Bug 1443214

Summary: Changing Nova DB password result in errors
Product: Red Hat OpenStack Reporter: Gregory Charot <gcharot>
Component: puppet-novaAssignee: Ollie Walsh <owalsh>
Status: CLOSED ERRATA QA Contact: Joe H. Rahme <jhakimra>
Severity: low Docs Contact:
Priority: unspecified    
Version: 11.0 (Ocata)CC: acanan, aschultz, asimonel, dbecker, eglynn, jjoyce, jschluet, mburns, morazi, owalsh, rhel-osp-director-maint, sgordon, shardy, slinaber, tvignaud
Target Milestone: rc   
Target Release: 11.0 (Ocata)   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: puppet-nova-10.4.0-4.el7ost Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-05-17 20:22:50 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Gregory Charot 2017-04-18 19:01:20 UTC
Description of problem:

When updating NovaPassword, the deployment terminates in error.

Version-Release number of selected component (if applicable):

OSP11 (Ocata)

How reproducible:
Always

Steps to Reproduce:
1. Change the NovaPassword via parameter_defaults
2. Redeploy
3. Terminates with errors

Actual results:

Notice: /Stage[main]/Nova::Cell_v2::Discover_hosts/Exec[nova-cell_v2-discover_hosts]/returns: OperationalError: (pymysql.err.OperationalError) (1045, u"Access denied for user 'nova'@'172.17.1.201' (using password: YES)")

Expected results:
Deployment completes successfully.

Additional info:

The password is updated in nova.conf.
if we do a nova-manage  cell_v2  list_cells --verbose
we can see that the old/original password is still present in the transport URL

database_connection: mysql+pymysql://nova:OLD_PASSWORD.1.150/nova?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo 

nova-manage first connects to nova_api DB (which works) then retrieves the transport_url (table cell_mappings) and connects again (this time to nova DB) with a transport_url that contains the old password hence the "Access Denied" error.

The password needs to be updated in the DB to reflect the changes eventually with nova-manage cell_v2 update_cell or via an SQL update depending on what is more convenient for you.

These commands solved the issue.

nova-manage cell_v2 update_cell --cell_uuid fecb034b-f1f3-46e4-bf8f-62b2fb867a70 --name default --database_connection 'mysql+pymysql://nova:blablaabla.1.150/nova?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo'

nova-manage cell_v2 update_cell --cell_uuid 00000000-0000-0000-0000-000000000000  --database_connection 'mysql+pymysql://nova:blablaabla.1.150/nova?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo'

Comment 2 Ollie Walsh 2017-04-24 13:39:29 UTC
*** Bug 1441716 has been marked as a duplicate of this bug. ***

Comment 5 Joe H. Rahme 2017-05-09 09:09:49 UTC
I have verified that the password can be updated. The redeploy runs without error until completion and the password change is reflected in the `nova-manage cells_v2 list-cells`.

Comment 6 errata-xmlrpc 2017-05-17 20:22:50 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2017:1245