1953124 – DNC deployment with HCI nodes at edge site failed on TLS-E

Bug 1953124 - DNC deployment with HCI nodes at edge site failed on TLS-E

Summary: DNC deployment with HCI nodes at edge site failed on TLS-E

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat OpenStack
Classification:	Red Hat
Component:	openstack-tripleo-validations
Sub Component:
Version:	16.1 (Train)
Hardware:	Unspecified
OS:	Unspecified
Priority:	urgent
Severity:	urgent
Target Milestone:	z6
Target Release:	16.1 (Train on RHEL 8.2)
Assignee:	Dave Wilde
QA Contact:	nlevinki
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2021-04-24 00:05 UTC by Marian Krcmarik
Modified:	2021-05-26 13:53 UTC (History)
CC List:	9 users (show)
Fixed In Version:	openstack-tripleo-validations-11.3.2-1.20210408103438.el8ost
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2021-05-26 13:52:43 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Launchpad	1925999	None	None	None	2021-04-24 09:19:12 UTC
OpenStack gerrit	787990	None	MERGED	Make tls_everywhere validations compatible with ansible_facts	2021-04-27 15:24:47 UTC
Red Hat Product Errata	RHBA-2021:2097	None	None	None	2021-05-26 13:53:08 UTC

Description Marian Krcmarik 2021-04-24 00:05:07 UTC

Description of problem:
The DCN deployment with HCI nodes at the edge (etcd deployed) fails on TLS-E deployment:
2021-04-22 22:08:36,708 p=36100 u=mistral n=ansible | fatal: [undercloud]: FAILED! => {"msg": "The task includes an option with an undefined variable. The error was: {{ tls_everywhere_undercloud_fqdn | default(ansible_fqdn) }}: 'ansible_fqdn' is undefined\n\nThe error appears to be in '/usr/share/ansible/roles/tls_everywhere/tasks/ipa-server-check.yaml': line 59, column 7, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n\n    - name: kinit as the host entity\n      ^ here\n"}
2021-04-22 22:08:36,718 p=36100 u=mistral n=ansible | TASK [tls_everywhere : clean up the keytab] ************************************
2021-04-22 22:08:36,718 p=36100 u=mistral n=ansible | Thursday 22 April 2021  22:08:36 +0000 (0:00:00.072)       0:06:06.576 ******** 
2021-04-22 22:08:37,239 p=36100 u=mistral n=ansible | changed: [undercloud] => {"changed": true, "cmd": ["kdestroy", "-A"], "delta": "0:00:00.032105", "end": "2021-04-22 22:08:37.136796", "rc": 0, "start": "2021-04-22 22:08:37.104691", "stderr": "", "stderr_lines": [], "stdout": "", "stdout_lines": []}
2021-04-22 22:08:37,250 p=36100 u=mistral n=ansible | TASK [tls_everywhere : set output for molecule testing] ************************
2021-04-22 22:08:37,250 p=36100 u=mistral n=ansible | Thursday 22 April 2021  22:08:37 +0000 (0:00:00.531)       0:06:07.108 ******** 
2021-04-22 22:08:37,311 p=36100 u=mistral n=ansible | fatal: [undercloud]: FAILED! => {"msg": "The task includes an option with an undefined variable. The error was: 'dict object' has no attribute 'stdout'\n\nThe error appears to be in '/usr/share/ansible/roles/tls_everywhere/tasks/ipa-server-check.yaml': line 101, column 7, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n\n    - name: set output for molecule testing\n      ^ here\n"}

Version-Release number of selected component (if applicable):
openstack-tripleo-validations-11.3.2-1.20210408103437.4db92ba.el8ost.noarch
openstack-tripleo-heat-templates-11.3.2-1.20210408163450.el8ost.noarch

How reproducible:
Always

Steps to Reproduce:
1. Deploy DCN env with multiple stacks (DCN sites) and HCI nodes on edge site with TLS-E

Comment 1 Michele Baldessari 2021-04-24 06:49:17 UTC

Marian I think this is a dupe. Scream if I botched it!

*** This bug has been marked as a duplicate of bug 1949667 ***

Comment 2 Marian Krcmarik 2021-04-24 08:59:53 UTC

(In reply to Michele Baldessari from comment #1)
> Marian I think this is a dupe. Scream if I botched it!
> 
> *** This bug has been marked as a duplicate of bug 1949667 ***

You did! :)

This one appears after the other one was fixed and afaik is related to etcd being deployed at HCI nodes.

Comment 3 Michele Baldessari 2021-04-24 09:19:12 UTC

Opsie dopsie, apologies there ;) Blimey, same issue different component!

Can you check if the linked patch fixes it for you?

Comment 6 Marian Krcmarik 2021-04-24 21:43:31 UTC

(In reply to Michele Baldessari from comment #3)
> Opsie dopsie, apologies there ;) Blimey, same issue different component!
> 
> Can you check if the linked patch fixes it for you?

It does fix the problem, btw. I had a different patch from Dave Wilde which fixes it too but probably your is more general, the patch:

diff --git a/deployment/etcd/etcd-container-puppet.yaml b/deployment/etcd/etcd-container-puppet.yaml
index 459c563ce..45d341f48 100644
--- a/deployment/etcd/etcd-container-puppet.yaml
+++ b/deployment/etcd/etcd-container-puppet.yaml
@@ -235,6 +235,8 @@ outputs:
               import_role:
                 name: tls_everywhere
                 tasks_from: ipa-server-check
+              vars:
+                ansible_fqdn: "{{ ansible_facts['fqdn'] }}"
           - null
       upgrade_tasks: []
       metadata_settings:

Comment 21 errata-xmlrpc 2021-05-26 13:52:43 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Red Hat OpenStack Platform 16.1.6 bug fix and enhancement advisory), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2021:2097

Note You need to log in before you can comment on or make changes to this bug.