Bug 1674070

Fixed in Upstream Queens with the 5 gerrit reviews attached in the bz

Instruction for testing the password update fix:

HA Overcloud:
1. Update password
  - create a new template password.yaml to update Heat parameter MysqlRootPassword:

parameter_defaults:
    MysqlRootPassword: 'anewpassword'

  - do a stack update:

openstack overcloud deploy <all-the-usual-yaml-files> -e password.yaml

  - verify that the new root password has been set on the overcloud nodes

mysql -uroot -panewpassword -e 'select 1;'

  - verify that hiera data are updated

sudo grep -re mysql::server::root_password /etc/puppet/hieradata

===

2. Do a stack update without password update

  - run the previous stack update command with the same heat parameter

openstack overcloud deploy <all-the-usual-yaml-files> -e password.yaml

  - the password hasn't change, so the mysql container config hash shouldn't have change, and container shouldn't have restarted



Undercloud:

1. simple password update

  - update the mysql password in the undercloud-passwords.conf

undercloud_db_password=anewpassword

  - update the undercloud

openstack undercloud install

  - verify that the new password has been taken into account

mysql -uroot -panewpassword -e 'select 1;'

  - verify that hiera data are updated

sudo grep -re mysql::server::root_password /etc/puppet/hieradata

  - verify that the mysql container has the password config updated

docker exec -u root -it mysql 'mysql -e "select 1;"'


2. password update during undercloud upgrades

during undercloud "major" upgrades (even from 14 to 14), a special upgrade task is ran, which requires running a mysql command directly from the mysql container. So verify that it works.

- update the mysql password in the undercloud-passwords.conf

undercloud_db_password=yetanotherone

- upgrade the undercloud

openstack undercloud upgrade

- verify that the upgrade finished without error

Verified, 

[stack@undercloud-0 ~]$ rhos-release -L
Installed repositories (rhel-7.6):
  14
  ceph-3
  ceph-osd-3
  rhel-7.6
[stack@undercloud-0 ~]$ cat core_puddle_version 
2019-04-12.1[stack@undercloud-0 ~]$ 

verification as per https://bugzilla.redhat.com/show_bug.cgi?id=1674070#c4

HA Overcloud:
1)

cat >password.yaml<<EOF
parameter_defaults:
    MysqlRootPassword: 'anewpassword'
EOF

sed -i 's/--log.*/-e \/home\/stack\/password.yaml /g' ./overcloud_deploy.sh

. stackrc ; ./overcloud_deploy.sh |& tee deploy.out

Ansible passed.
Overcloud configuration completed.
Overcloud Endpoint: https://10.0.0.101:13000
Overcloud Horizon Dashboard URL: https://10.0.0.101:443/dashboard
Overcloud rc file: /home/stack/overcloudrc
Overcloud Deployed

(undercloud) [stack@undercloud-0 ~]$ ansible controller -b -mshell -a"mysql -uroot -panewpassword -e 'select 1;'"
 [WARNING]: Found both group and host with same name: undercloud

controller-0 | SUCCESS | rc=0 >>
1
1

controller-1 | SUCCESS | rc=0 >>
1
1

controller-2 | SUCCESS | rc=0 >>
1
1

(undercloud) [stack@undercloud-0 ~]$ ansible controller -b -mshell -a"grep -re mysql::server::root_password /etc/puppet/hieradata"
 [WARNING]: Found both group and host with same name: undercloud

controller-0 | SUCCESS | rc=0 >>
/etc/puppet/hieradata/service_configs.json:    "mysql::server::root_password": "anewpassword",

controller-1 | SUCCESS | rc=0 >>
/etc/puppet/hieradata/service_json.configs:    "mysql::server::root_password": "anewpassword",

controller-2 | SUCCESS | rc=0 >>
/etc/puppet/hieradata/service_configs.json:    "mysql::server::root_password": "anewpassword",

2)

(undercloud) [stack@undercloud-0 ~]$ ansible controller -b -mshell -a"docker ps|grep galera"
 [WARNING]: Found both group and host with same name: undercloud

controller-2 | SUCCESS | rc=0 >>
a9d370b5e707        192.168.24.1:8787/rhosp13/openstack-mariadb:pcmklatest                       "/bin/bash /usr/lo..."   45 minutes ago      Up 45 minutes                              galera-bundle-docker-2

controller-1 | SUCCESS | rc=0 >>
fb07a7d187f0        192.168.24.1:8787/rhosp13/openstack-mariadb:pcmklatest                       "/bin/bash /usr/lo..."   45 minutes ago      Up 45 minutes                              galera-bundle-docker-1

controller-0 | SUCCESS | rc=0 >>
2ea711411c33        192.168.24.1:8787/rhosp13/openstack-mariadb:pcmklatest                       "/bin/bash /usr/lo..."   45 minutes ago      Up 45 minutes                              galera-bundle-docker-0

. stackrc ; ./overcloud_deploy.sh |& tee deploy.out

 Stack overcloud UPDATE_COMPLETE 

Started Mistral Workflow tripleo.deployment.v1.get_horizon_url. Execution ID: 432d8eb6-28c6-41b3-9b4a-eba735a8e835
Overcloud Endpoint: https://10.0.0.101:13000/
Overcloud Horizon Dashboard URL: https://10.0.0.101:443/dashboard
Overcloud rc file: /home/stack/overcloudrc
Overcloud Deployed

(undercloud) [stack@undercloud-0 ~]$ ansible controller -b -mshell -a"docker ps|grep galera"
 [WARNING]: Found both group and host with same name: undercloud

controller-0 | SUCCESS | rc=0 >>
2ea711411c33        192.168.24.1:8787/rhosp13/openstack-mariadb:pcmklatest                       "/bin/bash /usr/lo..."   About an hour ago   Up About an hour                           galera-bundle-docker-0

controller-2 | SUCCESS | rc=0 >>
a9d370b5e707        192.168.24.1:8787/rhosp13/openstack-mariadb:pcmklatest                       "/bin/bash /usr/lo..."   About an hour ago   Up About an hour                           galera-bundle-docker-2

controller-1 | SUCCESS | rc=0 >>
fb07a7d187f0        192.168.24.1:8787/rhosp13/openstack-mariadb:pcmklatest                       "/bin/bash /usr/lo..."   About an hour ago   Up About an hour                           galera-bundle-docker-1


Undercloud:

1) 
sed -i 's/undercloud_mysql_root_password:.*/undercloud_mysql_root_password:anewpassword/g' undercloud-passwords.conf

openstack undercloud install |& tee uc.out

(undercloud) [stack@undercloud-0 ~]$ sudo grep -re mysql::server::root_password /etc/puppet/hieradata
/etc/puppet/hieradata/service_configs.json:    "mysql::server::root_password": "HvyejXmDAt",
#this is related to the failure of the previous command - seperate bz1674070

(undercloud) [stack@undercloud-0 ~]$ docker exec -it -u root mysql bash
()[root@undercloud-0 /]# mysql -e "select 1;"
+---+
| 1 |
+---+
| 1 |
+---+


(In reply to pkomarov from comment #5)
>     So I hit this shen doing : openstack undercloud install 
>     live env : titan63.lab.eng.tlv2.redhat.com #pass 1-8
>     are we missing some code pieces here ? another dependency package ?
> thanks
> 
> 
>     ERROR! the role 'tripleo-bootstrap' was not found in
> /home/stack/undercloud-ansible-vudgFQ/roles:/home/stack/tripleo-quickstart-
> utils/roles:/home/s
>     tack/undercloud-ansible-vudgFQ
> 
>     The error appears to have been in
> '/home/stack/undercloud-ansible-vudgFQ/deploy_steps_playbook.yaml': line 27,
> column 7, but may
>     be elsewhere in the file depending on the exact syntax problem.
> 
>     The offending line appears to be:
> 
>       roles:
>         - tripleo-bootstrap
>           ^ here
>     Exception: Deployment failed
>     Traceback (most recent call last):
>       File
> "/usr/lib/python2.7/site-packages/tripleoclient/v1/tripleo_deploy.py", line
> 1194, in _standalone_deploy
>         raise exceptions.DeploymentError('Deployment failed')
>     DeploymentError: Deployment failed
\

This issue is adressed in a seperate bz : https://bugzilla.redhat.com/show_bug.cgi?id=1700696

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2019:0878