Description of problem: This is a similar issue to 1619819 for manila. Octavia and TLS everywhere deployments fail during the db_sync step (o ctavia_db_sync). Output from "Error running ['docker', 'run', '--name', 'octavia_db_sync', '--label', 'config_id=tripleo_step3', '--label', 'container_name=o ctavia_db_sync', '--label', 'managed_by=paunch', '--label', 'config_data={\"start_order\": 0, \"image\": \"registry.access.redhat.com/rhosp1 3/openstack-octavia-api:latest\", \"command\": \"/usr/bin/bootstrap_host_exec octavia_api su octavia -s /bin/bash -c \\'/usr/bin/octavia-db- manage upgrade head\\'\", \"user\": \"root\", \"volumes\": [\"/etc/hosts:/etc/hosts:ro\", \"/etc/localtime:/etc/localtime:ro\", \"/etc/pki/c a-trust/extracted:/etc/pki/ca-trust/extracted:ro\", \"/etc/pki/tls/certs/ca-bundle.crt:/etc/pki/tls/certs/ca-bundle.crt:ro\", \"/etc/pki/tls /certs/ca-bundle.trust.crt:/etc/pki/tls/certs/ca-bundle.trust.crt:ro\", \"/etc/pki/tls/cert.pem:/etc/pki/tls/cert.pem:ro\", \"/dev/log:/dev/ log\", \"/etc/ipa/ca.crt:/etc/ipa/ca.crt:ro\", \"/etc/ssh/ssh_known_hosts:/etc/ssh/ssh_known_hosts:ro\", \"/etc/puppet:/etc/puppet:ro\", \"/ var/lib/config-data/octavia/etc/octavia/:/etc/octavia/:ro\", \"/var/log/containers/octavia:/var/log/octavia\", \"/var/log/containers/httpd/o ctavia-api:/var/log/httpd\"], \"net\": \"host\", \"detach\": false, \"privileged\": false}', '--net=host', '--privileged=false', '--user=roo t', '--volume=/etc/hosts:/etc/hosts:ro', '--volume=/etc/localtime:/etc/localtime:ro', '--volume=/etc/pki/ca-trust/extracted:/etc/pki/ca-trus t/extracted:ro', '--volume=/etc/pki/tls/certs/ca-bundle.crt:/etc/pki/tls/certs/ca-bundle.crt:ro', '--volume=/etc/pki/tls/certs/ca-bundle.tru st.crt:/etc/pki/tls/certs/ca-bundle.trust.crt:ro', '--volume=/etc/pki/tls/cert.pem:/etc/pki/tls/cert.pem:ro', '--volume=/dev/log:/dev/log', '--volume=/etc/ipa/ca.crt:/etc/ipa/ca.crt:ro', '--volume=/etc/ssh/ssh_known_hosts:/etc/ssh/ssh_known_hosts:ro', '--volume=/etc/puppet:/etc/p uppet:ro', '--volume=/var/lib/config-data/octavia/etc/octavia/:/etc/octavia/:ro', '--volume=/var/log/containers/octavia:/var/log/octavia', ' --volume=/var/log/containers/httpd/octavia-api:/var/log/httpd', 'registry.access.redhat.com/rhosp13/openstack-octavia-api:latest', '/usr/bin /bootstrap_host_exec', 'octavia_api', 'su', 'octavia', '-s', '/bin/bash', '-c', \"'/usr/bin/octavia-db-manage\", 'upgrade', \"head'\"]. [1]" , [...] "sqlalchemy.exc.OperationalError: (pymysql.err.OperationalError) (1045, u\"Access denied for user 'octavia'@'192.168.200.154' (u sing password: YES)\") (Background on this error at: http://sqlalche.me/e/e3q8)", Version-Release number of selected component (if applicable): OSP 13 current How reproducible: 100% Steps to Reproduce: 1. deploy overcloud with octavia and tls everywhere 2. 3. Actual results: failure Expected results: successful deployment Additional info:
Turns out it is already fixed upstream in master and backported to stable/queens for both Octavia and Barbican services.
THT >=8.0.5 will include the fix.
This bug is also ON_QA, but it depends on bug https://bugzilla.redhat.com/show_bug.cgi?id=1661781 Should we proceed or wait?
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2019:0448