1622182 – [OSP 13] overcloud deployment breaks at ControllerDeployment_Step3 when octavia and tls everywhere are deployed together

Bug 1622182 - [OSP 13] overcloud deployment breaks at ControllerDeployment_Step3 when octavia and tls everywhere are deployed together

Summary: [OSP 13] overcloud deployment breaks at ControllerDeployment_Step3 when octav...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat OpenStack
Classification:	Red Hat
Component:	openstack-tripleo-heat-templates
Sub Component:
Version:	13.0 (Queens)
Hardware:	x86_64
OS:	Linux
Priority:	urgent
Severity:	urgent
Target Milestone:	z4
Target Release:	13.0 (Queens)
Assignee:	Carlos Goncalves
QA Contact:	Alexander Stafeyev
Docs Contact:
URL:
Whiteboard:
Depends On:	1644747 1661781
Blocks:
TreeView+	depends on / blocked

Reported:	2018-08-24 15:56 UTC by Matt Flusche
Modified:	2019-12-31 17:17 UTC (History)
CC List:	15 users (show)
Fixed In Version:	openstack-tripleo-heat-templates-8.0.4-30.el7ost
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2019-03-14 13:54:51 UTC
Target Upstream Version:

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Links
System	ID	Priority	Status	Summary	Last Updated
Launchpad	1782392	None	None	None	2018-08-30 08:47:58 UTC
OpenStack gerrit	583653	'None'	'MERGED'	'Mount my.cnf.d into the db_sync container for Barbican and Octavia.'	2019-12-02 13:13:15 UTC
OpenStack gerrit	586621	'None'	'MERGED'	'Mount my.cnf.d into the db_sync container for Barbican and Octavia.'	2019-12-02 13:13:15 UTC
Red Hat Product Errata	RHBA-2019:0448	None	None	None	2019-03-14 13:55:04 UTC

Description Matt Flusche 2018-08-24 15:56:06 UTC

Description of problem:

This is a similar issue to 1619819 for manila.

Octavia and TLS everywhere deployments fail during the db_sync step (o
ctavia_db_sync).

Output from 


            "Error running ['docker', 'run', '--name', 'octavia_db_sync', '--label', 'config_id=tripleo_step3', '--label', 'container_name=o
ctavia_db_sync', '--label', 'managed_by=paunch', '--label', 'config_data={\"start_order\": 0, \"image\": \"registry.access.redhat.com/rhosp1
3/openstack-octavia-api:latest\", \"command\": \"/usr/bin/bootstrap_host_exec octavia_api su octavia -s /bin/bash -c \\'/usr/bin/octavia-db-
manage upgrade head\\'\", \"user\": \"root\", \"volumes\": [\"/etc/hosts:/etc/hosts:ro\", \"/etc/localtime:/etc/localtime:ro\", \"/etc/pki/c
a-trust/extracted:/etc/pki/ca-trust/extracted:ro\", \"/etc/pki/tls/certs/ca-bundle.crt:/etc/pki/tls/certs/ca-bundle.crt:ro\", \"/etc/pki/tls
/certs/ca-bundle.trust.crt:/etc/pki/tls/certs/ca-bundle.trust.crt:ro\", \"/etc/pki/tls/cert.pem:/etc/pki/tls/cert.pem:ro\", \"/dev/log:/dev/
log\", \"/etc/ipa/ca.crt:/etc/ipa/ca.crt:ro\", \"/etc/ssh/ssh_known_hosts:/etc/ssh/ssh_known_hosts:ro\", \"/etc/puppet:/etc/puppet:ro\", \"/
var/lib/config-data/octavia/etc/octavia/:/etc/octavia/:ro\", \"/var/log/containers/octavia:/var/log/octavia\", \"/var/log/containers/httpd/o
ctavia-api:/var/log/httpd\"], \"net\": \"host\", \"detach\": false, \"privileged\": false}', '--net=host', '--privileged=false', '--user=roo
t', '--volume=/etc/hosts:/etc/hosts:ro', '--volume=/etc/localtime:/etc/localtime:ro', '--volume=/etc/pki/ca-trust/extracted:/etc/pki/ca-trus
t/extracted:ro', '--volume=/etc/pki/tls/certs/ca-bundle.crt:/etc/pki/tls/certs/ca-bundle.crt:ro', '--volume=/etc/pki/tls/certs/ca-bundle.tru
st.crt:/etc/pki/tls/certs/ca-bundle.trust.crt:ro', '--volume=/etc/pki/tls/cert.pem:/etc/pki/tls/cert.pem:ro', '--volume=/dev/log:/dev/log', 
'--volume=/etc/ipa/ca.crt:/etc/ipa/ca.crt:ro', '--volume=/etc/ssh/ssh_known_hosts:/etc/ssh/ssh_known_hosts:ro', '--volume=/etc/puppet:/etc/p
uppet:ro', '--volume=/var/lib/config-data/octavia/etc/octavia/:/etc/octavia/:ro', '--volume=/var/log/containers/octavia:/var/log/octavia', '
--volume=/var/log/containers/httpd/octavia-api:/var/log/httpd', 'registry.access.redhat.com/rhosp13/openstack-octavia-api:latest', '/usr/bin
/bootstrap_host_exec', 'octavia_api', 'su', 'octavia', '-s', '/bin/bash', '-c', \"'/usr/bin/octavia-db-manage\", 'upgrade', \"head'\"]. [1]"
, 

[...]

            "sqlalchemy.exc.OperationalError: (pymysql.err.OperationalError) (1045, u\"Access denied for user 'octavia'@'192.168.200.154' (u
sing password: YES)\") (Background on this error at: http://sqlalche.me/e/e3q8)", 


Version-Release number of selected component (if applicable):
OSP 13 current

How reproducible:
100%

Steps to Reproduce:
1. deploy overcloud with octavia and tls everywhere
2.
3.

Actual results:
failure

Expected results:
successful deployment

Additional info:

Comment 4 Carlos Goncalves 2018-08-30 08:47:59 UTC

Turns out it is already fixed upstream in master and backported to stable/queens for both Octavia and Barbican services.

Comment 6 Carlos Goncalves 2018-08-30 08:50:52 UTC

THT >=8.0.5 will include the fix.

Comment 13 Bruna Bonguardo 2019-02-19 09:28:48 UTC

This bug is also ON_QA, but it depends on bug https://bugzilla.redhat.com/show_bug.cgi?id=1661781

Should we proceed or wait?

Comment 17 errata-xmlrpc 2019-03-14 13:54:51 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2019:0448

Note You need to log in before you can comment on or make changes to this bug.