Bug 1710324
| Summary: | All validations are failling when running through Mistral with a sudo command not allowed | ||
|---|---|---|---|
| Product: | Red Hat OpenStack | Reporter: | Gaël Chamoulaud <gchamoul> |
| Component: | openstack-tripleo-common | Assignee: | Gaël Chamoulaud <gchamoul> |
| Status: | CLOSED ERRATA | QA Contact: | Udi Kalifon <ukalifon> |
| Severity: | urgent | Docs Contact: | |
| Priority: | urgent | ||
| Version: | 15.0 (Stein) | CC: | augol, beth.white, jjoyce, jrist, jschluet, mbarnett, mburns, slinaber, tvignaud |
| Target Milestone: | beta | Keywords: | Triaged |
| Target Release: | 15.0 (Stein) | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | openstack-tripleo-common-10.8.1-0.20190710191707.b6a2d65.el8ost | Doc Type: | No Doc Update |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2019-09-21 11:22:03 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 1661790, 1704478, 1709410, 1713183, 1715759, 1715764 | ||
*** Bug 1713971 has been marked as a duplicate of this bug. *** I tried the exact steps and got the same error on this version openstack-tripleo-common-10.7.1-0.20190701090413.783a692.el8ost.noarch $ mistral execution-get-output 3f5fabf5-ae45-4988-9d43-c8b1a4f8ec0c | jq .stderr -r /usr/lib/python3.6/site-packages/urllib3/connection.py:374: SubjectAltNameWarning: Certificate for 192.168.24.2 has no `subjectAltName`, falling back to check for a `commonName` for now. This feature is being removed by major browsers and deprecated by RFC 2818. (See https://github.com/shazow/urllib3/issues/497 for details.) SubjectAltNameWarning /usr/lib/python3.6/site-packages/urllib3/connection.py:374: SubjectAltNameWarning: Certificate for 192.168.24.2 has no `subjectAltName`, falling back to check for a `commonName` for now. This feature is being removed by major browsers and deprecated by RFC 2818. (See https://github.com/shazow/urllib3/issues/497 for details.) SubjectAltNameWarning sudo: unable to open /run/sudo/ts/mistral: Permission denied We trust you have received the usual lecture from the local System Administrator. It usually boils down to these three things: #1) Respect the privacy of others. #2) Think before you type. #3) With great power comes great responsibility. sudo: no tty present and no askpass program specified Thanks Amit for the feedback on this one. So after a first investigation, it looks like we have a different issue here with sudo on RHEL8 because it's working on CentOS 7 with the same code. I will keep you posted. The issue is coming from a difference between Python2 and Python3. The validations workflow is creating tempfile with tempfile.mkstemp function which will generate random name sequence of: - 6 characters long for Python2 - 8 characters long for Python3 Obviously, our sudoers rules are strictly checking for tempfile with 6 characters long as suffix and not 8! THROUGH MISTRAL WORKFLOW COMMAND LINE:
======================================
(undercloud) [stack@undercloud-0 ~]$ openstack workflow execution create -f value -c ID tripleo.validations.v1.run_validation '{"validation_name": "undercloud-cpu"}'
3ab913fe-01e3-4592-8200-edeb1cddf20a
(undercloud) [stack@undercloud-0 ~]$ mistral execution-get-output 3ab913fe-01e3-4592-8200-edeb1cddf20a
{
"result": "Failure caused by error in tasks: send_message\n\n send_message [task_ex_id=a0489038-7558-4038-970a-4092cace928c] -> Workflow failed due to message status. Status:FAILED Message:None\n [wf_ex_id=15729053-7663-4cd6-9388-d3ece9471ba5, idx=0]: Workflow failed due to message status. Status:FAILED Message:None\n",
"status": "FAILED",
"validation": "undercloud-cpu",
"stdout": "Task 'undercloud-cpu : Verify the number of CPU cores' failed:\nHost: undercloud\nMessage: There are 4 cores in the system, but there should be at least 8\nFailure! The validation failed for all hosts:\n* undercloud\n",
"stderr": " [ERROR]: /usr/lib/python3.6/site-packages/urllib3/connection.py:374:\nSubjectAltNameWarning: Certificate for 192.168.24.2 has no `subjectAltName`,\nfalling back to check for a `commonName` for now. This feature is being removed\nby major browsers and deprecated by RFC 2818. (See\nhttps://github.com/shazow/urllib3/issues/497 for details.)\nSubjectAltNameWarning\n"
}
THROUGH THE TRIPLEO COMMAND LINE:
=================================
(undercloud) [stack@undercloud-0 ~]$ openstack tripleo validator run --validation-name undercloud-ram,undercloud-cpu
Running single validations
Waiting for messages on queue 'tripleo' with no timeout.
[FAILED] - undercloud-cpu
Task 'undercloud-cpu : Verify the number of CPU cores' failed:
Host: undercloud
Message: There are 4 cores in the system, but there should be at least 8
Failure! The validation failed for all hosts:
* undercloud
[FAILED] - undercloud-ram
Task 'undercloud-ram : Verify the RAM requirements' failed:
Host: undercloud
Message: The RAM on the undercloud node is 15876 MB, the minimal recommended value is 24576 MB.
Failure! The validation failed for all hosts:
* undercloud
THROUGH MISTRAL WORKFLOW COMMAND LINE:
======================================
(undercloud) [stack@undercloud-0 ~]$ openstack workflow execution create -f value -c ID tripleo.validations.v1.run_validation '{"validation_name": "undercloud-cpu"}'
3ab913fe-01e3-4592-8200-edeb1cddf20a
(undercloud) [stack@undercloud-0 ~]$ mistral execution-get-output 3ab913fe-01e3-4592-8200-edeb1cddf20a
{
"result": "Failure caused by error in tasks: send_message\n\n send_message [task_ex_id=a0489038-7558-4038-970a-4092cace928c] -> Workflow failed due to message status. Status:FAILED Message:None\n [wf_ex_id=15729053-7663-4cd6-9388-d3ece9471ba5, idx=0]: Workflow failed due to message status. Status:FAILED Message:None\n",
"status": "FAILED",
"validation": "undercloud-cpu",
"stdout": "Task 'undercloud-cpu : Verify the number of CPU cores' failed:\nHost: undercloud\nMessage: There are 4 cores in the system, but there should be at least 8\nFailure! The validation failed for all hosts:\n* undercloud\n",
"stderr": " [ERROR]: /usr/lib/python3.6/site-packages/urllib3/connection.py:374:\nSubjectAltNameWarning: Certificate for 192.168.24.2 has no `subjectAltName`,\nfalling back to check for a `commonName` for now. This feature is being removed\nby major browsers and deprecated by RFC 2818. (See\nhttps://github.com/shazow/urllib3/issues/497 for details.)\nSubjectAltNameWarning\n"
}
THROUGH THE TRIPLEO COMMAND LINE:
=================================
(undercloud) [stack@undercloud-0 ~]$ openstack tripleo validator run --validation-name undercloud-cpu
Running single validations
Waiting for messages on queue 'tripleo' with no timeout.
[FAILED] - undercloud-cpu
Task 'undercloud-cpu : Verify the number of CPU cores' failed:
Host: undercloud
Message: There are 4 cores in the system, but there should be at least 8
Failure! The validation failed for all hosts:
* undercloud
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHEA-2019:2811 |
$ openstack workflow execution create -f value -c ID tripleo.validations.v1.run_validation '{"validation_name": "undercloud-cpu"}' ### undercloud-cpu FAILED ### + mistral execution-get-output 72566186-d971-489c-bdf8-4202da700658 + jq .stderr -r + tee -a /home/stack/failed_tripleo_validations.log We trust you have received the usual lecture from the local System Administrator. It usually boils down to these three things: #1) Respect the privacy of others. #2) Think before you type. #3) With great power comes great responsibility. sudo: no tty present and no askpass program specified