Bug 1443214 - Changing Nova DB password result in errors
Summary: Changing Nova DB password result in errors
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: puppet-nova
Version: 11.0 (Ocata)
Hardware: x86_64
OS: Linux
unspecified
low
Target Milestone: rc
: 11.0 (Ocata)
Assignee: Ollie Walsh
QA Contact: Joe H. Rahme
URL:
Whiteboard:
: 1441716 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-04-18 19:01 UTC by Gregory Charot
Modified: 2017-05-17 20:22 UTC (History)
16 users (show)

Fixed In Version: puppet-nova-10.4.0-4.el7ost
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-05-17 20:22:50 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHEA-2017:1245 normal SHIPPED_LIVE Red Hat OpenStack Platform 11.0 Bug Fix and Enhancement Advisory 2017-05-17 23:01:50 UTC
OpenStack gerrit 456399 None None None 2017-04-19 13:53:07 UTC

Description Gregory Charot 2017-04-18 19:01:20 UTC
Description of problem:

When updating NovaPassword, the deployment terminates in error.

Version-Release number of selected component (if applicable):

OSP11 (Ocata)

How reproducible:
Always

Steps to Reproduce:
1. Change the NovaPassword via parameter_defaults
2. Redeploy
3. Terminates with errors

Actual results:

Notice: /Stage[main]/Nova::Cell_v2::Discover_hosts/Exec[nova-cell_v2-discover_hosts]/returns: OperationalError: (pymysql.err.OperationalError) (1045, u"Access denied for user 'nova'@'172.17.1.201' (using password: YES)")

Expected results:
Deployment completes successfully.

Additional info:

The password is updated in nova.conf.
if we do a nova-manage  cell_v2  list_cells --verbose
we can see that the old/original password is still present in the transport URL

database_connection: mysql+pymysql://nova:OLD_PASSWORD@172.17.1.150/nova?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo 

nova-manage first connects to nova_api DB (which works) then retrieves the transport_url (table cell_mappings) and connects again (this time to nova DB) with a transport_url that contains the old password hence the "Access Denied" error.

The password needs to be updated in the DB to reflect the changes eventually with nova-manage cell_v2 update_cell or via an SQL update depending on what is more convenient for you.

These commands solved the issue.

nova-manage cell_v2 update_cell --cell_uuid fecb034b-f1f3-46e4-bf8f-62b2fb867a70 --name default --database_connection 'mysql+pymysql://nova:blablaabla@172.17.1.150/nova?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo'

nova-manage cell_v2 update_cell --cell_uuid 00000000-0000-0000-0000-000000000000  --database_connection 'mysql+pymysql://nova:blablaabla@172.17.1.150/nova?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo'

Comment 2 Ollie Walsh 2017-04-24 13:39:29 UTC
*** Bug 1441716 has been marked as a duplicate of this bug. ***

Comment 5 Joe H. Rahme 2017-05-09 09:09:49 UTC
I have verified that the password can be updated. The redeploy runs without error until completion and the password change is reflected in the `nova-manage cells_v2 list-cells`.

Comment 6 errata-xmlrpc 2017-05-17 20:22:50 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2017:1245


Note You need to log in before you can comment on or make changes to this bug.