Bug 2207991

Summary: SRBAC env file conflicts with NovaHostStatus parameter to throw a double declaration error resulting in failed overcloud deployment
Product: Red Hat OpenStack Reporter: Sree <skovili>
Component: openstack-tripleo-heat-templatesAssignee: Bogdan Dobrelya <bdobreli>
Status: CLOSED ERRATA QA Contact: OSP DFG:Compute <osp-dfg-compute>
Severity: high Docs Contact:
Priority: high    
Version: 17.1 (Wallaby)CC: alifshit, bdobreli, dasmith, eglynn, gregraka, jelynch, jhakimra, jparker, kchamart, mburns, pgrist, sbauza, sgordon, skovili, smooney, vromanso
Target Milestone: gaKeywords: Triaged
Target Release: 17.1   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: openstack-tripleo-heat-templates-14.3.1-1.20230519151013.el9ost Doc Type: Bug Fix
Doc Text:
Before this update, secure role-based access control (SRBAC) and the `NovaShowHostStatus` parameter used the same policy key titles. If you configured both SRBAC and `NovaShowHostStatus`, the deployment failed with a conflict. With this update, the policy key for `NovaShowHostStatus` is changed and there are no related conflicts in deployments.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2023-08-16 01:15:21 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Sree 2023-05-17 14:27:18 UTC 
Description of problem:
17.1 deployment with SRBAC fails at overcloud with the below duplicate declaration error:

<13>May 16 21:07:32 puppet-user: Error: Evaluation Error: Error while evaluating a Resource Statement, Evaluation Error: Error while evaluating a Resource Statement, Duplicate declaration: File_line[/etc/nova/policy.yaml-os_compute_api:servers:show:host_status:unknown-only] is already declared at (file: /etc/puppet/modules/openstacklib/manifests/policy/base.pp, line: 101); cannot redeclare (file: /etc/puppet/modules/openstacklib/manifests/policy/base.pp, line: 101) (file: /etc/puppet/modules/openstacklib/manifests/policy/base.pp, line: 101, column: 7) (file: /etc/puppet/modules/nova/manifests/policy.pp, line: 54) on node controller-0.redhat.local

Version-Release number of selected component (if applicable): 17.1 Wallaby


Steps to Reproduce:
1.Deploy openstack with srbac settings. Pass override parameter NovaHostStatus - 'unknown-only'
2.
3.

Actual results:
Overcloud failed with double declaration error
Comment 4 Artom Lifshitz 2023-06-06 17:45:51 UTC 
For visibility raising blocker?, even
Comment 5 Artom Lifshitz 2023-06-06 17:46:49 UTC 
For visibility, raising blocker? even if this is already in MODIFIED.
Comment 6 Artom Lifshitz 2023-06-06 17:47:38 UTC 
Reason for blocker: SRBAC is inoperable without this fix.
Comment 29 errata-xmlrpc 2023-08-16 01:15:21 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Release of components for Red Hat OpenStack Platform 17.1 (Wallaby)), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2023:4577