Bug 1431593 - OSP10 -> OSP11 upgrade fails on environment with radosgw service enabled
Summary: OSP10 -> OSP11 upgrade fails on environment with radosgw service enabled
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-tripleo-heat-templates
Version: 11.0 (Ocata)
Hardware: Unspecified
OS: Unspecified
unspecified
urgent
Target Milestone: rc
: 11.0 (Ocata)
Assignee: Keith Schincke
QA Contact: Yogev Rabl
Derek
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-03-13 11:52 UTC by Marius Cornea
Modified: 2017-05-17 20:07 UTC (History)
9 users (show)

Fixed In Version: openstack-tripleo-heat-templates-6.0.0-7.el7ost
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-05-17 20:07:24 UTC
Target Upstream Version:


Attachments (Terms of Use)
os-collect-config log (2.62 MB, text/plain)
2017-03-13 11:52 UTC, Marius Cornea
no flags Details


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHEA-2017:1245 normal SHIPPED_LIVE Red Hat OpenStack Platform 11.0 Bug Fix and Enhancement Advisory 2017-05-17 23:01:50 UTC
OpenStack gerrit 455695 None None None 2017-04-20 18:39:32 UTC
Launchpad 1678126 None None None 2017-03-31 14:17:39 UTC

Description Marius Cornea 2017-03-13 11:52:46 UTC
Created attachment 1262401 [details]
os-collect-config log

Description of problem:
OSP10 -> OSP11 upgrade fails on environment with radosgw deployed on a custom role:

    Error: Execution of '/usr/bin/openstack role create --format shell member' returned 1: Conflict occurred attempting to store role - Duplicate entry found with name member. (HTTP 409) (Request-ID: req-7a0ec0ae-bcb2-4574-bcaf-c8921f55ca5f)
    Error: /Stage[main]/Ceph::Rgw::Keystone::Auth/Keystone_role[member]/ensure: change from absent to present failed: Execution of '/usr/bin/openstack role create --format shell member' returned 1: Conflict occurred attempting to store role - Duplicate entry found with name member. (HTTP 409) (Request-ID: req-7a0ec0ae-bcb2-4574-bcaf-c8921f55ca5f)
    Warning: /Stage[main]/Ceph::Rgw::Keystone::Auth/Keystone_user_role[swift@service]: Skipping because of failed dependencies

Version-Release number of selected component (if applicable):
openstack-tripleo-heat-templates-6.0.0-0.20170303152752.0rc1.el7ost.noarch

How reproducible:
100%

Steps to Reproduce:
1. Deploy OSP10 with radosgw service enabled on a custom role running systemd managed services
2. Run upgrade OSP10->OSP11 procedure on top of it

Actual results:
Upgrade fails during major-upgrade-composable-steps.yaml

Expected results:
Upgrade succeeds.

Additional info:
Attaching the os-collect-config log.

Comment 1 Marius Cornea 2017-03-25 21:04:11 UTC
I was able to reproduce this issue on an environment where the radosgw service is running on monolithic controllers(3 controllers, 2 computes and 3 ceph osd nodes).

Comment 2 Keith Schincke 2017-03-26 21:13:44 UTC
Marius,

Which set of documentation are you using for your upgrade?

Keith

Comment 3 Marius Cornea 2017-03-26 21:19:28 UTC
(In reply to Keith Schincke from comment #2)
> Marius,
> 
> Which set of documentation are you using for your upgrade?
> 

The upgrade procedure:

https://gitlab.cee.redhat.com/mandreou/OSP10-OSP11-Upgrade/blob/master/README.md

Comment 4 Keith Schincke 2017-03-29 16:49:06 UTC
I have found the where the error is occurring. 

ceph::rgw:keystone:auth has a call to create the needed roles (1). The keystone provider checks for the role existing(2) before attempting to add (3). OpenStack 10/Newton adds a role named "Member". OpenStack 11/Ocata adds a role named 'member'. The check does not match "Member" is not the same as "member" but the add fails in keystone because "Member" already exists. 

I am working with the stream people to get a fix. 


1: https://github.com/openstack/puppet-ceph/blob/master/manifests/rgw/keystone/auth.pp#L81
2: https://github.com/openstack/puppet-keystone/blob/master/lib/puppet/provider/keystone_role/openstack.rb#L66
3: https://github.com/openstack/puppet-keystone/blob/master/lib/puppet/provider/keystone_role/openstack.rb#L29

Comment 11 Yogev Rabl 2017-04-26 18:16:31 UTC
verified on openstack-tripleo-heat-templates-6.0.0-7.el7ost.noarch

Comment 13 errata-xmlrpc 2017-05-17 20:07:24 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2017:1245


Note You need to log in before you can comment on or make changes to this bug.