Bug 1568151

Summary: resolv.conf contains nameserver 192.168.122.1 on rhel7.5 [osp12]
Product: Red Hat OpenStack Reporter: Alex Schultz <aschultz>
Component: rhosp-director-imagesAssignee: Alex Schultz <aschultz>
Status: CLOSED ERRATA QA Contact: Artem Hrechanychenko <ahrechan>
Severity: high Docs Contact:
Priority: high    
Version: 12.0 (Pike)CC: ahrechan, akrzos, apevec, aschultz, bfournie, dpeacock, dsneddon, gkadam, jamsmith, jschluet, msufiyan, nalmond, ohochman, sasha, skatlapa, smykhail, uemit.seren
Target Milestone: z3Keywords: Reopened, Triaged, ZStream
Target Release: 12.0 (Pike)   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: openstack-tripleo-puppet-elements-7.0.5-2.el7ost openstack-tripleo-common-7.6.9-8.el7ost rhosp-director-images-12.0-20180621.2.el7ost Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 1545842
: 1592575 1592576 1592577 1592578 (view as bug list) Environment:
Last Closed: 2018-09-26 17:42:29 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1545842, 1582083    
Bug Blocks: 1592575, 1592576, 1592577, 1592578, 1673164    

Description Alex Schultz 2018-04-16 20:50:26 UTC
+++ This bug was initially created as a clone of Bug #1545842 +++

Problem:
There is a 5 second delay when sshing to overcloud nodes due to resolv.conf containing nameserver 192.168.122.1 which is not valid for the deployment. This can cause issues when deploying as it adds delays when trying to perform some deployment actions.

Cause:
This delay stems from a change to the way ifup-post was updated for RHEL7.5 in which the nameservers from the overcloud images are no longer being cleared out.

See https://bugzilla.redhat.com/show_bug.cgi?id=1543580#c15

Possible fix:
Remove nameserver 192.168.122.1 from the shipped overcloud images.


--- Additional comment from Uemit Seren on 2018-04-16 11:00:59 EDT ---

This also affects OSP12 deployments. 
Will new overcloud images with clean resolve.conf be released for OSP12 ?

--- Additional comment from Alex Schultz on 2018-04-16 16:48:29 EDT ---

It was backported upstream. I'll create a bug to check for 12.

Comment 3 Alex Schultz 2018-05-24 15:14:55 UTC
*** Bug 1582083 has been marked as a duplicate of this bug. ***

Comment 5 Alex Schultz 2018-06-25 17:01:20 UTC
To verify this you can run:

guestfish -a overcloud-full.qcow2 run : mount /dev/sda / : cat /etc/resolv.conf

It should not have any nameserver entries

Comment 9 Artem Hrechanychenko 2018-07-04 15:57:46 UTC
VERIFIED

openstack-tripleo-puppet-elements-7.0.7-1.el7ost.noarch
openstack-tripleo-common-7.6.13-1.el7ost.noarch
rhosp-director-images-12.0-20180625.1.el7ost.noarch

[stack@undercloud-0 ~]$ source stackrc 
(undercloud) [stack@undercloud-0 ~]$ nova list
/usr/lib/python2.7/site-packages/requests/packages/urllib3/connection.py:344: SubjectAltNameWarning: Certificate for 192.168.24.2 has no `subjectAltName`, falling back to check for a `commonName` for now. This feature is being removed by major browsers and deprecated by RFC 2818. (See https://github.com/shazow/urllib3/issues/497 for details.)
  SubjectAltNameWarning
/usr/lib/python2.7/site-packages/requests/packages/urllib3/connection.py:344: SubjectAltNameWarning: Certificate for 192.168.24.2 has no `subjectAltName`, falling back to check for a `commonName` for now. This feature is being removed by major browsers and deprecated by RFC 2818. (See https://github.com/shazow/urllib3/issues/497 for details.)
  SubjectAltNameWarning
+--------------------------------------+--------------+--------+------------+-------------+------------------------+
| ID                                   | Name         | Status | Task State | Power State | Networks               |
+--------------------------------------+--------------+--------+------------+-------------+------------------------+
| a2e2fa26-544c-4e5f-96c3-8f70c9a51fa2 | ceph-0       | ACTIVE | -          | Running     | ctlplane=192.168.24.19 |
| 92133581-e686-4f13-a7b6-cbe0ae5486bd | ceph-1       | ACTIVE | -          | Running     | ctlplane=192.168.24.17 |
| 6c5a38d5-8df6-466e-b88f-87f55b477d98 | ceph-2       | ACTIVE | -          | Running     | ctlplane=192.168.24.6  |
| e66b9cf3-491e-4e29-8c65-17450a313bd9 | compute-0    | ACTIVE | -          | Running     | ctlplane=192.168.24.13 |
| 119e0f0d-f40a-4906-a4ec-89cdcfc3d2fc | compute-1    | ACTIVE | -          | Running     | ctlplane=192.168.24.11 |
| 0fffd103-00c1-407f-b567-b52e074b4193 | compute-2    | ACTIVE | -          | Running     | ctlplane=192.168.24.10 |
| 6676eaeb-29d6-464a-96e9-e472c33db813 | controller-0 | ACTIVE | -          | Running     | ctlplane=192.168.24.21 |
| 9754ef35-0800-4910-b532-eb380ff776f1 | controller-1 | ACTIVE | -          | Running     | ctlplane=192.168.24.18 |
| 30ecb969-0133-4b3b-9ea7-79718a38356e | controller-2 | ACTIVE | -          | Running     | ctlplane=192.168.24.22 |
+--------------------------------------+--------------+--------+------------+-------------+------------------------+
(undercloud) [stack@undercloud-0 ~]$ ssh heat-admin.24.19
The authenticity of host '192.168.24.19 (192.168.24.19)' can't be established.
ECDSA key fingerprint is SHA256:KUdFWxq5GeMHImhUIsH7MANlvpVyu+jMiNtGT1nicn4.
ECDSA key fingerprint is MD5:b3:b4:e7:e1:a7:a2:0d:08:d3:f5:3c:23:1c:f4:29:dd.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.24.19' (ECDSA) to the list of known hosts.
[heat-admin@ceph-0 ~]$ cat /etc/resolv.conf 
# Generated by NetworkManager
nameserver 10.0.0.1
[heat-admin@ceph-0 ~]$ exit
logout
Connection to 192.168.24.19 closed.
(undercloud) [stack@undercloud-0 ~]$ ssh heat-admin.24.22
The authenticity of host '192.168.24.22 (192.168.24.22)' can't be established.
ECDSA key fingerprint is SHA256:dEbinF1id93m6PwIOYrYZ8TR389PxTzHfaU9sCA0XBs.
ECDSA key fingerprint is MD5:3b:ca:91:7f:11:b2:6e:03:2f:22:bf:33:30:91:69:86.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.24.22' (ECDSA) to the list of known hosts.
[heat-admin@controller-2 ~]$ cat /etc/resolv.conf 
# Generated by NetworkManager
nameserver 10.0.0.1
[heat-admin@controller-2 ~]$ exit
logout
Connection to 192.168.24.22 closed.
(undercloud) [stack@undercloud-0 ~]$ ssh heat-admin.24.10
The authenticity of host '192.168.24.10 (192.168.24.10)' can't be established.
ECDSA key fingerprint is SHA256:4z/E4IBDSTasbfXs1bXjoC58alCcNMM/x+Dpic2GZtw.
ECDSA key fingerprint is MD5:85:26:dd:1e:18:00:30:17:8f:d5:74:44:cf:9c:2e:fc.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.24.10' (ECDSA) to the list of known hosts.
[heat-admin@compute-2 ~]$ cat /etc/resolv.conf 
# Generated by NetworkManager
nameserver 10.0.0.1
[heat-admin@compute-2 ~]$ exit
logout
Connection to 192.168.24.10 closed.
(undercloud) [stack@undercloud-0 ~]$

Comment 12 errata-xmlrpc 2018-08-20 12:52:21 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:2513