fix proposed to branch: master
Review: https://review.opendev.org/c/openstack/tripleo-quickstart-extras/+/824705

Revision history for this message
Ananya Banerjee (frenzyfriday) wrote :

Went further, now failing at:

TASK [freeipa-setup : Run the tripleo-ipa preparation script] ******************
2022-01-16 17:04:56.449175 | primary | Sunday 16 January 2022 17:04:56 -0500 (0:00:03.092) 0:11:10.955 ********
2022-01-16 17:05:23.837629 | primary | fatal: [supplemental]: FAILED! => {"changed": true, "cmd": "set -o pipefail && ~cloud-user/ipa_prep.sh 2>&1 | awk '{ print strftime(\"%Y-%m-%d %H:%M:%S |\"), $0; fflush(); }' > ~cloud-user/ipa_prep.sh.log\n", "delta": "0:00:25.895837", "end": "2022-01-16 17:05:23.619910", "msg": "non-zero return code", "rc": 4, "start": "2022-01-16 17:04:57.724073", "stderr": "", "stderr_lines": [], "stdout": "", "stdout_lines": []}

Revision history for this message
Ananya Banerjee (frenzyfriday) wrote :

2022-01-16 17:05:23 | ERROR! couldn't resolve module/action 'ipa_role'. This often indicates a misspelling, missing collection, or incorrect module path.
2022-01-16 17:05:23 |
2022-01-16 17:05:23 | The error appears to be in '/usr/share/ansible/tripleo-playbooks/ipa-server-create-role.yaml': line 104, column 7, but may
2022-01-16 17:05:23 | be elsewhere in the file depending on the exact syntax problem.
2022-01-16 17:05:23 |
2022-01-16 17:05:23 | The offending line appears to be:
2022-01-16 17:05:23 |
2022-01-16 17:05:23 |
2022-01-16 17:05:23 | - name: add nova host manager role
2022-01-16 17:05:23 | ^ here

https://logserver.rdoproject.org/54/36254/62/check/periodic-tripleo-ci-centos-9-ovb-3ctlr_1comp_1supp-featureset039-master/df3ab85/logs/supplemental/home/cloud-user/ipa_prep.sh.log.txt.gz

Ronelle Landy (rlandy)
Changed in tripleo:
status: Triaged → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix merged to tripleo-quickstart-extras (master)

Reviewed: https://review.opendev.org/c/openstack/tripleo-quickstart-extras/+/824705
Committed: https://opendev.org/openstack/tripleo-quickstart-extras/commit/3fc8e89a2ee92f271ce1470cfa4e9a4122f88ee4
Submitter: "Zuul (22348)"
Branch: master

commit 3fc8e89a2ee92f271ce1470cfa4e9a4122f88ee4
Author: frenzyfriday <email address hidden>
Date: Fri Jan 14 18:17:51 2022 +0530

    Update freeipa setup scripts for CentOS Stream 9

    - epel release is used here to install haveged. But haveged can be installed
      as rdo dependency.
    - install ansible-core instead of ansible for >= CS9
    - install community.general when using ansible-core, to have 'ipa_role'
      module available.

    Related-Bug: 1956563
    Change-Id: I62c16e60f164b564dd8474c049205e7141941f7f
    Signed-off-by: Douglas Viroel <email address hidden>

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to tripleo-quickstart (master)

Reviewed: https://review.opendev.org/c/openstack/tripleo-quickstart/+/824644
Committed: https://opendev.org/openstack/tripleo-quickstart/commit/cf48a79c8fa5f834e0ebac93d1d336c15fccf1b2
Submitter: "Zuul (22348)"
Branch: master

commit cf48a79c8fa5f834e0ebac93d1d336c15fccf1b2
Author: Ronelle Landy <email address hidden>
Date: Thu Jan 13 15:03:37 2022 -0500

    Change supp user per ansible_distribution_major_version

    When running on CentOS Stream 9 distribution, the supplemental
    user should be 'cloud-user', instead of 'centos'

    Closes-Bug: #1956563
    Change-Id: Id90c0bcc2f15a742b83b834acc75231ca4d44a83

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.