Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1622182

Summary: [OSP 13] overcloud deployment breaks at ControllerDeployment_Step3 when octavia and tls everywhere are deployed together
Product: Red Hat OpenStack Reporter: Matt Flusche <mflusche>
Component: openstack-tripleo-heat-templatesAssignee: Carlos Goncalves <cgoncalves>
Status: CLOSED ERRATA QA Contact: Alexander Stafeyev <astafeye>
Severity: urgent Docs Contact:
Priority: urgent    
Version: 13.0 (Queens)CC: amuller, astafeye, bbonguar, bcafarel, beagles, broskos, cgoncalves, dbecker, jagee, jmelvin, mburns, morazi, nkinder, slinaber, tfreger
Target Milestone: z4Keywords: TestOnly, Triaged, ZStream
Target Release: 13.0 (Queens)   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: openstack-tripleo-heat-templates-8.0.4-30.el7ost Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-03-14 13:54:51 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1644747, 1661781    
Bug Blocks:    

Description Matt Flusche 2018-08-24 15:56:06 UTC 
Description of problem:

This is a similar issue to 1619819 for manila.

Octavia and TLS everywhere deployments fail during the db_sync step (o
ctavia_db_sync).

Output from 


            "Error running ['docker', 'run', '--name', 'octavia_db_sync', '--label', 'config_id=tripleo_step3', '--label', 'container_name=o
ctavia_db_sync', '--label', 'managed_by=paunch', '--label', 'config_data={\"start_order\": 0, \"image\": \"registry.access.redhat.com/rhosp1
3/openstack-octavia-api:latest\", \"command\": \"/usr/bin/bootstrap_host_exec octavia_api su octavia -s /bin/bash -c \\'/usr/bin/octavia-db-
manage upgrade head\\'\", \"user\": \"root\", \"volumes\": [\"/etc/hosts:/etc/hosts:ro\", \"/etc/localtime:/etc/localtime:ro\", \"/etc/pki/c
a-trust/extracted:/etc/pki/ca-trust/extracted:ro\", \"/etc/pki/tls/certs/ca-bundle.crt:/etc/pki/tls/certs/ca-bundle.crt:ro\", \"/etc/pki/tls
/certs/ca-bundle.trust.crt:/etc/pki/tls/certs/ca-bundle.trust.crt:ro\", \"/etc/pki/tls/cert.pem:/etc/pki/tls/cert.pem:ro\", \"/dev/log:/dev/
log\", \"/etc/ipa/ca.crt:/etc/ipa/ca.crt:ro\", \"/etc/ssh/ssh_known_hosts:/etc/ssh/ssh_known_hosts:ro\", \"/etc/puppet:/etc/puppet:ro\", \"/
var/lib/config-data/octavia/etc/octavia/:/etc/octavia/:ro\", \"/var/log/containers/octavia:/var/log/octavia\", \"/var/log/containers/httpd/o
ctavia-api:/var/log/httpd\"], \"net\": \"host\", \"detach\": false, \"privileged\": false}', '--net=host', '--privileged=false', '--user=roo
t', '--volume=/etc/hosts:/etc/hosts:ro', '--volume=/etc/localtime:/etc/localtime:ro', '--volume=/etc/pki/ca-trust/extracted:/etc/pki/ca-trus
t/extracted:ro', '--volume=/etc/pki/tls/certs/ca-bundle.crt:/etc/pki/tls/certs/ca-bundle.crt:ro', '--volume=/etc/pki/tls/certs/ca-bundle.tru
st.crt:/etc/pki/tls/certs/ca-bundle.trust.crt:ro', '--volume=/etc/pki/tls/cert.pem:/etc/pki/tls/cert.pem:ro', '--volume=/dev/log:/dev/log', 
'--volume=/etc/ipa/ca.crt:/etc/ipa/ca.crt:ro', '--volume=/etc/ssh/ssh_known_hosts:/etc/ssh/ssh_known_hosts:ro', '--volume=/etc/puppet:/etc/p
uppet:ro', '--volume=/var/lib/config-data/octavia/etc/octavia/:/etc/octavia/:ro', '--volume=/var/log/containers/octavia:/var/log/octavia', '
--volume=/var/log/containers/httpd/octavia-api:/var/log/httpd', 'registry.access.redhat.com/rhosp13/openstack-octavia-api:latest', '/usr/bin
/bootstrap_host_exec', 'octavia_api', 'su', 'octavia', '-s', '/bin/bash', '-c', \"'/usr/bin/octavia-db-manage\", 'upgrade', \"head'\"]. [1]"
, 

[...]

            "sqlalchemy.exc.OperationalError: (pymysql.err.OperationalError) (1045, u\"Access denied for user 'octavia'@'192.168.200.154' (u
sing password: YES)\") (Background on this error at: http://sqlalche.me/e/e3q8)", 


Version-Release number of selected component (if applicable):
OSP 13 current

How reproducible:
100%

Steps to Reproduce:
1. deploy overcloud with octavia and tls everywhere
2.
3.

Actual results:
failure

Expected results:
successful deployment

Additional info:
Comment 4 Carlos Goncalves 2018-08-30 08:47:59 UTC 
Turns out it is already fixed upstream in master and backported to stable/queens for both Octavia and Barbican services.
Comment 6 Carlos Goncalves 2018-08-30 08:50:52 UTC 
THT >=8.0.5 will include the fix.
Comment 13 Bruna Bonguardo 2019-02-19 09:28:48 UTC 
This bug is also ON_QA, but it depends on bug https://bugzilla.redhat.com/show_bug.cgi?id=1661781

Should we proceed or wait?
Comment 17 errata-xmlrpc 2019-03-14 13:54:51 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2019:0448