Bug 1808466 - HAProxy error during overcloud deploy '/etc/pki/CA/crl/overcloud-crl.pem' [NEEDINFO]
Summary: HAProxy error during overcloud deploy '/etc/pki/CA/crl/overcloud-crl.pem'
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: puppet-haproxy
Version: 16.0 (Train)
Hardware: x86_64
OS: Linux
medium
high
Target Milestone: ---
: ---
Assignee: RHOS Maint
QA Contact: nlevinki
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2020-02-28 15:16 UTC by v.vinci
Modified: 2020-03-03 19:56 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2020-03-03 19:56:00 UTC
Target Upstream Version:
lmiccini: needinfo? (v.vinci)


Attachments (Terms of Use)

Description v.vinci 2020-02-28 15:16:01 UTC
Hi All,

I've a problem during the deploy of my Train version of overcloud, below the command to deploy it:

    openstack overcloud deploy --stack cloud0 --templates \
    -p /usr/share/openstack-tripleo-heat-templates/plan-samples/plan-environment-derived-params.yaml \
    -r /home/stack/templates/roles_data.yaml \
    -e /home/stack/templates/layout.yaml \
    -e /usr/share/openstack-tripleo-heat-templates/environments/ceph-ansible/ceph-ansible.yaml \
    -e /home/stack/templates/storage-config.yaml \
    -e /home/stack/templates/network.yaml \
    -e /home/stack/templates/ssh_banner.yaml \
    -e /usr/share/openstack-tripleo-heat-templates/environments/auditd.yaml \
    -e /usr/share/openstack-tripleo-heat-templates/environments/ssl/enable-internal-tls.yaml \
    -e /usr/share/openstack-tripleo-heat-templates/environments/ssl/tls-everywhere-endpoints-dns.yaml \
    -e /usr/share/openstack-tripleo-heat-templates/environments/services/haproxy-public-tls-certmonger.yaml \
    --log-file overcloud_deployment.log --verbose

I've correctly installed a freeIPA istance and the undercloud with novajoin, under the deployment the undercloud create succesfully all the instance on FreeIPA;
no error during STACK creation but during the deploy I got an error.
The only error found in the log files is on the Controller nodes regarding HAProxy:

in /var/log/containers/stdouts/container-puppet-haproxy.log:

    2020-02-25T23:05:37.989259433+01:00 stderr F puppet-user: [ALERT] 055/230537 (52) : Proxy 'nova_novncproxy', server 'cloud0-controller-1.internalapi.localdomail.local' [/etc/haproxy/haproxy.cfg20200225-16-1vk3ret:184] unable to configure CRL file '/etc/pki/CA/crl/overcloud-crl.pem'.
    2020-02-25T23:05:37.989259433+01:00 stderr F puppet-user: [ALERT] 055/230537 (52) : Proxy 'nova_novncproxy', server 'cloud0-controller-0.internalapi.localdomail.local' [/etc/haproxy/haproxy.cfg20200225-16-1vk3ret:185] unable to configure CRL file '/etc/pki/CA/crl/overcloud-crl.pem'.
    2020-02-25T23:05:37.989278089+01:00 stderr F puppet-user: [ALERT] 055/230537 (52) : Proxy 'nova_novncproxy', server 'cloud0-controller-2.internalapi.localdomail.local' [/etc/haproxy/haproxy.cfg20200225-16-1vk3ret:186] unable to configure CRL file '/etc/pki/CA/crl/overcloud-crl.pem'.
    2020-02-25T23:05:37.989278089+01:00 stderr F puppet-user: [ALERT] 055/230537 (52) : Proxy 'nova_osapi', server 'cloud0-controller-1.internalapi.localdomail.local' [/etc/haproxy/haproxy.cfg20200225-16-1vk3ret:199] unable to configure CRL file '/etc/pki/CA/crl/overcloud-crl.pem'.
    2020-02-25T23:05:37.989304724+01:00 stderr F puppet-user: [ALERT] 055/230537 (52) : Proxy 'nova_osapi', server 'cloud0-controller-0.internalapi.localdomail.local' [/etc/haproxy/haproxy.cfg20200225-16-1vk3ret:200] unable to configure CRL file '/etc/pki/CA/crl/overcloud-crl.pem'.
    2020-02-25T23:05:37.989304724+01:00 stderr F puppet-user: [ALERT] 055/230537 (52) : Proxy 'nova_osapi', server 'cloud0-controller-2.internalapi.localdomail.local' [/etc/haproxy/haproxy.cfg20200225-16-1vk3ret:201] unable to configure CRL file '/etc/pki/CA/crl/overcloud-crl.pem'.
    2020-02-25T23:05:37.989304724+01:00 stderr F puppet-user: [ALERT] 055/230537 (52) : Proxy 'placement', server 'cloud0-controller-1.internalapi.localdomail.local' [/etc/haproxy/haproxy.cfg20200225-16-1vk3ret:242] unable to configure CRL file '/etc/pki/CA/crl/overcloud-crl.pem'.
    2020-02-25T23:05:37.989321500+01:00 stderr F puppet-user: [ALERT] 055/230537 (52) : Proxy 'placement', server 'cloud0-controller-0.internalapi.localdomail.local' [/etc/haproxy/haproxy.cfg20200225-16-1vk3ret:243] unable to configure CRL file '/etc/pki/CA/crl/overcloud-crl.pem'.
    2020-02-25T23:05:37.989321500+01:00 stderr F puppet-user: [ALERT] 055/230537 (52) : Proxy 'placement', server 'cloud0-controller-2.internalapi.localdomail.local' [/etc/haproxy/haproxy.cfg20200225-16-1vk3ret:244] unable to configure CRL file '/etc/pki/CA/crl/overcloud-crl.pem'.
    2020-02-25T23:05:37.989337237+01:00 stderr F puppet-user: [ALERT] 055/230537 (52) : Proxy 'swift_proxy_server', server 'cloud0-controller-1.storage.localdomail.local' [/etc/haproxy/haproxy.cfg20200225-16-1vk3ret:258] unable to configure CRL file '/etc/pki/CA/crl/overcloud-crl.pem'.
    2020-02-25T23:05:37.989337237+01:00 stderr F puppet-user: [ALERT] 055/230537 (52) : Proxy 'swift_proxy_server', server 'cloud0-controller-0.storage.localdomail.local' [/etc/haproxy/haproxy.cfg20200225-16-1vk3ret:259] unable to configure CRL file '/etc/pki/CA/crl/overcloud-crl.pem'.
    2020-02-25T23:05:37.989352095+01:00 stderr F puppet-user: [ALERT] 055/230537 (52) : Proxy 'swift_proxy_server', server 'cloud0-controller-2.storage.localdomail.local' [/etc/haproxy/haproxy.cfg20200225-16-1vk3ret:260] unable to configure CRL file '/etc/pki/CA/crl/overcloud-crl.pem'.
    2020-02-25T23:05:37.989373909+01:00 stderr F puppet-user: [ALERT] 055/230537 (52) : Fatal errors found in configuration.
    2020-02-25T23:05:38.052887128+01:00 stderr F puppet-user: Notice: /Stage[main]/Haproxy/Haproxy::Instance[haproxy]/Haproxy::Config[haproxy]/Concat[/etc/haproxy/haproxy.cfg]/File[/etc/haproxy/haproxy.cfg]/mode: mode changed '0644' to '0640'
    2020-02-25T23:05:38.130561607+01:00 stderr F puppet-user: Notice: Applied catalog in 0.83 seconds
    2020-02-25T23:05:38.131975012+01:00 stderr F puppet-user: Changes:
    2020-02-25T23:05:38.131975012+01:00 stderr F puppet-user:             Total: 1
    2020-02-25T23:05:38.131975012+01:00 stderr F puppet-user: Events:
    2020-02-25T23:05:38.131975012+01:00 stderr F puppet-user:           Failure: 1
    2020-02-25T23:05:38.131975012+01:00 stderr F puppet-user:           Success: 1
    2020-02-25T23:05:38.131975012+01:00 stderr F puppet-user:             Total: 2
    2020-02-25T23:05:38.132018487+01:00 stderr F puppet-user: Resources:
    2020-02-25T23:05:38.132018487+01:00 stderr F puppet-user:            Failed: 1
    2020-02-25T23:05:38.132018487+01:00 stderr F puppet-user:           Changed: 1
    2020-02-25T23:05:38.132018487+01:00 stderr F puppet-user:       Out of sync: 1
    2020-02-25T23:05:38.132018487+01:00 stderr F puppet-user:           Skipped: 11
    2020-02-25T23:05:38.132018487+01:00 stderr F puppet-user:             Total: 51
    2020-02-25T23:05:38.132040211+01:00 stderr F puppet-user: Time:
    2020-02-25T23:05:38.132040211+01:00 stderr F puppet-user:       Concat file: 0.00
    2020-02-25T23:05:38.132040211+01:00 stderr F puppet-user:    Concat fragment: 0.00
    2020-02-25T23:05:38.132061295+01:00 stderr F puppet-user:              File: 0.53
    2020-02-25T23:05:38.132061295+01:00 stderr F puppet-user:    Transaction evaluation: 0.79
    2020-02-25T23:05:38.132061295+01:00 stderr F puppet-user:    Catalog application: 0.83
    2020-02-25T23:05:38.132081049+01:00 stderr F puppet-user:    Config retrieval: 1.91
    2020-02-25T23:05:38.132081049+01:00 stderr F puppet-user:          Last run: 1582668338
    2020-02-25T23:05:38.132095490+01:00 stderr F puppet-user:             Total: 0.83
    2020-02-25T23:05:38.132095490+01:00 stderr F puppet-user: Version:
    2020-02-25T23:05:38.132109516+01:00 stderr F puppet-user:            Config: 1582668335
    2020-02-25T23:05:38.132109516+01:00 stderr F puppet-user:            Puppet: 5.5.10
    2020-02-25T23:05:38.536120224+01:00 stderr F + rc=6
    2020-02-25T23:05:38.536120224+01:00 stderr F + '[' False = false ']'
    2020-02-25T23:05:38.536193415+01:00 stderr F + set -e
    2020-02-25T23:05:38.536193415+01:00 stderr F + '[' 6 -ne 2 -a 6 -ne 0 ']'
    2020-02-25T23:05:38.536215734+01:00 stderr F + exit 6
	
and consequently on computeHCI nodes:

    fatal: [cloud0-computehci-2]: FAILED! => {
        "failed_when_result": true,
        "outputs.stdout_lines | default([]) | union(outputs.stderr_lines | default([]))": [
            "e627266dbee19b15113fd353f66cb2b92ec14ff57f1f4ca2665cefd1a18f2399",
            "",
            "WARNING:keystoneauth.identity.generic.base:Failed to discover available identity versions when contacting https://cloud0.internalapi.localdomain.local:5000/v3. Attempting to parse version from URL.",
            "ERROR:nova_wait_for_compute_service:Error while waiting for nova-compute service to register",
            "Traceback (most recent call last):",
            "  File \"/container-config-scripts/nova_wait_for_compute_service.py\", line 103, in <module>",
            "    service_list = nova.services.list(binary='nova-compute')",
            "  File \"/usr/lib/python2.7/site-packages/novaclient/v2/services.py\", line 52, in list",
            "    return self._list(url, \"services\")",
            "  File \"/usr/lib/python2.7/site-packages/novaclient/base.py\", line 254, in _list",
            "    resp, body = self.api.client.get(url)",
            "  File \"/usr/lib/python2.7/site-packages/keystoneauth1/adapter.py\", line 386, in get",
            "    return self.request(url, 'GET', **kwargs)",
            "  File \"/usr/lib/python2.7/site-packages/novaclient/client.py\", line 72, in request",
            "    **kwargs)",
            "  File \"/usr/lib/python2.7/site-packages/keystoneauth1/adapter.py\", line 545, in request",
            "    resp = super(LegacyJsonAdapter, self).request(*args, **kwargs)",
            "  File \"/usr/lib/python2.7/site-packages/keystoneauth1/adapter.py\", line 248, in request",
            "    return self.session.request(url, method, **kwargs)",
            "  File \"/usr/lib/python2.7/site-packages/keystoneauth1/session.py\", line 747, in request",
            "    auth_headers = self.get_auth_headers(auth)",
            "  File \"/usr/lib/python2.7/site-packages/keystoneauth1/session.py\", line 1158, in get_auth_headers",
            "    return auth.get_headers(self, **kwargs)",
            "  File \"/usr/lib/python2.7/site-packages/keystoneauth1/plugin.py\", line 95, in get_headers",
            "    token = self.get_token(session)",
            "  File \"/usr/lib/python2.7/site-packages/keystoneauth1/identity/base.py\", line 88, in get_token",
            "    return self.get_access(session).auth_token",
            "  File \"/usr/lib/python2.7/site-packages/keystoneauth1/identity/base.py\", line 134, in get_access",
            "    self.auth_ref = self.get_auth_ref(session)",
            "  File \"/usr/lib/python2.7/site-packages/keystoneauth1/identity/generic/base.py\", line 208, in get_auth_ref",
            "    return self._plugin.get_auth_ref(session, **kwargs)",
            "  File \"/usr/lib/python2.7/site-packages/keystoneauth1/identity/v3/base.py\", line 184, in get_auth_ref",
            "    authenticated=False, log=False, **rkwargs)",
            "  File \"/usr/lib/python2.7/site-packages/keystoneauth1/session.py\", line 1106, in post",
            "    return self.request(url, 'POST', **kwargs)",
            "  File \"/usr/lib/python2.7/site-packages/keystoneauth1/session.py\", line 888, in request",
            "    resp = send(**kwargs)",
            "  File \"/usr/lib/python2.7/site-packages/keystoneauth1/session.py\", line 995, in _send_request",
            "    raise exceptions.ConnectFailure(msg)",
            "ConnectFailure: Unable to establish connection to https://cloud0.internalapi.localdomain.local:5000/v3/auth/tokens: HTTPSConnectionPool(host='cloud0.internalapi.localdomain.local', port=5000): Max retries exceeded with url: /v3/auth/tokens (Caused by NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x7efc39522e10>: Failed to establish a new connection: [Errno 113] No route to host',))",
            "ConnectFailure: Unable to establish connection to https://cloud0.internalapi.localdomain.local:5000/v3/auth/tokens: HTTPSConnectionPool(host='cloud0.internalapi.localdomain.local', port=5000): Max retries exceeded with url: /v3/auth/tokens (Caused by NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x7efc394fcf50>: Failed to establish a new connection: [Errno 113] No route to host',))",
            "ConnectFailure: Unable to establish connection to https://cloud0.internalapi.localdomain.local:5000/v3/auth/tokens: HTTPSConnectionPool(host='cloud0.internalapi.localdomain.local', port=5000): Max retries exceeded with url: /v3/auth/tokens (Caused by NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x7efc394fcdd0>: Failed to establish a new connection: [Errno 113] No route to host',))",
            "ConnectFailure: Unable to establish connection to https://cloud0.internalapi.localdomain.local:5000/v3/auth/tokens: HTTPSConnectionPool(host='cloud0.internalapi.localdomain.local', port=5000): Max retries exceeded with url: /v3/auth/tokens (Caused by NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x7efc394fce10>: Failed to establish a new connection: [Errno 113] No route to host',))",
            "WARNING: The same type, major and minor should not be used for multiple devices.",
            "+ command -v python3",
            "+ command -v python2",
            "+ python2 /container-config-scripts/nova_wait_for_compute_service.py"
        ]
    }

Obiviously the DNS cloud0.internalapi.localdomain.local it's resolvable with a suitable IP and the certficate /etc/pki/CA/crl/overcloud-crl.pem it's consistent and not empty.


I've run an sosreport on the controllers and the only warnings found are these below:

Feb 28 06:20:51 cloud0-controller-2 puppet-user: Warning: ModuleLoader: module 'concat' has unresolved dependencies - it will only see those that are resolved. Use 'puppet module list --tree' to see information about modules\n   (file & line not available)
Feb 28 06:20:51 cloud0-controller-2 podman: 2020-02-28 06:20:45.435860894 +0100 CET m=+9.112123280 container init ddef307da9b3a8a36de573047dddb58f8d7cd8d3d2dccb351d0a602ad2fb3848 (image=docker.io/tripleotrain/centos-binary-iscsid:current-tripleo, name=container-puppet-iscsid)
Feb 28 06:20:51 cloud0-controller-2 puppet-user: Warning: /etc/puppet/hiera.yaml: Use of 'hiera.yaml' version 3 is deprecated. It should be converted to version 5
Feb 28 06:20:51 cloud0-controller-2 podman: 2020-02-28 06:20:49.574551636 +0100 CET m=+13.250814018 container start ddef307da9b3a8a36de573047dddb58f8d7cd8d3d2dccb351d0a602ad2fb3848 (image=docker.io/tripleotrain/centos-binary-iscsid:current-tripleo, name=container-puppet-iscsid)
Feb 28 06:20:51 cloud0-controller-2 puppet-user:   (file: /etc/puppet/hiera.yaml)
Feb 28 06:20:51 cloud0-controller-2 podman: 2020-02-28 06:20:49.574667344 +0100 CET m=+13.250929752 container attach ddef307da9b3a8a36de573047dddb58f8d7cd8d3d2dccb351d0a602ad2fb3848 (image=docker.io/tripleotrain/centos-binary-iscsid:current-tripleo, name=container-puppet-iscsid)
Feb 28 06:20:51 cloud0-controller-2 puppet-user: Warning: Undefined variable '::deploy_config_name'; \n   (file & line not available)
Feb 28 06:20:51 cloud0-controller-2 puppet-user: Warning: ModuleLoader: module 'tripleo' has unresolved dependencies - it will only see those that are resolved. Use 'puppet module list --tree' to see information about modules\n   (file & line not available)
Feb 28 06:20:51 cloud0-controller-2 puppet-user: Warning: ModuleLoader: module 'openstacklib' has unresolved dependencies - it will only see those that are resolved. Use 'puppet module list --tree' to see information about modules\n   (file & line not available)
Feb 28 06:20:51 cloud0-controller-2 puppet-user: Warning: ModuleLoader: module 'swift' has unresolved dependencies - it will only see those that are resolved. Use 'puppet module list --tree' to see information about modules\n   (file & line not available)
Feb 28 06:20:51 cloud0-controller-2 puppet-user: Warning: The function 'hiera' is deprecated in favor of using 'lookup'. See https://puppet.com/docs/puppet/5.5/deprecated_language.html\n   (file & line not available)
Feb 28 06:20:51 cloud0-controller-2 puppet-user: Warning: ModuleLoader: module 'heat' has unresolved dependencies - it will only see those that are resolved. Use 'puppet module list --tree' to see information about modules\n   (file & line not available)
Feb 28 06:20:51 cloud0-controller-2 puppet-user: Warning: This method is deprecated, please use match expressions with Stdlib::Compat::Ipv6 instead. They are described at https://docs.puppet.com/puppet/latest/reference/lang_data_type.html#match-expressions. at ["/etc/puppet/modules/tripleo/manifests/profile/base/nova.pp", 111]:["/etc/puppet/modules/tripleo/manifests/profile/base/nova/metadata.pp", 62]
Feb 28 06:20:51 cloud0-controller-2 puppet-user:   (location: /etc/puppet/modules/stdlib/lib/puppet/functions/deprecation.rb:34:in `deprecation')
Feb 28 06:20:51 cloud0-controller-2 puppet-user: Warning: ModuleLoader: module 'openstacklib' has unresolved dependencies - it will only see those that are resolved. Use 'puppet module list --tree' to see information about modules\n   (file & line not available)
Feb 28 06:20:51 cloud0-controller-2 puppet-user: Warning: ModuleLoader: module 'nova' has unresolved dependencies - it will only see those that are resolved. Use 'puppet module list --tree' to see information about modules\n   (file & line not available)
Feb 28 06:20:51 cloud0-controller-2 puppet-user: Warning: /etc/puppet/hiera.yaml: Use of 'hiera.yaml' version 3 is deprecated. It should be converted to version 5
Feb 28 06:20:51 cloud0-controller-2 puppet-user:   (file: /etc/puppet/hiera.yaml)
Feb 28 06:20:51 cloud0-controller-2 puppet-user: Warning: Undefined variable '::deploy_config_name'; \n   (file & line not available)
Feb 28 06:20:51 cloud0-controller-2 puppet-user: Warning: ModuleLoader: module 'tripleo' has unresolved dependencies - it will only see those that are resolved. Use 'puppet module list --tree' to see information about modules\n   (file & line not available)
Feb 28 06:20:51 cloud0-controller-2 puppet-user: Warning: ModuleLoader: module 'oslo' has unresolved dependencies - it will only see those that are resolved. Use 'puppet module list --tree' to see information about modules\n   (file & line not available)
Feb 28 06:20:51 cloud0-controller-2 puppet-user: Warning: The function 'hiera' is deprecated in favor of using 'lookup'. See https://puppet.com/docs/puppet/5.5/deprecated_language.html\n   (file & line not available)
Feb 28 06:20:51 cloud0-controller-2 puppet-user: Warning: This method is deprecated, please use match expressions with Stdlib::Compat::Ipv6 instead. They are described at https://docs.puppet.com/puppet/latest/reference/lang_data_type.html#match-expressions. at ["/etc/puppet/modules/tripleo/manifests/profile/base/nova.pp", 111]:["/etc/puppet/modules/tripleo/manifests/profile/base/nova/api.pp", 97]
Feb 28 06:20:51 cloud0-controller-2 puppet-user:   (location: /etc/puppet/modules/stdlib/lib/puppet/functions/deprecation.rb:34:in `deprecation')
Feb 28 06:20:51 cloud0-controller-2 puppet-user: Warning: ModuleLoader: module 'concat' has unresolved dependencies - it will only see those that are resolved. Use 'puppet module list --tree' to see information about modules\n   (file & line not available)
Feb 28 06:20:51 cloud0-controller-2 puppet-user: Warning: ModuleLoader: module 'openstacklib' has unresolved dependencies - it will only see those that are resolved. Use 'puppet module list --tree' to see information about modules\n   (file & line not available)
Feb 28 06:20:51 cloud0-controller-2 puppet-user: Warning: ModuleLoader: module 'openstacklib' has unresolved dependencies - it will only see those that are resolved. Use 'puppet module list --tree' to see information about modules\n   (file & line not available)
Feb 28 06:20:51 cloud0-controller-2 puppet-user: Warning: ModuleLoader: module 'nova' has unresolved dependencies - it will only see those that are resolved. Use 'puppet module list --tree' to see information about modules\n   (file & line not available)
Feb 28 06:20:51 cloud0-controller-2 puppet-user: Warning: ModuleLoader: module 'oslo' has unresolved dependencies - it will only see those that are resolved. Use 'puppet module list --tree' to see information about modules\n   (file & line not available)
Feb 28 06:20:51 cloud0-controller-2 puppet-user: Warning: ModuleLoader: module 'oslo' has unresolved dependencies - it will only see those that are resolved. Use 'puppet module list --tree' to see information about modules\n   (file & line not available)
Feb 28 06:20:51 cloud0-controller-2 puppet-user: Warning: The string '1' was automatically coerced to the numerical value 1 (file: /etc/puppet/modules/tripleo/manifests/profile/base/swift/add_devices.pp, line: 39, column: 13)
Feb 28 06:20:51 cloud0-controller-2 puppet-user: Warning: The string '1' was automatically coerced to the numerical value 1 (file: /etc/puppet/modules/tripleo/manifests/profile/base/swift/add_devices.pp, line: 39, column: 25)
Feb 28 06:20:52 cloud0-controller-2 puppet-user: Warning: Scope(Class[Swift::Proxy::Authtoken]): auth_uri is deprecated, please use www_authenticate_uri
Feb 28 06:20:52 cloud0-controller-2 puppet-user: Warning: The string '1' was automatically coerced to the numerical value 1 (file: /etc/puppet/modules/tripleo/manifests/profile/base/swift/add_devices.pp, line: 39, column: 13)
Feb 28 06:20:52 cloud0-controller-2 puppet-user: Warning: The string '1' was automatically coerced to the numerical value 1 (file: /etc/puppet/modules/tripleo/manifests/profile/base/swift/add_devices.pp, line: 39, column: 25)
Feb 28 06:20:52 cloud0-controller-2 puppet-user: Warning: The string '1' was automatically coerced to the numerical value 1 (file: /etc/puppet/modules/tripleo/manifests/profile/base/swift/add_devices.pp, line: 39, column: 13)
Feb 28 06:20:52 cloud0-controller-2 puppet-user: Warning: The string '1' was automatically coerced to the numerical value 1 (file: /etc/puppet/modules/tripleo/manifests/profile/base/swift/add_devices.pp, line: 39, column: 25)
Feb 28 06:20:52 cloud0-controller-2 puppet-user: Warning: validate_legacy(validate_re) expects an Integer value, got String at ["/etc/puppet/modules/swift/manifests/ringbuilder/rebalance.pp", 21]:
Feb 28 06:20:52 cloud0-controller-2 puppet-user:   (location: /etc/puppet/modules/stdlib/lib/puppet/functions/deprecation.rb:34:in `deprecation')
Feb 28 06:20:52 cloud0-controller-2 puppet-user: Warning: Unknown variable: 'methods_real'. (file: /etc/puppet/modules/swift/manifests/proxy/tempurl.pp, line: 100, column: 56)
Feb 28 06:20:52 cloud0-controller-2 puppet-user: Warning: Unknown variable: 'incoming_remove_headers_real'. (file: /etc/puppet/modules/swift/manifests/proxy/tempurl.pp, line: 101, column: 56)
Feb 28 06:20:52 cloud0-controller-2 puppet-user: Warning: Unknown variable: 'incoming_allow_headers_real'. (file: /etc/puppet/modules/swift/manifests/proxy/tempurl.pp, line: 102, column: 56)
Feb 28 06:20:52 cloud0-controller-2 puppet-user: Warning: Unknown variable: 'outgoing_remove_headers_real'. (file: /etc/puppet/modules/swift/manifests/proxy/tempurl.pp, line: 103, column: 56)
Feb 28 06:20:52 cloud0-controller-2 puppet-user: Warning: Unknown variable: 'outgoing_allow_headers_real'. (file: /etc/puppet/modules/swift/manifests/proxy/tempurl.pp, line: 104, column: 56)
Feb 28 06:20:52 cloud0-controller-2 puppet-user: Notice: Compiled catalog for cloud0-controller-2.localdomail.local in environment production in 14.45 seconds
Feb 28 06:20:52 cloud0-controller-2 puppet-user: Warning: ModuleLoader: module 'concat' has unresolved dependencies - it will only see those that are resolved. Use 'puppet module list --tree' to see information about modules\n   (file & line not available)
Feb 28 06:20:52 cloud0-controller-2 puppet-user: Warning: Scope(Class[Nova::Metadata]): enable_proxy_headers_parsing in ::nova::metadata is deprecated, has no effect \
Feb 28 06:20:52 cloud0-controller-2 puppet-user: and will be removed in the future. Please use the one ::nova::api.
Feb 28 06:20:52 cloud0-controller-2 puppet-user: Warning: ModuleLoader: module 'cinder' has unresolved dependencies - it will only see those that are resolved. Use 'puppet module list --tree' to see information about modules\n   (file & line not available)


Steps to reproduce:

- Setup freeIPA
- Setup undercloud
- Deploy overcloud with TLS everywhere on HCI node + controller

Comment 2 Luca Miccini 2020-03-02 09:26:53 UTC
that CRL error seems to be coming from:

https://opendev.org/openstack/tripleo-heat-templates/src/branch/master/deployment/haproxy/haproxy-container-puppet.yaml

  InternalTLSCRLPEMFile:
    default: '/etc/pki/CA/crl/overcloud-crl.pem'
    type: string
    description: Specifies the default CRL PEM file to use for revocation if
                 TLS is used for services in the internal network.

but through the implicit injection of https://opendev.org/openstack/tripleo-heat-templates/src/branch/master/environments/docker-ha.yaml

  OS::TripleO::Services::HAproxy: ../deployment/haproxy/haproxy-pacemaker-puppet.yaml

https://opendev.org/openstack/tripleo-heat-templates/src/branch/master/deployment/haproxy/haproxy-pacemaker-puppet.yaml

            # disable the use CRL file until we can restart the container when the file expires
            tripleo::haproxy::crl_file: null

we should bypass the crl completely.

Can you please check if you don't override OS::TripleO::Services::HAproxy by mistake and/or your plan-environment.yaml file (openstack overcloud plan export <stackname>) contains:

- path: environments/docker-ha.yaml

thanks.

Comment 3 v.vinci 2020-03-03 19:56:00 UTC
Hi,
Thanks for your support.

After adding the doker-ha.yaml the deploy complete succesfully.

Many thanks.


Note You need to log in before you can comment on or make changes to this bug.