Bug 2302191
| Summary: | {{role.name}}ExtraGroupVars is not merged strategy. | ||
|---|---|---|---|
| Product: | Red Hat OpenStack | Reporter: | Keigo Noha <knoha> |
| Component: | openstack-tripleo-heat-templates | Assignee: | Rabi Mishra <ramishra> |
| Status: | CLOSED ERRATA | QA Contact: | Joe H. Rahme <jhakimra> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 17.1 (Wallaby) | CC: | drosenfe, mariel, mburns, pweeks, ramishra |
| Target Milestone: | z4 | Keywords: | Triaged |
| Target Release: | 17.1 | ||
| Hardware: | x86_64 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | openstack-tripleo-heat-templates-14.3.1-17.1.20240919130751.e7c7ce3.el9ost | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2024-11-21 09:30:41 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
I modified overcloud-resource-registry-puppet.j2.yaml as follows.
~~~
parameter_merge_strategies:
ServiceNetMap: merge
VipSubnetMap: merge
SshServerOptions: merge
ExtraConfig: merge
{% for role in roles %}
{{role.name}}Parameters: merge
{{role.name}}ExtraConfig: merge
{{role.name}}ExtraGroupVars: merge <--- ADDED
{% endfor %}
parameter_defaults:
NeutronMechanismDrivers: ovn
ContainerCli: podman
EnablePackageInstall: false
SoftwareConfigTransport: POLL_SERVER_HEAT
OVNIntegrationBridge: br-int
ExtraConfig: {}
{% for role in roles %}
# Parameters generated for {{role.name}} Role
{{role.name}}Services: {{role.ServicesDefault|default([])}}
{{role.name}}Parameters: {}
{{role.name}}ExtraConfig: {}
{{role.name}}ExtraGroupVars: {} <--- ADDED
{% endfor %}
~~~
I did the following tests.
~~~
$ cat virt/firewall.yaml
parameter_defaults:
ExtraFirewallRules:
'300 accept ssh from any':
dport: 22
proto: tcp
'400 accept BFD controll packet from any':
dport: 3784
proto: udp
'401 accept BFD Echo packet from any':
dport: 3785
proto: udp
'500 allow zabbix':
dport: 10050
proto: tcp
ControllerExtraGroupVars:
tripleo_firewall_default_rules: {'000 accept relatedestablished rules': { proto: all, state: ["RELATED", "ESTABLISHED"]},'001 accept all icmp': {ipversion: ipv4, proto: icmp}, '001 accept all ipv6-icmp': {ipversion: ipv6, proto: ipv6-icmp}, '002 accept all to lo interface': {proto: all, interface: lo}, '004 accept ipv6 dhcpv6': {ipversion: ipv6, dport: 546, proto: udp, state: NEW, destination: 'fe80::/64'}, '999 drop all': {proto: all, action: drop}}
ComputeExtraGroupVars:
tripleo_firewall_default_rules: {'000 accept related established rules': { proto: all, state: ["RELATED", "ESTABLISHED"]}, '001 accept all icmp': {ipversion: ipv4, proto: icmp}, '001 accept all ipv6-icmp': {ipversion: ipv6, proto: ipv6-icmp}, '002 accept all to lo interface': {proto: all, interface: lo}, '004 accept ipv6 dhcpv6': {ipversion: ipv6, dport: 546, proto: udp, state: NEW, destination: 'fe80::/64'}, '999 drop all': {proto: all, action: drop}}
~~~
~~~
cat virt/config_heat.yaml
parameter_defaults:
Timezone: Asia/Tokyo
ControllerExtraGroupVars: &chrony_action_tests
chrony_role_action: config
ComputeExtraGroupVars: *chrony_action_tests
~~~
~~~
openstack overcloud deploy \
--timeout 240 \
--templates /usr/share/openstack-tripleo-heat-templates \
--environment-file /usr/share/openstack-tripleo-heat-templates/environments/services/octavia.yaml \
--stack overcloud \
--libvirt-type kvm \
--ntp-server clock.corp.redhat.com \
--deployed-server \
-e /home/stack/templates/overcloud-vip-deployed.yaml \
-e /home/stack/templates/overcloud-networks-deployed.yaml \
-e /home/stack/templates/overcloud-baremetal-deployed.yaml \
--networks-file /home/stack/virt/network/network_data_v2.yaml \
-e /home/stack/virt/config_lvm.yaml \
-e /home/stack/virt/network/network-environment_v2.yaml \
-e ~/fencing.yaml \
-e /home/stack/virt/hostnames.yml \
-e /usr/share/openstack-tripleo-heat-templates/environments/services/neutron-ovn-dvr-ha.yaml \
-e /home/stack/virt/debug.yaml \
-e /home/stack/virt/config_heat.yaml \
-e /home/stack/virt/nodes_data.yaml \
-e ~/containers-prepare-parameter.yaml \
-e /home/stack/virt/l3_fip_qos.yaml \
-e /home/stack/virt/firewall.yaml \
--log-file overcloud_deployment_0.log
~~~
Without the modification, chrony_role_action was not set to config.
Wit the modification, chrony_role_action is set to config.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: RHOSP 17.1.4 (openstack-tripleo-heat-templates) security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2024:9978 |
Description of problem: {{role.name}}ExtraGroupVars is not merged strategy. This behavior caused that the multiple {{role.name}}ExtraGroupVars definition is only effective with the last definition. Other role based configuration, like {{role.name}}ExtraConfig has merge strategy. https://github.com/openstack-archive/tripleo-heat-templates/blob/stable/wallaby/overcloud-resource-registry-puppet.j2.yaml#L350-L358 {{role.name}}ExtraGroupVars should be the same strategy. Version-Release number of selected component (if applicable): OSP17.1 How reproducible: Everytime Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info: