Hide Forgot
rhosp-director: Composable roles deployment - docker daemon doesn't start on non standard nodes. Environment: python-docker-pycreds-1.10.6-1.el7.noarch docker-distribution-2.6.1-1.1.gita25b9ef.el7.x86_64 instack-undercloud-7.2.1-0.20170729010706.el7ost.noarch docker-rhel-push-plugin-1.12.6-48.git0fdc778.el7.x86_64 docker-client-1.12.6-48.git0fdc778.el7.x86_64 python-docker-py-1.10.6-1.el7.noarch docker-1.12.6-48.git0fdc778.el7.x86_64 openstack-tripleo-heat-templates-7.0.0-0.20170805163048.el7ost.noarch docker-common-1.12.6-48.git0fdc778.el7.x86_64 openstack-puppet-modules-10.0.0-0.20170315222135.0333c73.el7.1.noarch Steps to reproduce: Try to deploy overcloud with composable roles: openstack overcloud deploy \ --templates /usr/share/openstack-tripleo-heat-templates \ --libvirt-type kvm \ --ntp-server clock.redhat.com \ -r /home/stack/roles_data.yaml \ -e /usr/share/openstack-tripleo-heat-templates/environments/storage-environment.yaml \ -e /home/stack/virt/internal.yaml \ -e /usr/share/openstack-tripleo-heat-templates/environments/network-isolation.yaml \ -e /home/stack/virt/network/network-environment.yaml \ -e /home/stack/virt/hostnames.yml \ -e /usr/share/openstack-tripleo-heat-templates/environments/ceph-ansible/ceph-ansible.yaml \ -e /usr/share/openstack-tripleo-heat-templates/environments/docker.yaml \ -e /usr/share/openstack-tripleo-heat-templates/environments/docker-ha.yaml \ -e /home/stack/virt/debug.yaml \ -e /home/stack/virt/nodes_data.yaml \ -e /home/stack/virt/docker-images.yaml (undercloud) [stack@undercloud-0 ~]$ cat roles_data.yaml ############################################################################### # File generated by TripleO ############################################################################### ############################################################################### # Role: ControllerOpenstack # ############################################################################### - name: Controller description: | Controller role that does not contain the database, messaging and networking components. Use in combination with the Database, Messaging and Networker roles. tags: - primary - controller networks: - External - InternalApi - Storage - StorageMgmt - Tenant HostnameFormatDefault: '%stackname%-controller-%index%' ServicesDefault: - OS::TripleO::Services::AodhApi - OS::TripleO::Services::AodhEvaluator - OS::TripleO::Services::AodhListener - OS::TripleO::Services::AodhNotifier - OS::TripleO::Services::AuditD - OS::TripleO::Services::BarbicanApi - OS::TripleO::Services::CACerts - OS::TripleO::Services::CeilometerAgentCentral - OS::TripleO::Services::CeilometerAgentNotification - OS::TripleO::Services::CeilometerApi - OS::TripleO::Services::CeilometerExpirer - OS::TripleO::Services::CephExternal - OS::TripleO::Services::CephMds - OS::TripleO::Services::CephMon - OS::TripleO::Services::CephRbdMirror - OS::TripleO::Services::CephRgw - OS::TripleO::Services::CinderApi - OS::TripleO::Services::CinderBackup - OS::TripleO::Services::CinderHPELeftHandISCSI - OS::TripleO::Services::CinderScheduler - OS::TripleO::Services::CinderVolume - OS::TripleO::Services::Collectd - OS::TripleO::Services::Congress - OS::TripleO::Services::Clustercheck - OS::TripleO::Services::Docker - OS::TripleO::Services::Ec2Api - OS::TripleO::Services::Etcd - OS::TripleO::Services::FluentdClient - OS::TripleO::Services::GlanceApi - OS::TripleO::Services::GnocchiApi - OS::TripleO::Services::GnocchiMetricd - OS::TripleO::Services::GnocchiStatsd - OS::TripleO::Services::HAproxy - OS::TripleO::Services::HeatApi - OS::TripleO::Services::HeatApiCfn - OS::TripleO::Services::HeatApiCloudwatch - OS::TripleO::Services::HeatEngine - OS::TripleO::Services::Horizon - OS::TripleO::Services::IronicApi - OS::TripleO::Services::IronicConductor - OS::TripleO::Services::Iscsid - OS::TripleO::Services::Keepalived - OS::TripleO::Services::Kernel - OS::TripleO::Services::Keystone - OS::TripleO::Services::ManilaApi - OS::TripleO::Services::ManilaBackendCephFs - OS::TripleO::Services::ManilaBackendGeneric - OS::TripleO::Services::ManilaBackendNetapp - OS::TripleO::Services::ManilaScheduler - OS::TripleO::Services::ManilaShare - OS::TripleO::Services::Memcached - OS::TripleO::Services::MongoDb - OS::TripleO::Services::MySQLClient - OS::TripleO::Services::NovaApi - OS::TripleO::Services::NovaConductor - OS::TripleO::Services::NovaConsoleauth - OS::TripleO::Services::NovaIronic - OS::TripleO::Services::NovaMetadata - OS::TripleO::Services::NovaPlacement - OS::TripleO::Services::NovaScheduler - OS::TripleO::Services::NovaVncProxy - OS::TripleO::Services::Ntp - OS::TripleO::Services::OctaviaApi - OS::TripleO::Services::OctaviaHealthManager - OS::TripleO::Services::OctaviaHousekeeping - OS::TripleO::Services::OctaviaWorker - OS::TripleO::Services::OpenDaylightApi - OS::TripleO::Services::OpenDaylightOvs - OS::TripleO::Services::OVNDBs - OS::TripleO::Services::OVNController - OS::TripleO::Services::Pacemaker - OS::TripleO::Services::PankoApi - OS::TripleO::Services::Redis - OS::TripleO::Services::SaharaApi - OS::TripleO::Services::SaharaEngine - OS::TripleO::Services::SensuClient - OS::TripleO::Services::Snmp - OS::TripleO::Services::Sshd - OS::TripleO::Services::SwiftProxy - OS::TripleO::Services::SwiftRingBuilder - OS::TripleO::Services::SwiftStorage - OS::TripleO::Services::Tacker - OS::TripleO::Services::Timezone - OS::TripleO::Services::TripleoFirewall - OS::TripleO::Services::TripleoPackages - OS::TripleO::Services::Tuned - OS::TripleO::Services::Vpp - OS::TripleO::Services::Zaqar ############################################################################### # Role: Database # ############################################################################### - name: Database description: | Standalone database role with the database being managed via Pacemaker networks: - InternalApi HostnameFormatDefault: '%stackname%-database-%index%' ServicesDefault: - OS::TripleO::Services::AuditD - OS::TripleO::Services::CACerts - OS::TripleO::Services::Collectd - OS::TripleO::Services::FluentdClient - OS::TripleO::Services::Kernel - OS::TripleO::Services::MySQL - OS::TripleO::Services::MySQLClient - OS::TripleO::Services::Ntp - OS::TripleO::Services::Pacemaker - OS::TripleO::Services::SensuClient - OS::TripleO::Services::Snmp - OS::TripleO::Services::Timezone - OS::TripleO::Services::TripleoFirewall - OS::TripleO::Services::TripleoPackages - OS::TripleO::Services::Tuned ############################################################################### # Role: Messaging # ############################################################################### - name: Messaging description: | Standalone messaging role with RabbitMQ being managed via Pacemaker networks: - InternalApi HostnameFormatDefault: '%stackname%-messaging-%index%' ServicesDefault: - OS::TripleO::Services::AuditD - OS::TripleO::Services::CACerts - OS::TripleO::Services::Collectd - OS::TripleO::Services::FluentdClient - OS::TripleO::Services::Kernel - OS::TripleO::Services::Ntp - OS::TripleO::Services::Pacemaker - OS::TripleO::Services::RabbitMQ - OS::TripleO::Services::SensuClient - OS::TripleO::Services::Snmp - OS::TripleO::Services::Timezone - OS::TripleO::Services::TripleoFirewall - OS::TripleO::Services::TripleoPackages - OS::TripleO::Services::Tuned ############################################################################### # Role: Networker # ############################################################################### - name: Networker description: | Standalone networking role to run Neutron services their own. Includes Pacemaker integration via PacemakerRemote networks: - InternalApi HostnameFormatDefault: '%stackname%-networker-%index%' ServicesDefault: - OS::TripleO::Services::AuditD - OS::TripleO::Services::CACerts - OS::TripleO::Services::Collectd - OS::TripleO::Services::FluentdClient - OS::TripleO::Services::Kernel - OS::TripleO::Services::MySQLClient - OS::TripleO::Services::NeutronApi - OS::TripleO::Services::NeutronBgpVpnApi - OS::TripleO::Services::NeutronCorePlugin - OS::TripleO::Services::NeutronDhcpAgent - OS::TripleO::Services::NeutronL2gwAgent - OS::TripleO::Services::NeutronL2gwApi - OS::TripleO::Services::NeutronL3Agent - OS::TripleO::Services::NeutronLbaasv2Agent - OS::TripleO::Services::NeutronMetadataAgent - OS::TripleO::Services::NeutronML2FujitsuCfab - OS::TripleO::Services::NeutronML2FujitsuFossw - OS::TripleO::Services::NeutronOvsAgent - OS::TripleO::Services::NeutronVppAgent - OS::TripleO::Services::Ntp - OS::TripleO::Services::OpenDaylightOvs - OS::TripleO::Services::PacemakerRemote - OS::TripleO::Services::SensuClient - OS::TripleO::Services::Snmp - OS::TripleO::Services::Timezone - OS::TripleO::Services::TripleoFirewall - OS::TripleO::Services::TripleoPackages - OS::TripleO::Services::Tuned ############################################################################### # Role: Compute # ############################################################################### - name: Compute description: | Basic Compute Node role CountDefault: 1 networks: - InternalApi - Tenant - Storage HostnameFormatDefault: '%stackname%-novacompute-%index%' disable_upgrade_deployment: True ServicesDefault: - OS::TripleO::Services::AuditD - OS::TripleO::Services::CACerts - OS::TripleO::Services::CephClient - OS::TripleO::Services::CephExternal - OS::TripleO::Services::CertmongerUser - OS::TripleO::Services::Collectd - OS::TripleO::Services::ComputeCeilometerAgent - OS::TripleO::Services::ComputeNeutronCorePlugin - OS::TripleO::Services::ComputeNeutronL3Agent - OS::TripleO::Services::ComputeNeutronMetadataAgent - OS::TripleO::Services::ComputeNeutronOvsAgent - OS::TripleO::Services::Docker - OS::TripleO::Services::FluentdClient - OS::TripleO::Services::Iscsid - OS::TripleO::Services::Kernel - OS::TripleO::Services::MySQLClient - OS::TripleO::Services::NeutronLinuxbridgeAgent - OS::TripleO::Services::NeutronSriovAgent - OS::TripleO::Services::NeutronVppAgent - OS::TripleO::Services::NovaCompute - OS::TripleO::Services::NovaLibvirt - OS::TripleO::Services::NovaMigrationTarget - OS::TripleO::Services::Ntp - OS::TripleO::Services::OpenDaylightOvs - OS::TripleO::Services::Securetty - OS::TripleO::Services::SensuClient - OS::TripleO::Services::Snmp - OS::TripleO::Services::Sshd - OS::TripleO::Services::Timezone - OS::TripleO::Services::TripleoFirewall - OS::TripleO::Services::TripleoPackages - OS::TripleO::Services::Tuned - OS::TripleO::Services::Vpp - OS::TripleO::Services::OVNController ############################################################################### # Role: CephStorage # ############################################################################### - name: CephStorage description: | Ceph OSD Storage node role networks: - Storage - StorageMgmt ServicesDefault: - OS::TripleO::Services::AuditD - OS::TripleO::Services::CACerts - OS::TripleO::Services::CephOSD - OS::TripleO::Services::CertmongerUser - OS::TripleO::Services::Collectd - OS::TripleO::Services::Docker - OS::TripleO::Services::FluentdClient - OS::TripleO::Services::Kernel - OS::TripleO::Services::MySQLClient - OS::TripleO::Services::Ntp - OS::TripleO::Services::Securetty - OS::TripleO::Services::SensuClient - OS::TripleO::Services::Snmp - OS::TripleO::Services::Sshd - OS::TripleO::Services::Timezone - OS::TripleO::Services::TripleoFirewall - OS::TripleO::Services::TripleoPackages - OS::TripleO::Services::Tuned Looking for errors I see: WARNING (shell) "heat deployment-show" is deprecated, please use "openstack software deployment show" instead \"2017-08-25 00:49:47,248 ERROR: 20174 -- Failed running docker-puppet.py for rabbitmq\", \"2017-08-25 00:49:47,248 ERROR: 20174 -- /usr/bin/docker-current: Cannot connect to the Docker daemon. Is the docker daemon running on this host?.\", \"2017-08-25 00:49:47,249 ERROR: 20173 -- ERROR configuring rabbitmq\" Trying to see if images were pulled on the OC nodes: (undercloud) [stack@undercloud-0 ~]$ for i in `openstack server list -f value -c Networks|awk -F'=' '{print $NF}'`; do ssh -o StrictHostKeyChecking=no heat-admin@$i "hostname;sudo docker images|wc -l"; done controller-2 19 controller-0 19 controller-1 19 overcloud-messaging-2 Cannot connect to the Docker daemon. Is the docker daemon running on this host? 0 ceph-2 1 overcloud-database-2 Cannot connect to the Docker daemon. Is the docker daemon running on this host? 0 overcloud-networker-0 Cannot connect to the Docker daemon. Is the docker daemon running on this host? 0 ceph-0 1 ceph-1 1 overcloud-messaging-0 Cannot connect to the Docker daemon. Is the docker daemon running on this host? 0 overcloud-database-0 Cannot connect to the Docker daemon. Is the docker daemon running on this host? 0 overcloud-networker-1 Cannot connect to the Docker daemon. Is the docker daemon running on this host? 0 overcloud-messaging-1 Cannot connect to the Docker daemon. Is the docker daemon running on this host? 0 overcloud-database-1 Cannot connect to the Docker daemon. Is the docker daemon running on this host? 0 compute-0 4
I used "openstack overcloud roles generate" to create the roles_data.yaml openstack overcloud roles generate --roles-path openstack-tripleo-heat-templates/roles ControllerOpenstack Database Messaging Networker Compute CephStorage > roles_data.yaml The Composable roles miss the line with OS::TripleO::Services::Docker
The docker service is missing from some of the custom roles. I've just pushed https://review.openstack.org/#/c/497937/ upstream that should fix it.
A similar fix was submitted in https://review.openstack.org/#/c/498842/ which was already merged and backported to stable/pike.
Adding the following to roles is a good habbit: - OS::TripleO::Services::CACerts
Also, the networker roles doesn't have "- External" under networks.
According to BZ https://bugzilla.redhat.com/show_bug.cgi?id=1486037 the clustercheck container needs to be always deployed on the database role. It also needs to be removed from the controller role.
The Networker role also misses this network: - Tenant
Filed a separate BZ https://bugzilla.redhat.com/show_bug.cgi?id=1496231 for comment #10 and comment #8
Verified. Environment: openstack-tripleo-heat-templates-7.0.3-0.20171023134948.el7ost.noarch Verified that: 1) Every role has "OS::TripleO::Services::Docker" 2) database role (only) has: - OS::TripleO::Services::Clustercheck 3) Every role has 'OS::TripleO::Services::CACerts' 4) Networker role has these networks: - InternalApi - Tenant
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHEA-2017:3462