Keystone fernet token rotation only works with clouds names 'overcloud'
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
tripleo |
Fix Released
|
High
|
Juan Antonio Osorio Robles | ||
Pike |
Fix Committed
|
High
|
Juan Antonio Osorio Robles |
Bug Description
Originally filed by Ken Savich.
https:/
Description of problem:
NOTE: my stack is named "sweatpants" here
Running the tripleo.
openstack workflow execution create tripleo.
Will fail if your cloud is not named "overcloud"
Version-Release number of selected component (if applicable):
How reproducible:
100%
Steps to Reproduce:
1.Deploy a cloud named something other than "overcloud" (such as "sweatpants")
2.try rotate your fernet decrypt keys on the controllers with
openstack workflow execution create tripleo.
3. look at the output of the workflow after a minute or so
openstack workflow execution output show <workflow id>
Actual results:
Look at your ferent keys in the contain from the controller node, notice that they haven't changed:
docker exec -ti keystone ls -l /etc/keystone/
'
Check the actual workflow output, you'll see something like the following:
{
"status": "SUCCESS",
"message": {
"stderr": "\nPLAY [keystone] *******
"stdout": " [WARNING]: Could not match supplied host pattern, ignoring: keystone\n"
}
}
The only way to get this working, is the following:
openstack workflow execution create tripleo.
Note, additionally, that we have to pass the ANSIBLE_
Expected results:
Expect to have rotated keys on all controller nodes
Changed in tripleo: | |
status: | New → Triaged |
importance: | Undecided → High |
assignee: | nobody → Juan Antonio Osorio Robles (juan-osorio-robles) |
milestone: | none → queens-3 |
Fix proposed to branch: master /review. openstack. org/532808
Review: https:/