Bug 1646891

Summary: The undercloud-tokenflush validation doesn't work with the undercloud keystone service containerized
Product: Red Hat OpenStack Reporter: Gaël Chamoulaud <gchamoul>
Component: openstack-tripleo-validationsAssignee: Gaël Chamoulaud <gchamoul>
Status: CLOSED ERRATA QA Contact: nlevinki <nlevinki>
Severity: high Docs Contact:
Priority: urgent    
Version: 14.0 (Rocky)CC: beth.white, flfuchs, gchamoul, jjoyce, jschluet, mbarnett, slinaber, tvignaud, ukalifon
Target Milestone: rcKeywords: Triaged
Target Release: 14.0 (Rocky)   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: openstack-tripleo-validations-9.3.1-0.20181008110753.4064fb7.el7ost Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-01-11 11:54:32 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Gaël Chamoulaud 2018-11-06 09:07:45 UTC 
Task 'Get keystone crontab' failed:
Host: undercloud
Message: Command `crontab -l -u keystone | grep -v "^#"` exited with code: 1: non-zero return code

stderr:
    no crontab for keystone

Failure! The validation failed for all hosts:
* undercloud
Comment 3 Udi Kalifon 2018-11-22 13:34:35 UTC 
The validator always passes. I tried to fail it like this:

1) Drop into a shell in the keystone container: sudo docker exec -it keystone bash
2) Edit the keystone user's cron table: crontab -e -u keystone
3) Delete the job definition from cron:
PATH=/bin:/usr/bin:/usr/sbin SHELL=/bin/sh
1 * * * * keystone-manage token_flush >>/var/log/keystone/keystone-tokenflush.log 2>&1

Save the changes and run the validator again. It still passes, so it seems to not check properly.
Comment 4 Gaël Chamoulaud 2018-11-22 16:31:06 UTC 
Udi, we have two keystone containers (keystone and keystone_cron). On both the keystone user have the job definition in its cron table, but cronie is just running on the keystone_cron container. 

The validation have to check it out on the keystone_cron container instead of the keystone one.
Comment 6 Udi Kalifon 2018-11-30 10:30:34 UTC 
Verified: openstack-tripleo-validations-9.3.1-0.20181008110752.4064fb7.el7ost.noarch
Comment 10 errata-xmlrpc 2019-01-11 11:54:32 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2019:0045