Bug 976787 - Packstack asks for ssh password twice per each machine
Packstack asks for ssh password twice per each machine
Status: CLOSED ERRATA
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-packstack (Show other bugs)
4.0
Unspecified Unspecified
medium Severity medium
: beta
: 4.0
Assigned To: Martin Magr
Nir Magnezi
: Triaged
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-06-21 09:06 EDT by Rami Vaknin
Modified: 2014-01-12 18:55 EST (History)
7 users (show)

See Also:
Fixed In Version: openstack-packstack-2013.2.1-0.7.dev806.el6ost
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-12-19 19:08:05 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
OpenStack gerrit 43905 None None None Never

  None (edit)
Description Rami Vaknin 2013-06-21 09:06:45 EDT
Version:
Grizzly on rhel6.4 with openstack-packstack-2013.1.1-0.20.dev632.el6ost.

Description:
Packstack asks for ssh password more than once per machine instead of setting up the ssh keys as a first step.
Note that sometimes packstack asks for ssh password only once per machine, however I couldn't point on the difference that makes that happen.

# packstack --answer-file=ANSWER_FILE
Welcome to Installer setup utility

Installing:
Clean Up...                                            [ DONE ]
OS support check...root@10.35.160.29's password: 
root@10.35.160.27's password: 
                                    [ DONE ]
Adding pre install manifest entries...                 [ DONE ]
Installing time synchronization via NTP...             [ DONE ]
Setting up ssh keys...root@10.35.160.29's password: 
root@10.35.160.27's password: 
...
Comment 1 Rami Vaknin 2013-06-21 09:29:28 EDT
I think that this reproduces on disributed installation rather than all-in-one.
Comment 2 Martin Magr 2013-07-16 07:49:06 EDT
I wasn't able to reproduce this. Do you have a reproducer for it?
Comment 3 Rami Vaknin 2013-07-23 10:51:31 EDT
Yes, I managed to reporoduce that, I think that default answer file with CONFIG_NOVA_COMPUTE_HOSTS changed to another ip make this happens:

openstack-packstack-2013.1.1-0.23.dev642.el6ost

# packstack --answer-file=ANSWER_FILE
Welcome to Installer setup utility

Installing:
Clean Up...                                            [ DONE ]
OS support check...root@10.35.160.23's password: 
root@10.35.160.25's password: 
                                    [ DONE ]
Adding pre install manifest entries...                 [ DONE ]
Installing time synchronization via NTP...             [ DONE ]
Setting up ssh keys...root@10.35.160.23's password: 
root@10.35.160.25's password: 
                                 [ DONE ]
Adding MySQL manifest entries...                       [ DONE ]
...
===================================================================
The answer file (removed the ntp server from it):
[general]

# Path to a Public key to install on servers. If a usable key has not
# been installed on the remote servers the user will be prompted for a
# password and this key will be installed so the password will not be
# required again
CONFIG_SSH_KEY=/root/.ssh/id_rsa.pub

# Set to 'y' if you would like Packstack to install Glance
CONFIG_GLANCE_INSTALL=y

# Set to 'y' if you would like Packstack to install Cinder
CONFIG_CINDER_INSTALL=y

# Set to 'y' if you would like Packstack to install Nova
CONFIG_NOVA_INSTALL=y

# Set to 'y' if you would like Packstack to install Quantum
CONFIG_QUANTUM_INSTALL=y

# Set to 'y' if you would like Packstack to install Horizon
CONFIG_HORIZON_INSTALL=y

# Set to 'y' if you would like Packstack to install Swift
CONFIG_SWIFT_INSTALL=n

# Set to 'y' if you would like Packstack to install the OpenStack
# Client packages. An admin "rc" file will also be installed
CONFIG_CLIENT_INSTALL=y

# Comma separated list of NTP servers. Leave plain if Packstack
# should not install ntpd on instances.
CONFIG_NTP_SERVERS=<snip>

# Set to 'y' if you would like Packstack to install Nagios to monitor
# openstack hosts
CONFIG_NAGIOS_INSTALL=n

# The IP address of the server on which to install MySQL
CONFIG_MYSQL_HOST=10.35.160.23

# Username for the MySQL admin user
CONFIG_MYSQL_USER=root

# Password for the MySQL admin user
CONFIG_MYSQL_PW=123456

# The IP address of the server on which to install the QPID service
CONFIG_QPID_HOST=10.35.160.23

CONFIG_KEYSTONE_TOKEN_FORMAT=UUID

# The IP address of the server on which to install Keystone
CONFIG_KEYSTONE_HOST=10.35.160.23

# The password to use for the Keystone to access DB
CONFIG_KEYSTONE_DB_PW=123456

# The token to use for the Keystone service api
CONFIG_KEYSTONE_ADMIN_TOKEN=dc93b668b4bb43a3833333dca3b4cb58

# The password to use for the Keystone admin user
CONFIG_KEYSTONE_ADMIN_PW=123456

# The IP address of the server on which to install Glance
CONFIG_GLANCE_HOST=10.35.160.23

# The password to use for the Glance to access DB
CONFIG_GLANCE_DB_PW=123456

# The password to use for the Glance to authenticate with Keystone
CONFIG_GLANCE_KS_PW=123456

# The IP address of the server on which to install Cinder
CONFIG_CINDER_HOST=10.35.160.23

# The password to use for the Cinder to access DB
CONFIG_CINDER_DB_PW=123456

# The password to use for the Cinder to authenticate with Keystone
CONFIG_CINDER_KS_PW=123456

# Create Cinder's volumes group. This should only be done for testing
# on a proof-of-concept installation of Cinder.  This will create a
# file-backed volume group and is not suitable for production usage.
CONFIG_CINDER_VOLUMES_CREATE=y

# Cinder's volumes group size
CONFIG_CINDER_VOLUMES_SIZE=20G

# The IP address of the server on which to install the Nova API
# service
CONFIG_NOVA_API_HOST=10.35.160.23

# The IP address of the server on which to install the Nova Cert
# service
CONFIG_NOVA_CERT_HOST=10.35.160.23

# The IP address of the server on which to install the Nova VNC proxy
CONFIG_NOVA_VNCPROXY_HOST=10.35.160.23

# A comma separated list of IP addresses on which to install the Nova
# Compute services
CONFIG_NOVA_COMPUTE_HOSTS=10.35.160.25

# Private interface for Flat DHCP on the Nova compute servers
CONFIG_NOVA_COMPUTE_PRIVIF=eth3

# The IP address of the server on which to install the Nova Network
# service
CONFIG_NOVA_NETWORK_HOST=10.35.160.23

# The IP address of the server on which to install the Nova Conductor
# service
CONFIG_NOVA_CONDUCTOR_HOST=10.35.160.23

# The password to use for the Nova to access DB
CONFIG_NOVA_DB_PW=123456

CONFIG_QUANTUM_OVS_VLAN_RANGES=
CONFIG_QUANTUM_OVS_BRIDGE_IFACES=br:eth3

# The password to use for the Nova to authenticate with Keystone
CONFIG_NOVA_KS_PW=123456

# Public interface on the Nova network server
CONFIG_NOVA_NETWORK_PUBIF=eth2

# Private interface for Flat DHCP on the Nova network server
CONFIG_NOVA_NETWORK_PRIVIF=eth2

# IP Range for Flat DHCP
CONFIG_NOVA_NETWORK_FIXEDRANGE=172.16.0.0/24

# IP Range for Floating IP's
CONFIG_NOVA_NETWORK_FLOATRANGE=10.35.164.0/24

# Name of the default floating pool to which the specified floating
# ranges are added to
CONFIG_NOVA_NETWORK_DEFAULTFLOATINGPOOL=nova

# Automatically assign a floating IP to new instances
CONFIG_NOVA_NETWORK_AUTOASSIGNFLOATINGIP=n

# The IP address of the server on which to install the Nova Scheduler
# service
CONFIG_NOVA_SCHED_HOST=10.35.160.23

# The overcommitment ratio for virtual to physical CPUs. Set to 1.0
# to disable CPU overcommitment
CONFIG_NOVA_SCHED_CPU_ALLOC_RATIO=16.0

# The overcommitment ratio for virtual to physical RAM. Set to 1.0 to
# disable RAM overcommitment
CONFIG_NOVA_SCHED_RAM_ALLOC_RATIO=1.5

# The IP addresses of the server on which to install the Quantum
# server
CONFIG_QUANTUM_SERVER_HOST=10.35.160.23

# Enable network namespaces for Quantum
CONFIG_QUANTUM_USE_NAMESPACES=y

# The password to use for Quantum to authenticate with Keystone
CONFIG_QUANTUM_KS_PW=123456

# The password to use for Quantum to access DB
CONFIG_QUANTUM_DB_PW=123456

# A comma separated list of IP addresses on which to install Quantum
# L3 agent
CONFIG_QUANTUM_L3_HOSTS=10.35.160.23

# The name of the bridge that the Quantum L3 agent will use for
# external traffic
CONFIG_QUANTUM_L3_EXT_BRIDGE=br-ex

# A comma separated list of IP addresses on which to install Quantum
# DHCP plugin
CONFIG_QUANTUM_DHCP_HOSTS=10.35.160.23

# The name of the L2 plugin to be used with Quantum
CONFIG_QUANTUM_L2_PLUGIN=openvswitch

# A comma separated list of IP addresses on which to install Quantum
# metadata agent
CONFIG_QUANTUM_METADATA_HOSTS=10.35.160.23

# A comma separated list of IP addresses on which to install Quantum
# metadata agent
CONFIG_QUANTUM_METADATA_PW=123456

# The type of network to allocate for tenant networks
CONFIG_QUANTUM_LB_TENANT_NETWORK_TYPE=local

# A comma separated list of VLAN ranges for the Quantum linuxbridge
# plugin
CONFIG_QUANTUM_LB_VLAN_RANGES=

# A comma separated list of interface mappings for the Quantum
# linuxbridge plugin
CONFIG_QUANTUM_LB_INTERFACE_MAPPINGS=

# Type of network to allocate for tenant networks
CONFIG_QUANTUM_OVS_TENANT_NETWORK_TYPE=vlan

# A comma separated list of VLAN ranges for the Quantum openvswitch
# plugin
CONFIG_QUANTUM_OVS_VLAN_RANGES=phy_vlan:186:187,ext_vlan:185:185

# A comma separated list of bridge mappings for the Quantum
# openvswitch plugin
CONFIG_QUANTUM_OVS_BRIDGE_MAPPINGS=phy_vlan:br-vlans

# The IP address of the server on which to install the OpenStack
# client packages. An admin "rc" file will also be installed
CONFIG_OSCLIENT_HOST=10.35.160.23

# The IP address of the server on which to install Horizon
CONFIG_HORIZON_HOST=10.35.160.23

# To set up Horizon communication over https set this to "y"
CONFIG_HORIZON_SSL=n

# PEM encoded certificate to be used for ssl on the https server,
# leave blank if one should be generated, this certificate should not
# require a passphrase
CONFIG_SSL_CERT=

# Keyfile corresponding to the certificate if one was entered
CONFIG_SSL_KEY=

# The IP address on which to install the Swift proxy service
CONFIG_SWIFT_PROXY_HOSTS=10.35.160.23

# The password to use for the Swift to authenticate with Keystone
CONFIG_SWIFT_KS_PW=123456

# A comma separated list of IP addresses on which to install the
# Swift Storage services, each entry should take the format
# <ipaddress>[/dev], for example 127.0.0.1/vdb will install /dev/vdb
# on 127.0.0.1 as a swift storage device(packstack does not create the
# filesystem, you must do this first), if /dev is omitted Packstack
# will create a loopback device for a test setup
CONFIG_SWIFT_STORAGE_HOSTS=10.35.160.23

# Number of swift storage zones, this number MUST be no bigger than
# the number of storage devices configured
CONFIG_SWIFT_STORAGE_ZONES=1

# Number of swift storage replicas, this number MUST be no bigger
# than the number of storage zones configured
CONFIG_SWIFT_STORAGE_REPLICAS=1

# FileSystem type for storage nodes
CONFIG_SWIFT_STORAGE_FSTYPE=ext4

# To subscribe each server to EPEL enter "y"
CONFIG_USE_EPEL=n

# A comma separated list of URLs to any additional yum repositories
# to install
CONFIG_REPO=

# To subscribe each server with Red Hat subscription manager, include
# this with CONFIG_RH_PW
CONFIG_RH_USER=

# To subscribe each server with Red Hat subscription manager, include
# this with CONFIG_RH_USER
CONFIG_RH_PW=

# To subscribe each server to Red Hat Enterprise Linux 6 Server Beta
# channel (only needed for Preview versions of RHOS) enter "y"
CONFIG_RH_BETA_REPO=n

# To subscribe each server with RHN Satellite,fill Satellite's URL
# here. Note that either satellite's username/password or activtion
# key has to be provided/
CONFIG_SATELLITE_URL=

# Username to access RHN Satellite
CONFIG_SATELLITE_USER=

# Password to access RHN Satellite
CONFIG_SATELLITE_PW=

# Activation key for subscription to RHN Satellite
CONFIG_SATELLITE_AKEY=

# Specify a path or URL to a SSL CA certificate to use
CONFIG_SATELLITE_CACERT=

# If required specify the profile name that should be used as an
# identifier for the system in RHN Satellite
CONFIG_SATELLITE_PROFILE=

# Comma separated list of flags passed to rhnreg_ks. Valid flags are:
# novirtinfo, norhnsd, nopackages
CONFIG_SATELLITE_FLAGS=

# Specify a HTTP proxy to use with RHN Satellite
CONFIG_SATELLITE_PROXY=

# Specify a username to use with an authenticated HTTP proxy
CONFIG_SATELLITE_PROXY_USER=

# Specify a password to use with an authenticated HTTP proxy.
CONFIG_SATELLITE_PROXY_PW=

# The IP address of the server on which to install the Nagios server
CONFIG_NAGIOS_HOST=10.35.160.23

# The password of the nagiosadmin user on the Nagios server
CONFIG_NAGIOS_PW=123456

# The IP address of the server on which to install the Nova Scheduler
# service
CONFIG_NOVA_SCHED_HOST=10.35.160.23

# The overcommitment ratio for virtual to physical CPUs. Set to 1.0
# to disable CPU overcommitment
CONFIG_NOVA_SCHED_CPU_ALLOC_RATIO=16.0

# The overcommitment ratio for virtual to physical RAM. Set to 1.0 to
# disable RAM overcommitment
CONFIG_NOVA_SCHED_RAM_ALLOC_RATIO=1.5
Comment 4 Martin Magr 2013-07-23 12:08:27 EDT
Ah, now I see why it happens. In the time of OS check there is not ssh key set on the server node yet. Ok, will have to move OS check step later in the setup. Thanks for discovering it.
Comment 8 Nir Magnezi 2013-11-13 08:05:20 EST
(In reply to Martin Magr from comment #4)
> Ah, now I see why it happens. In the time of OS check there is not ssh key
> set on the server node yet. Ok, will have to move OS check step later in the
> setup. Thanks for discovering it.

Verified NVR: openstack-packstack-2013.2.1-0.9.dev840.el6ost.noarch

packstack asks for password only once: Setting up ssh keys...root@<IP_ADDRESS>'s password:
Comment 11 errata-xmlrpc 2013-12-19 19:08:05 EST
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHEA-2013-1859.html

Note You need to log in before you can comment on or make changes to this bug.