Bug 1266565
| Summary: | [RFE] We should not require SSH access from the Undercloud on the Overcloud nodes to complete Keystone initialization | ||
|---|---|---|---|
| Product: | Red Hat OpenStack | Reporter: | Giulio Fidente <gfidente> |
| Component: | openstack-tripleo-heat-templates | Assignee: | Giulio Fidente <gfidente> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Shai Revivo <srevivo> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 7.0 (Kilo) | CC: | apetrich, dmacpher, jcoufal, mburns, mcornea, mlopes, rhel-osp-director-maint, whayutin |
| Target Milestone: | --- | Keywords: | AutomationBlocker, FutureFeature, Triaged |
| Target Release: | 8.0 (Liberty) | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Known Issue | |
| Doc Text: |
Currently, certain setup steps require a SSH connection to the overcloud controllers, and will need to traverse VIPs to reach the Overcloud nodes.
If your environment is using an external load balancer, then these steps are not likely to successfully connect. You can work around this issue by configuring the external load balancer to forward port 22. As a result, the SSH connection to the VIP will succeed.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2016-09-30 08:48:37 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Giulio Fidente
2015-09-25 15:58:39 UTC
I have assigned it against THT because there it goes if we decide to do pki_setup via puppet ... this requires updates into os-cloud-config as well though. Hi,
This problem is hitting me now on CI.
So when you have a patch I can test it.
Cheers!
log:
Warning: Permanently added '192.0.2.6' (ECDSA) to the list of known hosts.
Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
Command '['ssh', '-oStrictHostKeyChecking=no', '-t', '-l', 'heat-admin', u'192.0.2.6', 'sudo', 'keystone-manage', 'pki_setup', '--keystone-user', "$(getent passwd | grep '^keystone' | cut -d: -f1)", '--keystone-group', "$(getent group | grep '^keystone' | cut -d: -f1)"]' returned non-zero exit status 255
Traceback (most recent call last):
File "/usr/lib/python2.7/site-packages/cliff/app.py", line 374, in run_subcommand
result = cmd.run(parsed_args)
File "/usr/lib/python2.7/site-packages/cliff/command.py", line 54, in run
self.take_action(parsed_args)
File "/usr/lib/python2.7/site-packages/tripleoclient/v1/overcloud_deploy.py", line 893, in take_action
self._deploy_postconfig(stack, parsed_args)
File "/usr/lib/python2.7/site-packages/tripleoclient/v1/overcloud_deploy.py", line 458, in _deploy_postconfig
internal=keystone_internal_ip)
File "/usr/lib/python2.7/site-packages/os_cloud_config/keystone.py", line 178, in initialize
_perform_pki_initialization(host, user)
File "/usr/lib/python2.7/site-packages/os_cloud_config/keystone.py", line 553, in _perform_pki_initialization
"$(getent group | grep '^keystone' | cut -d: -f1)"])
File "/usr/lib64/python2.7/subprocess.py", line 542, in check_call
raise CalledProcessError(retcode, cmd)
CalledProcessError: Command '['ssh', '-oStrictHostKeyChecking=no', '-t', '-l', 'heat-admin', u'192.0.2.6', 'sudo', 'keystone-manage', 'pki_setup', '--keystone-user', "$(getent passwd | grep '^keystone' | cut -d: -f1)", '--keystone-group', "$(getent group | grep '^keystone' | cut -d: -f1)"]' returned non-zero exit status 255
clean_up DeployOvercloud: Command '['ssh', '-oStrictHostKeyChecking=no', '-t', '-l', 'heat-admin', u'192.0.2.6', 'sudo', 'keystone-manage', 'pki_setup', '--keystone-user', "$(getent passwd | grep '^keystone' | cut -d: -f1)", '--keystone-group', "$(getent group | grep '^keystone' | cut -d: -f1)"]' returned non-zero exit status 255
Traceback (most recent call last):
File "/usr/lib/python2.7/site-packages/openstackclient/shell.py", line 112, in run
ret_val = super(OpenStackShell, self).run(argv)
File "/usr/lib/python2.7/site-packages/cliff/app.py", line 255, in run
result = self.run_subcommand(remainder)
File "/usr/lib/python2.7/site-packages/cliff/app.py", line 374, in run_subcommand
result = cmd.run(parsed_args)
File "/usr/lib/python2.7/site-packages/cliff/command.py", line 54, in run
self.take_action(parsed_args)
File "/usr/lib/python2.7/site-packages/tripleoclient/v1/overcloud_deploy.py", line 893, in take_action
self._deploy_postconfig(stack, parsed_args)
File "/usr/lib/python2.7/site-packages/tripleoclient/v1/overcloud_deploy.py", line 458, in _deploy_postconfig
internal=keystone_internal_ip)
File "/usr/lib/python2.7/site-packages/os_cloud_config/keystone.py", line 178, in initialize
_perform_pki_initialization(host, user)
File "/usr/lib/python2.7/site-packages/os_cloud_config/keystone.py", line 553, in _perform_pki_initialization
"$(getent group | grep '^keystone' | cut -d: -f1)"])
File "/usr/lib64/python2.7/subprocess.py", line 542, in check_call
raise CalledProcessError(retcode, cmd)
CalledProcessError: Command '['ssh', '-oStrictHostKeyChecking=no', '-t', '-l', 'heat-admin', u'192.0.2.6', 'sudo', 'keystone-manage', 'pki_setup', '--keystone-user', "$(getent passwd | grep '^keystone' | cut -d: -f1)", '--keystone-group', "$(getent group | grep '^keystone' | cut -d: -f1)"]' returned non-zero exit status 255
END return value: 1
This bug did not make the OSP 8.0 release. It is being deferred to OSP 10. The needinfo request[s] on this closed bug have been removed as they have been unresolved for 1000 days |