Bug 1218322
Summary: | Keystone auth fails after bare-metal deployment via instack-deploy-overcloud --tuskar | ||||||
---|---|---|---|---|---|---|---|
Product: | Red Hat OpenStack | Reporter: | jliberma <jliberma> | ||||
Component: | openstack-tripleo-heat-templates | Assignee: | Jay Dobies <jason.dobies> | ||||
Status: | CLOSED ERRATA | QA Contact: | Amit Ugol <augol> | ||||
Severity: | unspecified | Docs Contact: | |||||
Priority: | unspecified | ||||||
Version: | 7.0 (Kilo) | CC: | derekh, gfidente, jguiditt, jliberma, mandreou, mburns, ohochman, rhel-osp-director-maint, rlandy, rrosa | ||||
Target Milestone: | ga | Keywords: | Field, TestOnly, Triaged | ||||
Target Release: | Director | ||||||
Hardware: | Unspecified | ||||||
OS: | Unspecified | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2015-08-05 13:51:20 UTC | Type: | Bug | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
jliberma@redhat.com
2015-05-04 15:27:05 UTC
(on the undercloud, after sourcing overcloudrc)... can't talk to overcloud services (as above connection issues). restarting haproxy on overcloud controller reliably fixes the service connectivity. still investigating discussion/investigation ongoing... after tip from derekh we increased max_conn in both haproxy and mysqld (haproxy was logging > 150 which was max_con previously/default). currently stable at ~185 for last 25 mins ish. astapor seems to be setting the limits at 4000 for haproxy and 1024 for galera, Jason can you confirm so we port the same values to tripleo? The key here was that connections to keystone through the VIP and haproxy were still working even when keystone commands were displaying a problem this particular curl command was responding immediately $ curl http://10.8.147.22:5000/v2.0/tokens {"error": {"message": "The resource could not be found.", "code": 404, "title": "Not Found"}} the difference being that the call to curl command can't authenticate and responds before keystone attempts to connect to the database this points us at a problem with db connections. This probably wont happen in a virt env because the number of sql connections on this baremetal env is higher as a lot of our processes scale based on the number of CPU's. The baremetal host in question had 24 cpus. Haproxy should have maxconn = 10000 Galera needs: $limit_no_file ="16384", (this in both config and passed into pcs RA) $max_connections = "1024", $open_files_limit = '-1', These galera settings should also be configurable, as different hardware may have different needs half of the fix in https://review.openstack.org/#/c/183044/1 the other half https://review.openstack.org/#/c/183046/ or third until we make this configurable and pass needed options to the pacemaker resource agent as well I saw this merged on May 14, are these fixes incorporated into the latest code base? IE -- How can I test on baremetal? CI job fr Dell hw is running green atm. So thanks to gfidente, you should be able to test this out. Verified , the --tuskar replaced with --plan , deployment successfully with HA/non-HA with virt-env/Bare-Metal . instack-undercloud-2.1.2-22.el7ost.noarch openstack-tuskar-0.4.18-3.el7ost.noarch python-tuskarclient-0.1.18-3.el7ost.noarch openstack-tuskar-ui-extras-0.0.4-1.el7ost.noarch openstack-tuskar-ui-0.3.0-13.el7ost.noarch openstack-puppet-modules-2015.1.8-8.el7ost.noarch Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHEA-2015:1549 |