Bug 1556992 - FFU: post upgrading an environment; the hieradata is not refreshed on stack updates
Summary: FFU: post upgrading an environment; the hieradata is not refreshed on stack u...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-tripleo-heat-templates
Version: 13.0 (Queens)
Hardware: Unspecified
OS: Unspecified
urgent
urgent
Target Milestone: beta
: 13.0 (Queens)
Assignee: Marios Andreou
QA Contact: Marius Cornea
URL:
Whiteboard:
Depends On:
Blocks: 1485413 1488566
TreeView+ depends on / blocked
 
Reported: 2018-03-15 17:30 UTC by Marius Cornea
Modified: 2018-06-27 13:47 UTC (History)
9 users (show)

Fixed In Version: openstack-tripleo-common-8.6.1-3.el7ost openstack-tripleo-heat-templates-8.0.2-3.el7ost
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-06-27 13:46:53 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Launchpad 1758065 None None None 2018-04-06 13:24:33 UTC
OpenStack gerrit 556491 None master: MERGED tripleo-common: Add custom subclass to revert mapping (I6bd4107e8e1a6a9abc38d2dca7a91a6823f8b6c2) 2018-04-24 16:05:17 UTC
OpenStack gerrit 559061 None master: MERGED tripleo-heat-templates: Update environment files for Q upgrade and ffwd upgrade (Icfe494e3219d6d6cd3251f75bb4329fc4d793c... 2018-04-24 16:05:12 UTC
OpenStack gerrit 561208 None stable/queens: MERGED tripleo-heat-templates: Update environment files for Q upgrade and ffwd upgrade (Icfe494e3219d6d6cd3251f75bb4329fc4d793c... 2018-04-24 16:05:07 UTC
OpenStack gerrit 562307 None stable/queens: MERGED tripleo-common: Add custom subclass to revert mapping (I6bd4107e8e1a6a9abc38d2dca7a91a6823f8b6c2) 2018-04-24 16:05:02 UTC
Red Hat Product Errata RHEA-2018:2086 None None None 2018-06-27 13:47:44 UTC

Description Marius Cornea 2018-03-15 17:30:09 UTC
Description of problem:
FFU: post upgrading an environment with ceph osd nodes the controller nodes are missing ceph-mgr required firewall rules

After upgrade checking the ceph services related iptables rules on controller nodes:

[root@controller-0 heat-admin]# iptables -nL | grep ceph
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            multiport dports 6789 /* 110 ceph_mon */ state NEW

[root@controller-0 heat-admin]# docker ps | grep ceph
ae2d122f614c        registry.access.redhat.com/rhceph/rhceph-3-rhel7:latest                                                "/entrypoint.sh"         19 hours ago        Up 19 hours                                   ceph-mgr-controller-0
55aad6e09f2a        registry.access.redhat.com/rhceph/rhceph-3-rhel7:latest                                                "/entrypoint.sh"         19 hours ago        Up 19 hours                                   ceph-mon-controller-0

Expected results:
There should be an additional iptables rule installed for the ceph-mgr service allowing access to ports tcp 6800:7300 per https://github.com/openstack/tripleo-heat-templates/blob/master/docker/services/ceph-ansible/ceph-mgr.yaml#L59-L62

Comment 2 Giulio Fidente 2018-03-15 17:32:38 UTC
Looks like none of the Ceph services appear in Heat's list of enabled_services.

Comment 3 Giulio Fidente 2018-03-15 17:51:21 UTC
By inspecting the Heat stack, I can see CephMgr as one of the deployed stacks and resource-show shows [1] it's correctly mapped to docker/services/ceph-ansible/ceph-mgr.yaml

This might be an issue with the templates not refreshing [2] on upgrade.

Note that for FFU we explicitly disable Ceph services for the initial stack update [3], then we enable it back as one of the last upgrade steps.

1. http://ix.io/Xtq
2. https://github.com/openstack/tripleo-heat-templates/blob/master/overcloud.j2.yaml#L450-L460
3. https://github.com/openstack/tripleo-heat-templates/blob/master/environments/fast-forward-upgrade.yaml

Comment 16 errata-xmlrpc 2018-06-27 13:46:53 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2018:2086


Note You need to log in before you can comment on or make changes to this bug.