Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1953124

Summary: DNC deployment with HCI nodes at edge site failed on TLS-E
Product: Red Hat OpenStack Reporter: Marian Krcmarik <mkrcmari>
Component: openstack-tripleo-validationsAssignee: Dave Wilde <dwilde>
Status: CLOSED ERRATA QA Contact: nlevinki <nlevinki>
Severity: urgent Docs Contact:
Priority: urgent    
Version: 16.1 (Train)CC: dwilde, gchamoul, jjoyce, jschluet, mburns, michele, slinaber, spower, tvignaud
Target Milestone: z6Keywords: Reopened, Triaged
Target Release: 16.1 (Train on RHEL 8.2)   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: openstack-tripleo-validations-11.3.2-1.20210408103438.el8ost Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-05-26 13:52:43 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Marian Krcmarik 2021-04-24 00:05:07 UTC 
Description of problem:
The DCN deployment with HCI nodes at the edge (etcd deployed) fails on TLS-E deployment:
2021-04-22 22:08:36,708 p=36100 u=mistral n=ansible | fatal: [undercloud]: FAILED! => {"msg": "The task includes an option with an undefined variable. The error was: {{ tls_everywhere_undercloud_fqdn | default(ansible_fqdn) }}: 'ansible_fqdn' is undefined\n\nThe error appears to be in '/usr/share/ansible/roles/tls_everywhere/tasks/ipa-server-check.yaml': line 59, column 7, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n\n    - name: kinit as the host entity\n      ^ here\n"}
2021-04-22 22:08:36,718 p=36100 u=mistral n=ansible | TASK [tls_everywhere : clean up the keytab] ************************************
2021-04-22 22:08:36,718 p=36100 u=mistral n=ansible | Thursday 22 April 2021  22:08:36 +0000 (0:00:00.072)       0:06:06.576 ******** 
2021-04-22 22:08:37,239 p=36100 u=mistral n=ansible | changed: [undercloud] => {"changed": true, "cmd": ["kdestroy", "-A"], "delta": "0:00:00.032105", "end": "2021-04-22 22:08:37.136796", "rc": 0, "start": "2021-04-22 22:08:37.104691", "stderr": "", "stderr_lines": [], "stdout": "", "stdout_lines": []}
2021-04-22 22:08:37,250 p=36100 u=mistral n=ansible | TASK [tls_everywhere : set output for molecule testing] ************************
2021-04-22 22:08:37,250 p=36100 u=mistral n=ansible | Thursday 22 April 2021  22:08:37 +0000 (0:00:00.531)       0:06:07.108 ******** 
2021-04-22 22:08:37,311 p=36100 u=mistral n=ansible | fatal: [undercloud]: FAILED! => {"msg": "The task includes an option with an undefined variable. The error was: 'dict object' has no attribute 'stdout'\n\nThe error appears to be in '/usr/share/ansible/roles/tls_everywhere/tasks/ipa-server-check.yaml': line 101, column 7, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n\n    - name: set output for molecule testing\n      ^ here\n"}

Version-Release number of selected component (if applicable):
openstack-tripleo-validations-11.3.2-1.20210408103437.4db92ba.el8ost.noarch
openstack-tripleo-heat-templates-11.3.2-1.20210408163450.el8ost.noarch

How reproducible:
Always

Steps to Reproduce:
1. Deploy DCN env with multiple stacks (DCN sites) and HCI nodes on edge site with TLS-E
Comment 1 Michele Baldessari 2021-04-24 06:49:17 UTC 
Marian I think this is a dupe. Scream if I botched it!

*** This bug has been marked as a duplicate of bug 1949667 ***
Comment 2 Marian Krcmarik 2021-04-24 08:59:53 UTC 
(In reply to Michele Baldessari from comment #1)
> Marian I think this is a dupe. Scream if I botched it!
> 
> *** This bug has been marked as a duplicate of bug 1949667 ***

You did! :)

This one appears after the other one was fixed and afaik is related to etcd being deployed at HCI nodes.
Comment 3 Michele Baldessari 2021-04-24 09:19:12 UTC 
Opsie dopsie, apologies there ;) Blimey, same issue different component!

Can you check if the linked patch fixes it for you?
Comment 6 Marian Krcmarik 2021-04-24 21:43:31 UTC 
(In reply to Michele Baldessari from comment #3)
> Opsie dopsie, apologies there ;) Blimey, same issue different component!
> 
> Can you check if the linked patch fixes it for you?

It does fix the problem, btw. I had a different patch from Dave Wilde which fixes it too but probably your is more general, the patch:

diff --git a/deployment/etcd/etcd-container-puppet.yaml b/deployment/etcd/etcd-container-puppet.yaml
index 459c563ce..45d341f48 100644
--- a/deployment/etcd/etcd-container-puppet.yaml
+++ b/deployment/etcd/etcd-container-puppet.yaml
@@ -235,6 +235,8 @@ outputs:
               import_role:
                 name: tls_everywhere
                 tasks_from: ipa-server-check
+              vars:
+                ansible_fqdn: "{{ ansible_facts['fqdn'] }}"
           - null
       upgrade_tasks: []
       metadata_settings:
Comment 21 errata-xmlrpc 2021-05-26 13:52:43 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Red Hat OpenStack Platform 16.1.6 bug fix and enhancement advisory), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2021:2097