Bug 1387283 - Validation SSH keys are not copied to the overcloud nodes
Summary: Validation SSH keys are not copied to the overcloud nodes
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-tripleo-heat-templates
Version: 10.0 (Newton)
Hardware: Unspecified
OS: Unspecified
Target Milestone: rc
: 10.0 (Newton)
Assignee: Tomas Sedovic
QA Contact: Udi
Depends On:
TreeView+ depends on / blocked
Reported: 2016-10-20 14:15 UTC by Jason E. Rist
Modified: 2016-12-14 16:23 UTC (History)
9 users (show)

Fixed In Version: openstack-tripleo-heat-templates-5.0.0-1.5.el7ost openstack-tripleo-common-5.3.0-5.el7ost
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed: 2016-12-14 16:23:32 UTC

Attachments (Terms of Use)

System ID Priority Status Summary Last Updated
Red Hat Product Errata RHEA-2016:2948 normal SHIPPED_LIVE Red Hat OpenStack Platform 10 enhancement update 2016-12-14 19:55:27 UTC
OpenStack gerrit 392971 None None None 2016-11-02 21:16:37 UTC
OpenStack gerrit 394446 None None None 2016-11-10 04:09:46 UTC
Launchpad 1635226 None None None 2016-10-20 14:15:45 UTC

Description Jason E. Rist 2016-10-20 14:15:42 UTC
Cloned from launchpad bug 1635226.


After `openstack overcloud deploy ...` finishes, it should be possible to run the validations from the UI or via Mistral.

This is not the case though and instead, the (overcloud) validations error out with: "Failed to connect to the host via ssh."

As far as I could discover so far, it's because the deploy_ssh_keys workflow gets an empty list of servers to copy the SSH keys to. The workflow that sets up the keys is here:


which invokes copy_ssh_key:


When I run `mistral task-list`, there are no errors there, but the `get_servers` task returns an empty list (even though this should be a complete deployment now and all the nodes should be in nova).

Running `mistral run-action nova.servers_list` does return the expected result.

And running `mistral execution-create tripleo.validations.v1.copy_ssh_key` manually after the deployment does get the list of servers and uploads the keys properly.

Specification URL (additional information):


Comment 1 Jason E. Rist 2016-11-02 04:30:56 UTC
Needs reviews but patch posted. https://review.openstack.org/391093

Comment 2 Jon Schlueter 2016-11-02 21:16:38 UTC
master patch landed, proposed stable/newton backport


Comment 3 Tomas Sedovic 2016-11-08 14:48:10 UTC
Both upstream patches and their stable/newton backports have landed now:


Comment 5 Udi 2016-11-16 12:22:18 UTC
All post-deployment validations are failing. On the overcloud nodes there is no tripleo-validations entry in .ssh/authorized_keys. Failing the bug.

Comment 7 Jason E. Rist 2016-11-18 20:47:04 UTC
Udi it is my understanding that your environment was stale and that this is working as intended.  Can you confirm?

Comment 8 Udi 2016-11-20 07:54:32 UTC
What do you mean "stale"? This bug is still valid in:

Comment 9 Ola Pavlenko 2016-11-23 12:45:26 UTC
Need to retest on new puddle.

Comment 10 Ana Krivokapic 2016-11-24 13:29:42 UTC
I have post-deployment validations passing and tripleo-validations entry is present in the authorized_keys file on overcloud nodes.


Comment 13 errata-xmlrpc 2016-12-14 16:23:32 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.