1690558 – [OSP13][Deployment][TLS] Deployment fails when enabling TLS when with 3 controllers in 3 profiles

Bug 1690558 - [OSP13][Deployment][TLS] Deployment fails when enabling TLS when with 3 controllers in 3 profiles

Summary: [OSP13][Deployment][TLS] Deployment fails when enabling TLS when with 3 contr...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat OpenStack
Classification:	Red Hat
Component:	openstack-tripleo-heat-templates
Sub Component:
Version:	13.0 (Queens)
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Target Release:	---
Assignee:	Emilien Macchi
QA Contact:	Sasha Smolyak
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1722640 1722946
TreeView+	depends on / blocked

Reported:	2019-03-19 16:57 UTC by Priscila
Modified:	2019-07-10 13:05 UTC (History)
CC List:	12 users (show)
Fixed In Version:	openstack-tripleo-heat-templates-8.3.1-52.el7ost
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Clones:	1722640 1722946 (view as bug list)
Environment:
Last Closed:	2019-07-10 13:03:18 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Launchpad	1822327	None	None	None	2019-03-29 13:51:27 UTC
OpenStack gerrit	648692	None	MERGED	[queens-only] Remove primary role constraint to deploy NodeTLSData	2020-02-04 17:45:25 UTC
OpenStack gerrit	666667	None	MERGED	Replace bootstrap_nodeid with SERVICE_short_bootstrap_node_name	2020-02-04 17:45:25 UTC
Red Hat Product Errata	RHBA-2019:1738	None	None	None	2019-07-10 13:05:16 UTC

Description Priscila 2019-03-19 16:57:46 UTC

Description of problem: 
When deploying with controllers split into 3 profiles. haproxy fails to build configuration when trying to enable TLS.

Version-Release number of selected component (if applicable): OSP13


How reproducible: Always 


Steps to Reproduce:
Deploy overcloud with TLS 
~~~
openstack overcloud deploy --templates --stack xxxx -e templates/cli-replacement.yaml -e templates/glance_swift_config.yaml -e templates/network-environment.yaml -e templates/storage-environment.yaml -e /usr/share/openstack-tripleo-heat-templates/environments/network-isolation.yaml -e templates/logging-environment.yaml -e templates/cloudname.yaml -e templates/overcloud_images.yaml -e templates/ldap-environment.yaml -e templates/mount_nfs.yaml -e templates/cinder-backends01.yaml -e templates/cinder-backends02.yaml -e templates/cinder-backends03.yaml -e templates/enable-tls.yaml -r templates/roles_data.yaml --debug
~~~

Actual results:

Error from stack:
    ~~~
    2019-02-2X 19:34:04Z [xxxx.AllNodesDeploySteps]: CREATE_FAILED  Resource CREATE failed: Error: resources.Controller02Deployment_Step1.resources[0]: Deployment to server failed: deploy_status_code: Deployment exited with non-zero status code: 2
     
     Stack xxxx CREATE_FAILED
     
    xxxx.AllNodesDeploySteps.Controller02Deployment_Step1.0:
      resource_type: OS::Heat::StructuredDeployment
      physical_resource_id: xxxxxxxxxxxxxxxxxxxxxxxxxxx
      status: CREATE_FAILED
      status_reason: |
        Error: resources[0]: Deployment to server failed: deploy_status_code : Deployment exited with non-zero status code: 2
      deploy_stdout: |
        ...
                "2019-02-2x 19:34:00,928 INFO: xxxx -- Removing container: docker-puppet-heat_api_cfn",
                "2019-02-2x 19:34:00,960 INFO: xxxx -- Finished processing puppet configs for heat_api_cfn",
                "2019-02-2x 19:34:00,960 ERROR: xxxx -- ERROR configuring haproxy"
            ]
        }
            to retry, use: --limit @/var/lib/heat-config/heat-config-ansible/xxxxxxxxxxxxxxxxxx_playbook.retry
       
        PLAY RECAP *********************************************************************
        localhost                  : ok=24   changed=12   unreachable=0    failed=1  
       
        (truncated, view all with --long)
      deploy_stderr: |
     
    xxx.AllNodesDeploySteps.Controller03Deployment_Step1.0:
      resource_type: OS::Heat::StructuredDeployment
      physical_resource_id: xxxxxxxxxxxxxxxxxxxxx
      status: CREATE_FAILED
      status_reason: |
        Error: resources[0]: Deployment to server failed: deploy_status_code : Deployment exited with non-zero status code: 2
      deploy_stdout: |
        ...
                "2019-02-2X 19:34:00,272 INFO: xxxx -- Removing container: docker-puppet-heat_api_cfn",
                "2019-02-2X 19:34:00,313 INFO: xxxx -- Finished processing puppet configs for heat_api_cfn",
                "2019-02-2X 19:34:00,313 ERROR: xxxxx -- ERROR configuring haproxy"
            ]
        }
            to retry, use: --limit @/var/lib/heat-config/heat-config-ansible/xxxxxxxxxxxxxxxxxxxxxx_playbook.retry
       
        PLAY RECAP *********************************************************************
        localhost                  : ok=24   changed=12   unreachable=0    failed=1  


Expected results: Overcloud deployed with TLS

Comment 31 Artem Hrechanychenko 2019-06-26 19:15:14 UTC

VERIFIED

openstack-tripleo-heat-templates-8.3.1-53.el7ost.noarch

Comment 33 errata-xmlrpc 2019-07-10 13:03:18 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2019:1738

Note You need to log in before you can comment on or make changes to this bug.