Bug 1622182 - [OSP 13] overcloud deployment breaks at ControllerDeployment_Step3 when octavia and tls everywhere are deployed together
Summary: [OSP 13] overcloud deployment breaks at ControllerDeployment_Step3 when octav...
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-tripleo-heat-templates
Version: 13.0 (Queens)
Hardware: x86_64
OS: Linux
Target Milestone: z4
: 13.0 (Queens)
Assignee: Carlos Goncalves
QA Contact: Alexander Stafeyev
Depends On: 1644747 1661781
TreeView+ depends on / blocked
Reported: 2018-08-24 15:56 UTC by Matt Flusche
Modified: 2019-12-31 17:17 UTC (History)
15 users (show)

Fixed In Version: openstack-tripleo-heat-templates-8.0.4-30.el7ost
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed: 2019-03-14 13:54:51 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Priority Status Summary Last Updated
Launchpad 1782392 None None None 2018-08-30 08:47:58 UTC
OpenStack gerrit 583653 'None' 'MERGED' 'Mount my.cnf.d into the db_sync container for Barbican and Octavia.' 2019-12-02 13:13:15 UTC
OpenStack gerrit 586621 'None' 'MERGED' 'Mount my.cnf.d into the db_sync container for Barbican and Octavia.' 2019-12-02 13:13:15 UTC
Red Hat Product Errata RHBA-2019:0448 None None None 2019-03-14 13:55:04 UTC

Description Matt Flusche 2018-08-24 15:56:06 UTC
Description of problem:

This is a similar issue to 1619819 for manila.

Octavia and TLS everywhere deployments fail during the db_sync step (o

Output from 

            "Error running ['docker', 'run', '--name', 'octavia_db_sync', '--label', 'config_id=tripleo_step3', '--label', 'container_name=o
ctavia_db_sync', '--label', 'managed_by=paunch', '--label', 'config_data={\"start_order\": 0, \"image\": \"registry.access.redhat.com/rhosp1
3/openstack-octavia-api:latest\", \"command\": \"/usr/bin/bootstrap_host_exec octavia_api su octavia -s /bin/bash -c \\'/usr/bin/octavia-db-
manage upgrade head\\'\", \"user\": \"root\", \"volumes\": [\"/etc/hosts:/etc/hosts:ro\", \"/etc/localtime:/etc/localtime:ro\", \"/etc/pki/c
a-trust/extracted:/etc/pki/ca-trust/extracted:ro\", \"/etc/pki/tls/certs/ca-bundle.crt:/etc/pki/tls/certs/ca-bundle.crt:ro\", \"/etc/pki/tls
/certs/ca-bundle.trust.crt:/etc/pki/tls/certs/ca-bundle.trust.crt:ro\", \"/etc/pki/tls/cert.pem:/etc/pki/tls/cert.pem:ro\", \"/dev/log:/dev/
log\", \"/etc/ipa/ca.crt:/etc/ipa/ca.crt:ro\", \"/etc/ssh/ssh_known_hosts:/etc/ssh/ssh_known_hosts:ro\", \"/etc/puppet:/etc/puppet:ro\", \"/
var/lib/config-data/octavia/etc/octavia/:/etc/octavia/:ro\", \"/var/log/containers/octavia:/var/log/octavia\", \"/var/log/containers/httpd/o
ctavia-api:/var/log/httpd\"], \"net\": \"host\", \"detach\": false, \"privileged\": false}', '--net=host', '--privileged=false', '--user=roo
t', '--volume=/etc/hosts:/etc/hosts:ro', '--volume=/etc/localtime:/etc/localtime:ro', '--volume=/etc/pki/ca-trust/extracted:/etc/pki/ca-trus
t/extracted:ro', '--volume=/etc/pki/tls/certs/ca-bundle.crt:/etc/pki/tls/certs/ca-bundle.crt:ro', '--volume=/etc/pki/tls/certs/ca-bundle.tru
st.crt:/etc/pki/tls/certs/ca-bundle.trust.crt:ro', '--volume=/etc/pki/tls/cert.pem:/etc/pki/tls/cert.pem:ro', '--volume=/dev/log:/dev/log', 
'--volume=/etc/ipa/ca.crt:/etc/ipa/ca.crt:ro', '--volume=/etc/ssh/ssh_known_hosts:/etc/ssh/ssh_known_hosts:ro', '--volume=/etc/puppet:/etc/p
uppet:ro', '--volume=/var/lib/config-data/octavia/etc/octavia/:/etc/octavia/:ro', '--volume=/var/log/containers/octavia:/var/log/octavia', '
--volume=/var/log/containers/httpd/octavia-api:/var/log/httpd', 'registry.access.redhat.com/rhosp13/openstack-octavia-api:latest', '/usr/bin
/bootstrap_host_exec', 'octavia_api', 'su', 'octavia', '-s', '/bin/bash', '-c', \"'/usr/bin/octavia-db-manage\", 'upgrade', \"head'\"]. [1]"


            "sqlalchemy.exc.OperationalError: (pymysql.err.OperationalError) (1045, u\"Access denied for user 'octavia'@'' (u
sing password: YES)\") (Background on this error at: http://sqlalche.me/e/e3q8)", 

Version-Release number of selected component (if applicable):
OSP 13 current

How reproducible:

Steps to Reproduce:
1. deploy overcloud with octavia and tls everywhere

Actual results:

Expected results:
successful deployment

Additional info:

Comment 4 Carlos Goncalves 2018-08-30 08:47:59 UTC
Turns out it is already fixed upstream in master and backported to stable/queens for both Octavia and Barbican services.

Comment 6 Carlos Goncalves 2018-08-30 08:50:52 UTC
THT >=8.0.5 will include the fix.

Comment 13 Bruna Bonguardo 2019-02-19 09:28:48 UTC
This bug is also ON_QA, but it depends on bug https://bugzilla.redhat.com/show_bug.cgi?id=1661781

Should we proceed or wait?

Comment 17 errata-xmlrpc 2019-03-14 13:54:51 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.