Description of problem:
When updating NovaPassword, the deployment terminates in error.
Version-Release number of selected component (if applicable):
OSP11 (Ocata)
How reproducible:
Always
Steps to Reproduce:
1. Change the NovaPassword via parameter_defaults
2. Redeploy
3. Terminates with errors
Actual results:
Notice: /Stage[main]/Nova::Cell_v2::Discover_hosts/Exec[nova-cell_v2-discover_hosts]/returns: OperationalError: (pymysql.err.OperationalError) (1045, u"Access denied for user 'nova'@'172.17.1.201' (using password: YES)")
Expected results:
Deployment completes successfully.
Additional info:
The password is updated in nova.conf.
if we do a nova-manage cell_v2 list_cells --verbose
we can see that the old/original password is still present in the transport URL
database_connection: mysql+pymysql://nova:OLD_PASSWORD.1.150/nova?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo
nova-manage first connects to nova_api DB (which works) then retrieves the transport_url (table cell_mappings) and connects again (this time to nova DB) with a transport_url that contains the old password hence the "Access Denied" error.
The password needs to be updated in the DB to reflect the changes eventually with nova-manage cell_v2 update_cell or via an SQL update depending on what is more convenient for you.
These commands solved the issue.
nova-manage cell_v2 update_cell --cell_uuid fecb034b-f1f3-46e4-bf8f-62b2fb867a70 --name default --database_connection 'mysql+pymysql://nova:blablaabla.1.150/nova?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo'
nova-manage cell_v2 update_cell --cell_uuid 00000000-0000-0000-0000-000000000000 --database_connection 'mysql+pymysql://nova:blablaabla.1.150/nova?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo'
I have verified that the password can be updated. The redeploy runs without error until completion and the password change is reflected in the `nova-manage cells_v2 list-cells`.
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.
https://access.redhat.com/errata/RHEA-2017:1245