Description of problem:
From time to time it seems that we experience contention on novajoin, which makes cloud-init fail to retrieve metadata when doing:
curl -s http://169.254.169.254/openstack/2016-10-06/vendor_data2.json
To workaround the chances of contention we currently have a random sleep before that call so lower the odds that many nodes call novajoin at the same time.
This random sleep reduces the failure rate at deploy time but we can still experience it fairly often.
The end result often is that overcloud nodes end up without cert and overcloud deployment fails, the probability raises with number of nodes
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Deploy overcloud of Openstack with TLS everywhere.
Overcloud deployment fails since some certs are missing on some overcloud nodes
Proposed https://review.openstack.org/#/c/564137/3 to overcome the failures.
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.