Description of problem: Overcloud deploy fails to connect to locahost (undercloud) Version-Release number of selected component (if applicable): RHEL8 RHOS_TRUNK-15.0-RHEL-8-20190320.n.1 ansible-role-tripleo-modify-image.noarch 1.0.1-0.20190226075404.9014df9.el8ost @rhelosp-15.0-trunk ansible-tripleo-ipsec.noarch 9.0.1-0.20190220162047.f60ad6c.el8ost @rhelosp-15.0-trunk openstack-tripleo-common.noarch 10.6.1-0.20190320113112.01b56d0.el8ost @rhelosp-15.0-trunk openstack-tripleo-common-containers.noarch 10.6.1-0.20190320113112.01b56d0.el8ost @rhelosp-15.0-trunk openstack-tripleo-heat-templates.noarch 10.3.1-0.20190318140159.cbe8724.el8ost @rhelosp-15.0-trunk openstack-tripleo-image-elements.noarch 10.3.1-0.20190319120806.1bde610.el8ost @rhelosp-15.0-trunk openstack-tripleo-puppet-elements.noarch 10.2.1-0.20190319120806.7903181.el8ost @rhelosp-15.0-trunk openstack-tripleo-validations.noarch 10.2.1-0.20190218150113.e6490b3.el8ost @rhelosp-15.0-trunk puppet-tripleo.noarch 10.3.1-0.20190320122508.c9d107c.el8ost @rhelosp-15.0-trunk python3-tripleo-common.noarch 10.6.1-0.20190320113112.01b56d0.el8ost @rhelosp-15.0-trunk python3-tripleoclient.noarch 11.3.1-0.20190319125100.23e610c.el8ost @rhelosp-15.0-trunk python3-tripleoclient-heat-installer.noarch 11.3.1-0.20190319125100.23e610c.el8ost @rhelosp-15.0-trunk How reproducible: Deploy openstack with attached script: Steps to Reproduce: 1. 2. 3. Actual results: Using /var/lib/mistral/overcloud/ansible.cfg as config file /var/lib/mistral/overcloud/tripleo-ansible-inventory.yaml did not meet host_list requirements, check plugin documentation if this is unexpected /var/lib/mistral/overcloud/tripleo-ansible-inventory.yaml did not meet script requirements, check plugin documentation if this is unexpected PLAY [Gather facts from undercloud] ******************************************** TASK [Gathering Facts] ********************************************************* Monday 25 March 2019 15:14:50 +0000 (0:00:00.038) 0:00:00.039 ********** fatal: [undercloud]: UNREACHABLE! => {"changed": false, "msg": "SSH Error: data could not be sent to remote host \"localhost\". Make sure this host can be reached over ssh", "unreachable": true} PLAY RECAP ********************************************************************* undercloud : ok=0 changed=0 unreachable=1 failed=0 Expected results: Overcloud deploys successfully Additional info: Reviewed ansible config: -> a) only overcloud nodes had id created and public key laid down, undercloud-0 (localhost) has an account for tripleo-admin but DOES NOT have ~/tripleo-admin/.ssh/authorized_keys with appropriate public key entry.
Created attachment 1547761 [details] shell script to deploy openstack nodes in virt env.
Mar 25 15:14:51 undercloud-0 setroubleshoot[189769]: SELinux is preventing /usr/sbin/sshd from read access on the file authorized_keys. For complete SELinux messages run: sealert -l 6136b2de-f3d8-429a-80d2-1f5d7dc83a35 Mar 25 15:14:51 undercloud-0 platform-python[189769]: SELinux is preventing /usr/sbin/sshd from read access on the file authorized_keys.#012#012***** Plugin catchall (100. confidence) suggests **************************#012#012If you believe that sshd should be allowed read access on the authorized_keys file by default.#012Then you should report this as a bug.#012You can generate a local policy module to allow this access.#012Do#012allow this access for now by executing:#012# ausearch -c 'sshd' --raw | audit2allow -M my-sshd#012# semodule -X 300 -i my-sshd.pp#012 Mar 25 15:14:51 undercloud-0 setroubleshoot[189769]: SELinux is preventing /usr/sbin/sshd from read access on the file authorized_keys. For complete SELinux messages run: sealert -l 6136b2de-f3d8-429a-80d2-1f5d7dc83a35 Mar 25 15:14:51 undercloud-0 platform-python[189769]: SELinux is preventing /usr/sbin/sshd from read access on the file authorized_keys.#012#012***** Plugin catchall (100. confidence) suggests **************************#012#012If you believe that sshd should be allowed read access on the authorized_keys file by default.#012Then you should report this as a bug.#012You can generate a local policy module to allow this access.#012Do#012allow this access for now by executing:#012# ausearch -c 'sshd' --raw | audit2allow -M my-sshd#012# semodule -X 300 -i my-sshd.pp#012 Mar 25 15:14:52 undercloud-0 setroubleshoot[189769]: SELinux is preventing /usr/sbin/sshd from read access on the file authorized_keys. For complete SELinux messages run: sealert -l 6136b2de-f3d8-429a-80d2-1f5d7dc83a35 Mar 25 15:14:52 undercloud-0 platform-python[189769]: SELinux is preventing /usr/sbin/sshd from read access on the file authorized_keys.#012#012***** Plugin catchall (100. confidence) suggests **************************#012#012If you believe that sshd should be allowed read access on the authorized_keys file by default.#012Then you should report this as a bug.#012You can generate a local policy module to allow this access.#012Do#012allow this access for now by executing:#012# ausearch -c 'sshd' --raw | audit2allow -M my-sshd#012# semodule -X 300 -i my-sshd.pp#012 This appears to be a selinux issue
I've hit this while trying to deploy Openshift as well - https://bugzilla.redhat.com/show_bug.cgi?id=1691565#c2 There's an ongoing patch that should address this issue.
Marius: Thanks, I patched deployment from the https://review.openstack.org/#/c/638323/ and this appears to solve this issue - I note that tripleo-common/tests/test-inventory.py does not exist in my deployment.
I can confirm that I no longer hit this issue after https://review.openstack.org/#/c/638323/ was merged.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHEA-2019:2811