Bug 1967270 - [OSP16.1] lunasa_hsm role fails on use of ansible_fqdn
Summary: [OSP16.1] lunasa_hsm role fails on use of ansible_fqdn
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: ansible-role-lunasa-hsm
Version: 16.1 (Train)
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: z7
: 16.1 (Train on RHEL 8.2)
Assignee: Dave Wilde
QA Contact: Jeremy Agee
URL:
Whiteboard:
Depends On: 1967083
Blocks:
TreeView+ depends on / blocked
 
Reported: 2021-06-02 17:58 UTC by Dave Wilde
Modified: 2021-12-09 20:20 UTC (History)
2 users (show)

Fixed In Version: ansible-role-lunasa-hsm-1.0.0-1.20210609143309.1f79d94.el8ost
Doc Type: No Doc Update
Doc Text:
Clone Of: 1967083
Environment:
Last Closed: 2021-12-09 20:19:39 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
OpenStack gerrit 794323 0 None NEW Remove use of ansible_fqdn 2021-06-02 18:00:01 UTC
Red Hat Issue Tracker OSP-4357 0 None None None 2021-11-18 11:32:52 UTC
Red Hat Product Errata RHBA-2021:3762 0 None None None 2021-12-09 20:20:01 UTC

Description Dave Wilde 2021-06-02 17:58:39 UTC
+++ This bug was initially created as a clone of Bug #1967083 +++

Clone for 16.1

Description of problem:
TASK [lunasa_hsm : set client facts for fqdn] **********************************
Tuesday 01 June 2021  18:16:12 -0400 (0:00:06.966)       0:19:40.336 ********** 
skipping: [controller-0] => {"changed": false, "skip_reason": "Conditional result was False"}

TASK [lunasa_hsm : set client facts for IP override] ***************************
Tuesday 01 June 2021  18:16:12 -0400 (0:00:00.066)       0:19:40.403 ********** 
fatal: [controller-0]: FAILED! => {"msg": "The task includes an option with an undefined variable. The error was: 'ansible_fqdn' is undefined\n\nThe error appears to be in '/usr/share/ansible/roles/lunasa_hsm/tasks/main.yaml': line 37, column 3, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n\n- name: set client facts for IP override\n  ^ here\n"}

Version-Release number of selected component (if applicable):
[stack@undercloud share]$ rpm -qa ansible-role-lunasa-hsm
ansible-role-lunasa-hsm-1.0.0-1.20210315120131.1f79d94.el8ost.noarch

How reproducible:
This was encountered during an upshift-ansible 16.2 deploy with the following compose RHOS-16.2-RHEL-8-20210525.n.0 [0].  My Barbican parameters are:

[stack@undercloud ~]$ cat barbican-extra-parameters.yaml 
---
parameter_defaults:
  BarbicanPkcs11CryptoMKEKLabel: "dwilde_mkek_0"
  BarbicanPkcs11CryptoHMACLabel: "dwilde_hmac_0"
  BarbicanPkcs11CryptoTokenLabel: "myHAGroup"
  BarbicanPkcs11CryptoLogin: "z6nwEm6zSYFsyQGh"
  BarbicanPkcs11CryptoGlobalDefault: true
  LunasaVars:
    lunasa_client_tarball_name: 610-012382-014_SW_Client_HSM_6.2_RevA.tar.zip
    lunasa_client_tarball_location: http://download-node-02.eng.bos.redhat.com/qa/rhts/lookaside/IdM/rhcs/lunasa_software/610-012382-014_SW_Client_HSM_6.2_RevA.tar.zip
    lunasa_client_installer_path: 610-012382-014_SW_Client_HSM_6.2_RevA/linux/64/install.sh
    lunasa_hsms:
      - hostname: os-luna-hsm-1.perf.lab.eng.rdu2.redhat.com
        admin_password: "ABC123!!!"
        partition: secdfgPartition1
        partition_serial: 545656014
      - hostname: os-luna-hsm-2.perf.lab.eng.rdu2.redhat.com
        admin_password: "ABC123!!!"
        partition: secdfgPartition1
        partition_serial: 572142014
  LunasaClientIPNetwork: hsmnet
  ControllerIPs:
    hsmnet:
      - "10.0.110.168"

Steps to Reproduce:
1. Configure upshift-ansible to deploy a lunasa environment:

❯ cat vars.yaml
---

# Dave is the one who setup the gitlab runner, which requires an application
# credential from keystone to get tokens and interact with Upshift. This
# requires Dave's user in upshift to be used for deployments and because
# upshift-ansible needs a key to inject into instances. Since keypairs in nova
# are user-specific, and application credentials in keystone are user-specific,
# both need to be setup by the same user. For example, this would break if one
# person created the keypair and the other created the application credential
# because the application credential wouldn't be able to list keypairs in nova
# since they belong to different users.
#
# This is something we need to be aware of if we need to rotate out this user, key,
# or application credential.
username: dwilde
keypair_name: dwilde

additional_keys: 
  - 'https://github.com/vakwetu.keys'
  - 'https://github.com/HarryRybacki.keys'
  - 'https://github.com/lbragstad.keys'
  - 'https://github.com/d34dh0r53.keys'
  - 'https://github.com/xek.keys'
  - 'https://github.com/dmend.keys'
  - 'https://github.com/jagee.keys'
  - 'https://github.com/moisesguimaraes.keys'
  - >
    ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC8zXFd+1fWundCc8sr6uVJv8DAGtWVkzfG6MiM6RKRR/hWIVWhPdlW0VQc7VtbfCnaD91iPtb6ag3+FnnDmDlgCPFN0QXGjNtalJ9Dy/1pZ6VY7K3eDENls+cQH4+fG9Yte5tOgTqRVVQrwQjJ7yE7DIez6BNCbTZdsTT42Xan11QbOhWIzE0vT0xZM77knuSy4gEDH/es3I2888yBYwXCpEmhY/2Qb+8GxtTpdoB0v/HTco8e7ENiiwWlEO5S7BoemDlWye3DX/H2MJlybBx8qXBk2Kh13cT9V8N6/fLQFRK47u/hL8N9QCsqzh9KhzZstilwx4Gc/yex0hzahMep rheslop.local

openstack_platform: osp
osp_version: '16.1'
osp_puddle: 'passed_phase2'
deployment_name: dwilde-16-2-luna
barbican_simple_crypto: False
barbican_luna: True
hsm_network_name: provider_net_shared_3
compute_count: 1
controller_count: 1
enable_novajoin: False
enable_ovb: False
enable_tls: True
os_cloud_config: upshift-dwilde
private_network_name: dwilde-private-2
external_network: provider_net_shared_3
server_create_timeout: 600
#distro_packages:
#  - redhat-lsb-core
#  - iptables-services

2. Deploy environment

Actual results:
Failure seen above:

TASK [lunasa_hsm : set client facts for IP override] ***************************
Tuesday 01 June 2021  18:16:12 -0400 (0:00:00.066)       0:19:40.403 ********** 
fatal: [controller-0]: FAILED! => {"msg": "The task includes an option with an undefined variable. The error was: 'ansible_fqdn' is undefined\n\nThe error appears to be in '/usr/share/ansible/roles/lunasa_hsm/tasks/main.yaml': line 37, column 3, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n\n- name: set client facts for IP override\n  ^ here\n"}

Expected results:
Successful Deployment

Additional info:
We were able to fix this in other places by setting the ansible_fqdn fact in the calling playbook, but the better fix is to stop using ansible_fqdn in the role itself, ansible_facts['fqdn'] is a good alternative.

[0]: http://download.eng.brq.redhat.com/rcm-guest/puddles/OpenStack/16.2-RHEL-8/RHOS-16.2-RHEL-8-20210525.n.0/

Comment 11 Martin Kopec 2021-08-16 09:12:25 UTC
ansible_fqdn has been removed from the ansible-role-lunasa-hsm role and has been replace by a correct alternative - ansible_facts['fqdn'] .. the role don't fail on the mentioned error anymore.

ansible-role-lunasa-hsm-1.0.0-1.20210609143309.1f79d94.el8ost build (Fixed in version) contains the fix. The build is part of RHOS-16.1-RHEL-8-20210722.n.3 puddle plus the puddles after that (most latest one is RHOS-16.1-RHEL-8-20210804.n.0).

VERIFIED

Comment 21 errata-xmlrpc 2021-12-09 20:19:39 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Red Hat OpenStack Platform 16.1.7 (Train) bug fix and enhancement advisory), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2021:3762


Note You need to log in before you can comment on or make changes to this bug.