Currently, you cannot scale down or delete compute nodes if Red Hat OpenStack Platform is deployed with TLS Everywhere using tripleo-ipa. This is because the cleanup role, traditionally delegated to the undercloud as localhost, is now being invoked from the Workflow service (mistral) container.
+
For more information, see https://access.redhat.com/solutions/5336241
DescriptionMarian Krcmarik
2020-08-05 22:06:57 UTC
Created attachment 1710577[details]
ansible.log
Created attachment 1710577[details]
ansible.log
Description of problem:
Deletion of compute node during Compute node replacement procedure fails on an environment deployed with TLS-Everywhere (tripleo-ipa) mode (specifically multistack DCn topology).
The example of command executed:
openstack overcloud node delete --stack dcn2 ${OC_NODE_ID_COMP2_1} --yes
Fails on:
TASK [tripleo_ipa_cleanup : delete hosts, subhosts and services from freeIPA] ***
Wednesday 05 August 2020 09:17:49 +0000 (0:00:00.227) 0:00:05.213 ******
fatal: [dcn2-compute2-1]: FAILED! => {"changed": false, "module_stderr": "sudo: unable to open /run/sudo/ts/mistral: Permission denied\nsudo: a password is required\n", "module_stdout": "", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 1}
The failing ansible task looks like:
- name: delete hosts, subhosts and services from freeIPA
cleanup_ipa_services:
keytab: "{{ tripleo_ipa_keytab }}"
hosts: "{{ tripleo_ipa_hosts_to_delete }}"
become: yes
I removed the "become: yes" because it seems the task is ran under root user anyway and It failed on different error which I do not know It is caused by lack of privileges:
TASK [tripleo_ipa_cleanup : delete hosts, subhosts and services from freeIPA] ***
Wednesday 05 August 2020 21:08:13 +0000 (0:00:00.101) 0:00:03.641 ******
fatal: [dcn2-compute2-1]: FAILED! => {"changed": false, "msg": "'KRB5CCNAME'"} privileges or another problem, the output is:
Version-Release number of selected component (if applicable):
ansible-tripleo-ipa-0.2.1-0.20200611104546.c22fc8d.el8ost.noarch
How reproducible:
Always
Steps to Reproduce:
1. Get OSP 16.1 with TLS-E deployed with tripleo-ipa method
2. Try to delete a compute node from stack (see command above)
3.
Actual results:"module_stderr": "sudo: unable to open /run/sudo/ts/mistral: Permission denied\nsudo: a password is required\n", "module_stdout": "", "msg": "MODULE FAILURE
It fails -
Expected results:
Successful removal
Additional info:
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory (Red Hat OpenStack Platform 16.1 bug fix and enhancement advisory), and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.
https://access.redhat.com/errata/RHEA-2020:4284