2302191 – {{role.name}}ExtraGroupVars is not merged strategy.

Bug 2302191 - {{role.name}}ExtraGroupVars is not merged strategy.

Summary: {{role.name}}ExtraGroupVars is not merged strategy.

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat OpenStack
Classification:	Red Hat
Component:	openstack-tripleo-heat-templates
Sub Component:
Version:	17.1 (Wallaby)
Hardware:	x86_64
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	z4
Target Release:	17.1
Assignee:	Rabi Mishra
QA Contact:	Joe H. Rahme
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2024-08-01 02:07 UTC by Keigo Noha
Modified:	2024-11-21 09:30 UTC (History)
CC List:	5 users (show)
Fixed In Version:	openstack-tripleo-heat-templates-14.3.1-17.1.20240919130751.e7c7ce3.el9ost
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2024-11-21 09:30:41 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Issue Tracker	OSP-32598	0	None	None	None	2024-08-01 02:07:47 UTC
Red Hat Product Errata	RHSA-2024:9978	0	None	None	None	2024-11-21 09:30:43 UTC

Description Keigo Noha 2024-08-01 02:07:07 UTC

Description of problem:
{{role.name}}ExtraGroupVars is not merged strategy.
This behavior caused that the multiple {{role.name}}ExtraGroupVars definition is only effective with the last definition.

Other role based configuration, like {{role.name}}ExtraConfig has merge strategy.

https://github.com/openstack-archive/tripleo-heat-templates/blob/stable/wallaby/overcloud-resource-registry-puppet.j2.yaml#L350-L358

{{role.name}}ExtraGroupVars should be the same strategy.

Version-Release number of selected component (if applicable):
OSP17.1

How reproducible:
Everytime

Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:

Comment 1 Keigo Noha 2024-08-02 00:44:39 UTC

I modified overcloud-resource-registry-puppet.j2.yaml as follows.
~~~
parameter_merge_strategies:
  ServiceNetMap: merge
  VipSubnetMap: merge
  SshServerOptions: merge
  ExtraConfig: merge
{% for role in roles %}
  {{role.name}}Parameters: merge
  {{role.name}}ExtraConfig: merge
  {{role.name}}ExtraGroupVars: merge <--- ADDED
{% endfor %}

parameter_defaults:
  NeutronMechanismDrivers: ovn
  ContainerCli: podman
  EnablePackageInstall: false
  SoftwareConfigTransport: POLL_SERVER_HEAT
  OVNIntegrationBridge: br-int
  ExtraConfig: {}

{% for role in roles %}
  # Parameters generated for {{role.name}} Role
  {{role.name}}Services: {{role.ServicesDefault|default([])}}
  {{role.name}}Parameters: {}
  {{role.name}}ExtraConfig: {}
  {{role.name}}ExtraGroupVars: {} <--- ADDED
{% endfor %}
~~~

I did the following tests.

~~~
$ cat virt/firewall.yaml 
parameter_defaults:
  ExtraFirewallRules:
    '300 accept ssh from any':
      dport: 22
      proto: tcp
    '400 accept BFD controll packet from any':
      dport: 3784
      proto: udp
    '401 accept BFD Echo packet from any':
      dport: 3785
      proto: udp
    '500 allow zabbix':
      dport: 10050
      proto: tcp
  ControllerExtraGroupVars:
    tripleo_firewall_default_rules: {'000 accept relatedestablished rules': { proto: all, state: ["RELATED", "ESTABLISHED"]},'001 accept all icmp': {ipversion: ipv4, proto: icmp}, '001 accept all ipv6-icmp': {ipversion: ipv6, proto: ipv6-icmp}, '002 accept all to lo interface': {proto: all, interface: lo}, '004 accept ipv6 dhcpv6': {ipversion: ipv6, dport: 546, proto: udp, state: NEW, destination: 'fe80::/64'}, '999 drop all': {proto: all, action: drop}}
  ComputeExtraGroupVars:
    tripleo_firewall_default_rules: {'000 accept related established rules': { proto: all, state: ["RELATED", "ESTABLISHED"]}, '001 accept all icmp': {ipversion: ipv4, proto: icmp}, '001 accept all ipv6-icmp': {ipversion: ipv6, proto: ipv6-icmp}, '002 accept all to lo interface': {proto: all, interface: lo}, '004 accept ipv6 dhcpv6': {ipversion: ipv6, dport: 546, proto: udp, state: NEW, destination: 'fe80::/64'}, '999 drop all': {proto: all, action: drop}}
~~~

~~~
 cat virt/config_heat.yaml 
parameter_defaults:
  Timezone: Asia/Tokyo
  ControllerExtraGroupVars: &chrony_action_tests
    chrony_role_action: config
  ComputeExtraGroupVars: *chrony_action_tests
~~~

~~~
openstack overcloud deploy \
--timeout 240 \
--templates /usr/share/openstack-tripleo-heat-templates \
  --environment-file /usr/share/openstack-tripleo-heat-templates/environments/services/octavia.yaml \
--stack overcloud \
--libvirt-type kvm \
--ntp-server clock.corp.redhat.com \
--deployed-server \
-e /home/stack/templates/overcloud-vip-deployed.yaml \
-e /home/stack/templates/overcloud-networks-deployed.yaml \
-e /home/stack/templates/overcloud-baremetal-deployed.yaml \
--networks-file /home/stack/virt/network/network_data_v2.yaml \
-e /home/stack/virt/config_lvm.yaml \
-e /home/stack/virt/network/network-environment_v2.yaml \
-e ~/fencing.yaml \
-e /home/stack/virt/hostnames.yml \
-e /usr/share/openstack-tripleo-heat-templates/environments/services/neutron-ovn-dvr-ha.yaml \
-e /home/stack/virt/debug.yaml \
-e /home/stack/virt/config_heat.yaml \
-e /home/stack/virt/nodes_data.yaml \
-e ~/containers-prepare-parameter.yaml \
-e /home/stack/virt/l3_fip_qos.yaml \
-e /home/stack/virt/firewall.yaml \
--log-file overcloud_deployment_0.log
~~~

Without the modification, chrony_role_action was not set to config.
Wit the modification, chrony_role_action is set to config.

Comment 18 errata-xmlrpc 2024-11-21 09:30:41 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: RHOSP 17.1.4 (openstack-tripleo-heat-templates) security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2024:9978

Note You need to log in before you can comment on or make changes to this bug.