Bug 1387283 - Validation SSH keys are not copied to the overcloud nodes
Summary: Validation SSH keys are not copied to the overcloud nodes
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-tripleo-heat-templates
Version: 10.0 (Newton)
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: rc
: 10.0 (Newton)
Assignee: Tomas Sedovic
QA Contact: Udi Kalifon
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-10-20 14:15 UTC by Jason E. Rist
Modified: 2016-12-14 16:23 UTC (History)
9 users (show)

Fixed In Version: openstack-tripleo-heat-templates-5.0.0-1.5.el7ost openstack-tripleo-common-5.3.0-5.el7ost
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-12-14 16:23:32 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Launchpad 1635226 0 None None None 2016-10-20 14:15:45 UTC
OpenStack gerrit 392971 0 None MERGED Fix the validation ssh keys workflow 2021-02-15 16:02:21 UTC
OpenStack gerrit 394446 0 None MERGED Add an optional extra node admin ssh key parameter 2021-02-15 16:02:21 UTC
Red Hat Product Errata RHEA-2016:2948 0 normal SHIPPED_LIVE Red Hat OpenStack Platform 10 enhancement update 2016-12-14 19:55:27 UTC

Description Jason E. Rist 2016-10-20 14:15:42 UTC
Cloned from launchpad bug 1635226.

Description:

After `openstack overcloud deploy ...` finishes, it should be possible to run the validations from the UI or via Mistral.

This is not the case though and instead, the (overcloud) validations error out with: "Failed to connect to the host via ssh."


As far as I could discover so far, it's because the deploy_ssh_keys workflow gets an empty list of servers to copy the SSH keys to. The workflow that sets up the keys is here:

https://github.com/openstack/tripleo-common/blob/8aa75683cbf796f8c0dc0334c03ef5023c96ca72/workbooks/deployment.yaml#L121

which invokes copy_ssh_key:

https://github.com/openstack/tripleo-common/blob/8aa75683cbf796f8c0dc0334c03ef5023c96ca72/workbooks/validations.yaml#L183

When I run `mistral task-list`, there are no errors there, but the `get_servers` task returns an empty list (even though this should be a complete deployment now and all the nodes should be in nova).

Running `mistral run-action nova.servers_list` does return the expected result.

And running `mistral execution-create tripleo.validations.v1.copy_ssh_key` manually after the deployment does get the list of servers and uploads the keys properly.

Specification URL (additional information):

https://bugs.launchpad.net/tripleo/+bug/1635226

Comment 1 Jason E. Rist 2016-11-02 04:30:56 UTC
Needs reviews but patch posted. https://review.openstack.org/391093

Comment 2 Jon Schlueter 2016-11-02 21:16:38 UTC
master patch landed, proposed stable/newton backport

https://review.openstack.org/#/c/392971

Comment 3 Tomas Sedovic 2016-11-08 14:48:10 UTC
Both upstream patches and their stable/newton backports have landed now:

https://review.openstack.org/#/c/392971/
https://review.openstack.org/#/c/394446/

Comment 5 Udi Kalifon 2016-11-16 12:22:18 UTC
All post-deployment validations are failing. On the overcloud nodes there is no tripleo-validations entry in .ssh/authorized_keys. Failing the bug.

Comment 7 Jason E. Rist 2016-11-18 20:47:04 UTC
Udi it is my understanding that your environment was stale and that this is working as intended.  Can you confirm?

Comment 8 Udi Kalifon 2016-11-20 07:54:32 UTC
What do you mean "stale"? This bug is still valid in:
openstack-tripleo-heat-templates-5.0.0-1.6.el7ost.noarch
openstack-tripleo-common-5.3.0-6.el7ost.noarch

Comment 9 Ola Pavlenko 2016-11-23 12:45:26 UTC
Need to retest on new puddle.

Comment 10 Ana Krivokapic 2016-11-24 13:29:42 UTC
I have post-deployment validations passing and tripleo-validations entry is present in the authorized_keys file on overcloud nodes.

openstack-tripleo-validations-5.1.0-5.el7ost.noarch

Comment 13 errata-xmlrpc 2016-12-14 16:23:32 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHEA-2016-2948.html


Note You need to log in before you can comment on or make changes to this bug.