Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 2302191

Summary: {{role.name}}ExtraGroupVars is not merged strategy.
Product: Red Hat OpenStack Reporter: Keigo Noha <knoha>
Component: openstack-tripleo-heat-templatesAssignee: Rabi Mishra <ramishra>
Status: CLOSED ERRATA QA Contact: Joe H. Rahme <jhakimra>
Severity: medium Docs Contact:
Priority: medium    
Version: 17.1 (Wallaby)CC: drosenfe, mariel, mburns, pweeks, ramishra
Target Milestone: z4Keywords: Triaged
Target Release: 17.1   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: openstack-tripleo-heat-templates-14.3.1-17.1.20240919130751.e7c7ce3.el9ost Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2024-11-21 09:30:41 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Keigo Noha 2024-08-01 02:07:07 UTC 
Description of problem:
{{role.name}}ExtraGroupVars is not merged strategy.
This behavior caused that the multiple {{role.name}}ExtraGroupVars definition is only effective with the last definition.

Other role based configuration, like {{role.name}}ExtraConfig has merge strategy.

https://github.com/openstack-archive/tripleo-heat-templates/blob/stable/wallaby/overcloud-resource-registry-puppet.j2.yaml#L350-L358

{{role.name}}ExtraGroupVars should be the same strategy.

Version-Release number of selected component (if applicable):
OSP17.1

How reproducible:
Everytime

Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:
Comment 1 Keigo Noha 2024-08-02 00:44:39 UTC 
I modified overcloud-resource-registry-puppet.j2.yaml as follows.
~~~
parameter_merge_strategies:
  ServiceNetMap: merge
  VipSubnetMap: merge
  SshServerOptions: merge
  ExtraConfig: merge
{% for role in roles %}
  {{role.name}}Parameters: merge
  {{role.name}}ExtraConfig: merge
  {{role.name}}ExtraGroupVars: merge <--- ADDED
{% endfor %}

parameter_defaults:
  NeutronMechanismDrivers: ovn
  ContainerCli: podman
  EnablePackageInstall: false
  SoftwareConfigTransport: POLL_SERVER_HEAT
  OVNIntegrationBridge: br-int
  ExtraConfig: {}

{% for role in roles %}
  # Parameters generated for {{role.name}} Role
  {{role.name}}Services: {{role.ServicesDefault|default([])}}
  {{role.name}}Parameters: {}
  {{role.name}}ExtraConfig: {}
  {{role.name}}ExtraGroupVars: {} <--- ADDED
{% endfor %}
~~~

I did the following tests.

~~~
$ cat virt/firewall.yaml 
parameter_defaults:
  ExtraFirewallRules:
    '300 accept ssh from any':
      dport: 22
      proto: tcp
    '400 accept BFD controll packet from any':
      dport: 3784
      proto: udp
    '401 accept BFD Echo packet from any':
      dport: 3785
      proto: udp
    '500 allow zabbix':
      dport: 10050
      proto: tcp
  ControllerExtraGroupVars:
    tripleo_firewall_default_rules: {'000 accept relatedestablished rules': { proto: all, state: ["RELATED", "ESTABLISHED"]},'001 accept all icmp': {ipversion: ipv4, proto: icmp}, '001 accept all ipv6-icmp': {ipversion: ipv6, proto: ipv6-icmp}, '002 accept all to lo interface': {proto: all, interface: lo}, '004 accept ipv6 dhcpv6': {ipversion: ipv6, dport: 546, proto: udp, state: NEW, destination: 'fe80::/64'}, '999 drop all': {proto: all, action: drop}}
  ComputeExtraGroupVars:
    tripleo_firewall_default_rules: {'000 accept related established rules': { proto: all, state: ["RELATED", "ESTABLISHED"]}, '001 accept all icmp': {ipversion: ipv4, proto: icmp}, '001 accept all ipv6-icmp': {ipversion: ipv6, proto: ipv6-icmp}, '002 accept all to lo interface': {proto: all, interface: lo}, '004 accept ipv6 dhcpv6': {ipversion: ipv6, dport: 546, proto: udp, state: NEW, destination: 'fe80::/64'}, '999 drop all': {proto: all, action: drop}}
~~~

~~~
 cat virt/config_heat.yaml 
parameter_defaults:
  Timezone: Asia/Tokyo
  ControllerExtraGroupVars: &chrony_action_tests
    chrony_role_action: config
  ComputeExtraGroupVars: *chrony_action_tests
~~~

~~~
openstack overcloud deploy \
--timeout 240 \
--templates /usr/share/openstack-tripleo-heat-templates \
  --environment-file /usr/share/openstack-tripleo-heat-templates/environments/services/octavia.yaml \
--stack overcloud \
--libvirt-type kvm \
--ntp-server clock.corp.redhat.com \
--deployed-server \
-e /home/stack/templates/overcloud-vip-deployed.yaml \
-e /home/stack/templates/overcloud-networks-deployed.yaml \
-e /home/stack/templates/overcloud-baremetal-deployed.yaml \
--networks-file /home/stack/virt/network/network_data_v2.yaml \
-e /home/stack/virt/config_lvm.yaml \
-e /home/stack/virt/network/network-environment_v2.yaml \
-e ~/fencing.yaml \
-e /home/stack/virt/hostnames.yml \
-e /usr/share/openstack-tripleo-heat-templates/environments/services/neutron-ovn-dvr-ha.yaml \
-e /home/stack/virt/debug.yaml \
-e /home/stack/virt/config_heat.yaml \
-e /home/stack/virt/nodes_data.yaml \
-e ~/containers-prepare-parameter.yaml \
-e /home/stack/virt/l3_fip_qos.yaml \
-e /home/stack/virt/firewall.yaml \
--log-file overcloud_deployment_0.log
~~~

Without the modification, chrony_role_action was not set to config.
Wit the modification, chrony_role_action is set to config.
Comment 18 errata-xmlrpc 2024-11-21 09:30:41 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: RHOSP 17.1.4 (openstack-tripleo-heat-templates) security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2024:9978