Bug 1309771 - Overcloud deploy fails to boot instances after scaling out compute node.
Overcloud deploy fails to boot instances after scaling out compute node.
Product: Red Hat OpenStack
Classification: Red Hat
Component: rhosp-director (Show other bugs)
7.0 (Kilo)
Unspecified Unspecified
unspecified Severity unspecified
: ---
: 8.0 (Liberty)
Assigned To: Angus Thomas
Depends On:
  Show dependency treegraph
Reported: 2016-02-18 11:21 EST by Gabriele Cerami
Modified: 2016-04-18 03:13 EDT (History)
8 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2016-02-25 14:09:37 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Gabriele Cerami 2016-02-18 11:21:52 EST
Description of problem:
Overcloud deploy fails to boot instances after scaling out compute node.

Version-Release number of selected component (if applicable):
2016-02-16.1 puddle

How reproducible:

Steps to Reproduce:
1. deploy overcloud with ssl (1 controller, 1 compute, passed -e ~/enable-tls.yaml -e ~/inject-trust-anchor.yaml templates)
2. ready another node
3. deploy overcloud again with --compute-scale 2 (same parameters as before)

Actual results:
Instances created are in ERROR state. Looking at the logs in /var/log/neutron/server.log there is this SSL error:
2016-02-18 12:19:26.848 26692 ERROR neutron.notifiers.nova [-] Failed to notify nova on events: [{'status': 'completed', 'tag': u'aece1d42-331b-429c-b74f-016d044619d3', 'name': 'network-vif-p
lugged', 'server_uuid': u'c45624af-493c-4ac7-ac3f-53f87d414223'}]
2016-02-18 12:24:27.685 26692 TRACE neutron.notifiers.nova SSLError: SSL exception connecting to [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:765)
Neutron is unable to communicate with controller to signal the creation of the interface in the specified network.

Expected results:
Instance is created successfully

Additional info:
In the controller node, if I manually copy /etc/pki/tls/private/overcloud_endpoint.pem to /etc/pki/ca-trust/source/anchors/ and call update-ca-trust extract, certificate is added correctly to /etc/pki/tls/certs/ca-bundle.crt and neutron is able to connect to endpoint with SSL.
But all the other nodes lack the correct CA too.
Comment 2 Gabriele Cerami 2016-02-25 14:09:37 EST
The error was caused by a misconfiguration during setup phase. Bug can be closed.

Note You need to log in before you can comment on or make changes to this bug.