Created attachment 1478938 [details] Logs and etc from undercloud-0 Description of problem: OSP14 Undercloud with settings for TLS eveywhere deployment was fail [DEFAULT] # Network interface on the Undercloud that will be handling the PXE # boots and DHCP for Overcloud instances. (string value) local_interface = eth0 local_ip = 192.168.24.1/24 undercloud_public_host = 192.168.24.2 undercloud_admin_host = 192.168.24.3 undercloud_ntp_servers=clock.redhat.com container_images_file=/home/stack/containers-prepare-parameter.yaml docker_insecure_registries=docker-registry.engineering.redhat.com undercloud_service_certificate = /etc/pki/instack-certs/undercloud.pem # BEGIN TLS EVERYWHERE SETTINGS --> enable_novajoin = True ipa_otp = 8BmwmwkJvUukwuIGYt0eVjnuE6c9lAz9dDPrzAomDu67 undercloud_hostname = undercloud-0.redhat.local undercloud_nameservers = 10.0.0.2 overcloud_domain_name = redhat.local # END TLS EVERYWHERE SETTINGS --> [ctlplane-subnet] local_subnet = ctlplane-subnet cidr = 192.168.24.0/24 dhcp_start = 192.168.24.5 dhcp_end = 192.168.24.24 gateway = 192.168.24.1 inspection_iprange = 192.168.24.100,192.168.24.120 masquerade = true #TODO(skatlapa): add param to override masq 11:30:05 2018-08-27 11:29:36Z [undercloud.UndercloudServiceChain.ServiceChain]: CREATE_FAILED StackValidationFailed: resources.ServiceChain: Property error: resources[57].properties: Property DockerNovajoinConfigImage not assigned 11:30:05 2018-08-27 11:29:36Z [undercloud.UndercloudServiceChain]: CREATE_FAILED Resource CREATE failed: StackValidationFailed: resources.ServiceChain: Property error: ServiceChain.resources[57].properties: Property DockerNovajoinConfigImage not assigned 11:30:05 2018-08-27 11:29:36Z [undercloud.UndercloudServiceChain]: CREATE_FAILED StackValidationFailed: resources.UndercloudServiceChain.resources.ServiceChain: Property error: ServiceChain.resources[57].properties: Property DockerNovajoinConfigImage not assigned 11:30:05 2018-08-27 11:29:36Z [undercloud]: CREATE_FAILED Resource CREATE failed: StackValidationFailed: resources.UndercloudServiceChain.resources.ServiceChain: Property error: ServiceChain.resources[57].properties: Property DockerNovajoinConfigImage not assigned 11:30:05 2018-08-27 11:29:37Z [undercloud.UndercloudServiceChain.LoggingConfiguration]: CREATE_COMPLETE state changed 11:30:05 11:30:05 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! 11:30:05 11:30:05 An error has occured while deploying the Undercloud. 11:30:05 11:30:05 See the previous output for details about what went wrong. 11:30:05 11:30:05 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! 11:30:05 11:30:05 Command '['sudo', 'openstack', 'tripleo', 'deploy', '--standalone', '--standalone-role', 'Undercloud', '--stack', 'undercloud', '--local-domain=redhat.local', '--local-ip=192.168.24.1/24', '--templates=/usr/share/openstack-tripleo-heat-templates/', '--heat-native', '-e', '/usr/share/openstack-tripleo-heat-templates/environments/docker.yaml', '-e', '/usr/share/openstack-tripleo-heat-templates/environments/undercloud.yaml', '-e', '/home/stack/containers-prepare-parameter.yaml', '-e', '/usr/share/openstack-tripleo-heat-templates/environments/services/masquerade-networks.yaml', '-e', '/usr/share/openstack-tripleo-heat-templates/environments/services/ironic.yaml', '-e', '/usr/share/openstack-tripleo-heat-templates/environments/services/ironic-inspector.yaml', '-e', '/usr/share/openstack-tripleo-heat-templates/environments/services/mistral.yaml', '-e', '/usr/share/openstack-tripleo-heat-templates/environments/services/novajoin.yaml', '-e', '/usr/share/openstack-tripleo-heat-templates/environments/services/zaqar.yaml', '-e', '/usr/share/openstack-tripleo-heat-templates/environments/services/tripleo-ui.yaml', '-e', '/usr/share/openstack-tripleo-heat-templates/environments/services/tempest.yaml', '-e', '/usr/share/openstack-tripleo-heat-templates/environments/services/undercloud-haproxy.yaml', '-e', '/usr/share/openstack-tripleo-heat-templates/environments/services/undercloud-keepalived.yaml', '--public-virtual-ip', '192.168.24.2', '--control-virtual-ip', '192.168.24.3', '-e', '/usr/share/openstack-tripleo-heat-templates/environments/ssl/tls-endpoints-public-ip.yaml', '-e', '/usr/share/openstack-tripleo-heat-templates/environments/use-dns-for-vips.yaml', '-e', '/usr/share/openstack-tripleo-heat-templates/environments/services/undercloud-haproxy.yaml', '-e', '/usr/share/openstack-tripleo-heat-templates/environments/services/undercloud-keepalived.yaml', '--deployment-user', 'stack', '--output-dir=/home/stack', '--cleanup', '-e', '/home/stack/tripleo-config-generated-env-files/undercloud_parameters.yaml', '-e', '/usr/share/openstack-tripleo-heat-templates/environments/tripleo-validations.yaml', '--log-file=install-undercloud.log', '-e', '/usr/share/openstack-tripleo-heat-templates/undercloud-stack-vstate-dropin.yaml']' returned non-zero exit status 1 11:30:05 Command '['sudo', 'openstack', 'tripleo', 'deploy', '--standalone', '--standalone-role', 'Undercloud', '--stack', 'undercloud', '--local-domain=redhat.local', '--local-ip=192.168.24.1/24', '--templates=/usr/share/openstack-tripleo-heat-templates/', '--heat-native', '-e', '/usr/share/openstack-tripleo-heat-templates/environments/docker.yaml', '-e', '/usr/share/openstack-tripleo-heat-templates/environments/undercloud.yaml', '-e', '/home/stack/containers-prepare-parameter.yaml', '-e', '/usr/share/openstack-tripleo-heat-templates/environments/services/masquerade-networks.yaml', '-e', '/usr/share/openstack-tripleo-heat-templates/environments/services/ironic.yaml', '-e', '/usr/share/openstack-tripleo-heat-templates/environments/services/ironic-inspector.yaml', '-e', '/usr/share/openstack-tripleo-heat-templates/environments/services/mistral.yaml', '-e', '/usr/share/openstack-tripleo-heat-templates/environments/services/novajoin.yaml', '-e', '/usr/share/openstack-tripleo-heat-templates/environments/services/zaqar.yaml', '-e', '/usr/share/openstack-tripleo-heat-templates/environments/services/tripleo-ui.yaml', '-e', '/usr/share/openstack-tripleo-heat-templates/environments/services/tempest.yaml', '-e', '/usr/share/openstack-tripleo-heat-templates/environments/services/undercloud-haproxy.yaml', '-e', '/usr/share/openstack-tripleo-heat-templates/environments/services/undercloud-keepalived.yaml', '--public-virtual-ip', '192.168.24.2', '--control-virtual-ip', '192.168.24.3', '-e', '/usr/share/openstack-tripleo-heat-templates/environments/ssl/tls-endpoints-public-ip.yaml', '-e', '/usr/share/openstack-tripleo-heat-templates/environments/use-dns-for-vips.yaml', '-e', '/usr/share/openstack-tripleo-heat-templates/environments/services/undercloud-haproxy.yaml', '-e', '/usr/share/openstack-tripleo-heat-templates/environments/services/undercloud-keepalived.yaml', '--deployment-user', 'stack', '--output-dir=/home/stack', '--cleanup', '-e', '/home/stack/tripleo-config-generated-env-files/undercloud_parameters.yaml', '-e', '/usr/share/openstack-tripleo-heat-templates/environments/tripleo-validations.yaml', '--log-file=install-undercloud.log', '-e', '/usr/share/openstack-tripleo-heat-templates/undercloud-stack-vstate-dropin.yaml']' returned non-zero exit status 1 Version-Release number of selected component (if applicable): 2018-08-23.3 osp14 puddle openstack-tripleo-puppet-elements-9.0.0-0.20180801001359.d9df3a3.el7ost.noarch openstack-tripleo-image-elements-9.0.0-0.20180801003129.39e37fe.el7ost.noarch ansible-role-tripleo-modify-image-1.0.0-0.20180803113326.3b4e2e6.el7ost.noarch openstack-tripleo-validations-9.2.1-0.20180726214014.7627d15.el7ost.noarch openstack-tripleo-common-9.2.1-0.20180803214330.el7ost.noarch python-tripleoclient-10.4.1-0.20180803113705.1e3bb6e.el7ost.noarch openstack-tripleo-common-containers-9.2.1-0.20180803214330.el7ost.noarch python2-tripleo-common-9.2.1-0.20180803214330.el7ost.noarch openstack-tripleo-heat-templates-9.0.0-0.20180804083746.el7ost.noarch python-tripleoclient-heat-installer-10.4.1-0.20180803113705.1e3bb6e.el7ost.noarch ansible-tripleo-ipsec-8.1.1-0.20180405121919.325d233.el7ost.noarch puppet-tripleo-9.2.1-0.20180731173658.dd67adb.el7ost.noarch How reproducible: always Steps to Reproduce: 1. Prepare IPA node and generate token 2. fill necessary setting for undercloud.conf 3. install undercloud Actual results: Expected results: Additional info:
The container image prepare missed adding the enable-internal-tls.yaml file, that should add the relevant parameter to the deployment. TLS everywhere for OSP14 is broken right now for OSP14 (working on it). But not with this error.
(In reply to Juan Antonio Osorio from comment #2) > The container image prepare missed adding the enable-internal-tls.yaml file, > that should add the relevant parameter to the deployment. > > TLS everywhere for OSP14 is broken right now for OSP14 (working on it). But > not with this error. It looks like the 'openstack tripleo container image prepare' doesn't like passing the environment file via -e so how can we pass the enable-internal-tls.yaml environment to the prepare command?: [stack@undercloud-0 ~]$ openstack tripleo container image prepare default --output-env-file /home/stack/containers-prepare-parameter.yaml -e /usr/share/openstack-tripleo-heat-templates/environments/enable-internal-tls.yaml --local-push-destination usage: openstack tripleo container image prepare default [-h] [--output-env-file <file path>] [--local-push-destination] openstack tripleo container image prepare default: error: unrecognized arguments: -e /usr/share/openstack-tripleo-heat-templates/environments/enable-internal-tls.yaml [stack@undercloud-0 ~]$ openstack tripleo container image prepare default --help usage: openstack tripleo container image prepare default [-h] [--output-env-file <file path>] [--local-push-destination] Generate a default ContainerImagePrepare parameter. optional arguments: -h, --help show this help message and exit --output-env-file <file path> File to write environment file containing default ContainerImagePrepare value. --local-push-destination Include a push_destination to trigger upload to a local registry. This command is provided by the python-tripleoclient plugin.
The command which accepts the -e argument is "openstack tripleo container image prepare", not "openstack tripleo container image prepare default" The environment file which includes the novajoin service is environments/services/novajoin.yaml. So the prepare command needs to be the following: openstack tripleo container image prepare \ -e /usr/share/openstack-tripleo-heat-templates/environments/services/novajoin.yaml \ ...
We need to modify the downstream patch to no longer remove novajoin, since it sounds like we're shipping it in OSP-14: 0005-DOWNSTREAM-ONLY-Remove-skydive-novajoin-and-congress.patch
Oh, the novajoin images are not even being built right now. Is enable_novajoin=True really a requirement for TLS everywhere? It seems unrelated
I really is required. novajoin is the service that creates the entries and enrolls the overcloud nodes to the CA (FreeIPA). Without it we can't do TLS everywhere. The required settings are written in the docs http://tripleo.org/install/advanced_deployment/ssl.html#undercloud-setup
So... how do we get this image to be built downstream?
I updated component to openstack-containers as it looks like it's required for existing service.
If we need a new container, it must be explicitly asked in a BZ & it must be acked by LT.
Marked as a blocker because it blocks our regression suite for OSP14
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHEA-2019:0048