Bug 1690558

Summary: [OSP13][Deployment][TLS] Deployment fails when enabling TLS when with 3 controllers in 3 profiles
Product: Red Hat OpenStack Reporter: Priscila <pveiga>
Component: openstack-tripleo-heat-templatesAssignee: Emilien Macchi <emacchi>
Status: CLOSED ERRATA QA Contact: Sasha Smolyak <ssmolyak>
Severity: high Docs Contact:
Priority: high    
Version: 13.0 (Queens)CC: ahrechan, alee, aschultz, christian.borba, cjeanner, dpeacock, emacchi, mburns, ramishra, sbaker, shardy, slinaber
Target Milestone: ---Keywords: Triaged, ZStream
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: openstack-tripleo-heat-templates-8.3.1-52.el7ost Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
: 1722640 1722946 (view as bug list) Environment:
Last Closed: 2019-07-10 13:03:18 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1722640, 1722946    

Description Priscila 2019-03-19 16:57:46 UTC 
Description of problem: 
When deploying with controllers split into 3 profiles. haproxy fails to build configuration when trying to enable TLS.

Version-Release number of selected component (if applicable): OSP13


How reproducible: Always 


Steps to Reproduce:
Deploy overcloud with TLS 
~~~
openstack overcloud deploy --templates --stack xxxx -e templates/cli-replacement.yaml -e templates/glance_swift_config.yaml -e templates/network-environment.yaml -e templates/storage-environment.yaml -e /usr/share/openstack-tripleo-heat-templates/environments/network-isolation.yaml -e templates/logging-environment.yaml -e templates/cloudname.yaml -e templates/overcloud_images.yaml -e templates/ldap-environment.yaml -e templates/mount_nfs.yaml -e templates/cinder-backends01.yaml -e templates/cinder-backends02.yaml -e templates/cinder-backends03.yaml -e templates/enable-tls.yaml -r templates/roles_data.yaml --debug
~~~

Actual results:

Error from stack:
    ~~~
    2019-02-2X 19:34:04Z [xxxx.AllNodesDeploySteps]: CREATE_FAILED  Resource CREATE failed: Error: resources.Controller02Deployment_Step1.resources[0]: Deployment to server failed: deploy_status_code: Deployment exited with non-zero status code: 2
     
     Stack xxxx CREATE_FAILED
     
    xxxx.AllNodesDeploySteps.Controller02Deployment_Step1.0:
      resource_type: OS::Heat::StructuredDeployment
      physical_resource_id: xxxxxxxxxxxxxxxxxxxxxxxxxxx
      status: CREATE_FAILED
      status_reason: |
        Error: resources[0]: Deployment to server failed: deploy_status_code : Deployment exited with non-zero status code: 2
      deploy_stdout: |
        ...
                "2019-02-2x 19:34:00,928 INFO: xxxx -- Removing container: docker-puppet-heat_api_cfn",
                "2019-02-2x 19:34:00,960 INFO: xxxx -- Finished processing puppet configs for heat_api_cfn",
                "2019-02-2x 19:34:00,960 ERROR: xxxx -- ERROR configuring haproxy"
            ]
        }
            to retry, use: --limit @/var/lib/heat-config/heat-config-ansible/xxxxxxxxxxxxxxxxxx_playbook.retry
       
        PLAY RECAP *********************************************************************
        localhost                  : ok=24   changed=12   unreachable=0    failed=1  
       
        (truncated, view all with --long)
      deploy_stderr: |
     
    xxx.AllNodesDeploySteps.Controller03Deployment_Step1.0:
      resource_type: OS::Heat::StructuredDeployment
      physical_resource_id: xxxxxxxxxxxxxxxxxxxxx
      status: CREATE_FAILED
      status_reason: |
        Error: resources[0]: Deployment to server failed: deploy_status_code : Deployment exited with non-zero status code: 2
      deploy_stdout: |
        ...
                "2019-02-2X 19:34:00,272 INFO: xxxx -- Removing container: docker-puppet-heat_api_cfn",
                "2019-02-2X 19:34:00,313 INFO: xxxx -- Finished processing puppet configs for heat_api_cfn",
                "2019-02-2X 19:34:00,313 ERROR: xxxxx -- ERROR configuring haproxy"
            ]
        }
            to retry, use: --limit @/var/lib/heat-config/heat-config-ansible/xxxxxxxxxxxxxxxxxxxxxx_playbook.retry
       
        PLAY RECAP *********************************************************************
        localhost                  : ok=24   changed=12   unreachable=0    failed=1  


Expected results: Overcloud deployed with TLS
Comment 31 Artem Hrechanychenko 2019-06-26 19:15:14 UTC 
VERIFIED

openstack-tripleo-heat-templates-8.3.1-53.el7ost.noarch
Comment 33 errata-xmlrpc 2019-07-10 13:03:18 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2019:1738