Fuel for OpenStack

Change of DNS name for public endpoints after environment reset breaks deploy

Bug #1507361 reported by Eugene Korekin on 2015-10-18

This bug affects 2 people

Affects		Status	Importance	Assigned to	Milestone
	Fuel for OpenStack	Fix Released	High	Maciej Kwiek	Fuel for OpenStack 8.0
	7.0.x	Fix Released	High	Denis Meltsaykin	Fuel for OpenStack 7.0-mu-4

Bug Description

Fuel 7.0:

{"build_id": "301", "build_number": "301", "release_versions": {"2015.1.0-7.0": {"VERSION": {"build_id": "301", "build_number": "301", "api": "1.0", "fuel-library_sha": "5d50055aeca1dd0dc53b43825dc4c8f7780be9dd", "nailgun_sha": "4162b0c15adb425b37608c787944d1983f543aa8", "feature_groups": ["mirantis"], "fuel-nailgun-agent_sha": "d7027952870a35db8dc52f185bb1158cdd3d1ebd", "openstack_version": "2015.1.0-7.0", "fuel-agent_sha": "50e90af6e3d560e9085ff71d2950cfbcca91af67", "production": "docker", "python-fuelclient_sha": "486bde57cda1badb68f915f66c61b544108606f3", "astute_sha": "6c5b73f93e24cc781c809db9159927655ced5012", "fuel-ostf_sha": "2cd967dccd66cfc3a0abd6af9f31e5b4d150a11c", "release": "7.0", "fuelmain_sha": "a65d453215edb0284a2e4761be7a156bb5627677"}}}, "auth_required": true, "api": "1.0", "fuel-library_sha": "5d50055aeca1dd0dc53b43825dc4c8f7780be9dd", "nailgun_sha": "4162b0c15adb425b37608c787944d1983f543aa8", "feature_groups": ["mirantis"], "fuel-nailgun-agent_sha": "d7027952870a35db8dc52f185bb1158cdd3d1ebd", "openstack_version": "2015.1.0-7.0", "fuel-agent_sha": "50e90af6e3d560e9085ff71d2950cfbcca91af67", "production": "docker", "python-fuelclient_sha": "486bde57cda1badb68f915f66c61b544108606f3", "astute_sha": "6c5b73f93e24cc781c809db9159927655ced5012", "fuel-ostf_sha": "2cd967dccd66cfc3a0abd6af9f31e5b4d150a11c", "release": "7.0", "fuelmain_sha": "a65d453215edb0284a2e4761be7a156bb5627677"}

Steps to reproduce:

1) Create the environment with default settings in "Public TLS" section (DNS hostname for public TLS endpoints set to default "public.fuel.local"
2) Deploy environment
3) Reset environment
4) Change DNS hostname for public TLS endpoints to "public.test.local"
5) Try to deploy environment

Deployment will fail with error like:

(/Stage[main]/Heat::Keystone::Auth_cfn/Keystone::Resource::Service_identity[heat-cfn]/Keystone_endpoint[RegionOne/heat-cfn]/ensure) change from absent to present failed: Execution of '/usr/bin/openstack endpoint create --format shell heat-cfn --region RegionOne --publicurl https://public.test.local:8000/v1 --internalurl http://192.168.0.8:8000/v1 --adminurl http://192.168.0.8:8000/v1' returned 1: ERROR: openstack SSL exception connecting to https://public.test.local:5000/v2.0/tokens: hostname 'public.test.local' doesn't match u'public.fuel.local'

Diagnostic snapshot from this fuel master is about 700M, attaching only puppet log from affected controller.

Tags:

Revision history for this message

Eugene Korekin (ekorekin) wrote on 2015-10-18:

puppet.log Edit (5.7 MiB, application/octet-stream)

Bartłomiej Piotrowski (bpiotrowski) on 2015-10-20

Changed in fuel:
assignee:	nobody → Fuel Library Team (fuel-library)
importance:	Undecided → High
milestone:	none → 8.0

Bartłomiej Piotrowski (bpiotrowski) on 2015-10-20

Changed in fuel:
status:	New → Confirmed

Revision history for this message

Matthew Mosesohn (raytrac3r) wrote on 2015-10-21:

Since a user can rename any node after reset, we should clear TLS config on reset env. There's no value in re-using the old cert data because it will not be valid for the new deployment. Passing to fuel-python

Changed in fuel:
assignee:	Fuel Library Team (fuel-library) → Fuel Python Team (fuel-python)

Dmitry Pyzhov (dpyzhov) on 2015-10-22

tags:

added: area-library

Dmitry Pyzhov (dpyzhov) on 2015-10-22

tags:

added: area-python
removed: area-library

Maciej Kwiek (maciej-iai) on 2015-11-05

Changed in fuel:
assignee:	Fuel Python Team (fuel-python) → Maciej Kwiek (maciej-iai)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-11-10: Fix proposed to fuel-library (master)

Fix proposed to branch: master
Review: https://review.openstack.org/243549

Changed in fuel:
status:	Confirmed → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-11-10: Fix proposed to fuel-web (master)

Fix proposed to branch: master
Review: https://review.openstack.org/243591

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-11-16:

Fix proposed to branch: master
Review: https://review.openstack.org/245767

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-11-16: Fix proposed to fuel-astute (master)

Fix proposed to branch: master
Review: https://review.openstack.org/245769

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-11-16: Change abandoned on fuel-library (master)

Change abandoned by Maciej Kwiek (<email address hidden>) on branch: master
Review: https://review.openstack.org/243549
Reason: Sorry guys, I need to abandon this change, this task cannot be in library, because I have no means to access it from nailgun or astute outside of deployment graph (I was not aware of that). Thanks for reviews!

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-11-16: Change abandoned on fuel-web (master)

Change abandoned by Maciej Kwiek (<email address hidden>) on branch: master
Review: https://review.openstack.org/243591
Reason: This task won't be in library, so it won't need a serializer.

Dmitry Pyzhov (dpyzhov) on 2015-11-20

tags:

added: team-bugfix

Dmitry Belyaninov (dbelyaninov) on 2015-11-30

tags:

added: on-verification

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-11-30: Change abandoned on fuel-astute (master)

Change abandoned by Maciej Kwiek (<email address hidden>) on branch: master
Review: https://review.openstack.org/245769
Reason: https://review.openstack.org/#/c/245767/ doesn't use this astute change anymore. Abandoning

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-12-01: Fix merged to fuel-web (master)

#10

Reviewed: https://review.openstack.org/245767
Committed: https://git.openstack.org/cgit/openstack/fuel-web/commit/?id=0446b99f10ea8453054a4ba46560bad8f2abc315
Submitter: Jenkins
Branch: master

commit 0446b99f10ea8453054a4ba46560bad8f2abc315
Author: Maciej Kwiek <email address hidden>
Date: Mon Nov 16 14:44:40 2015 +0100

Send ssh and ssl data removal task with reset task

    The additional task is sent by manager to 'naily' rpc queue in similar
    way that provision and deployment task are casted to ensure the order of
    execution.

Change-Id: I5204a258ac0f00cf9184bd4903ff82c13e68de6a
Closes-bug: #1507361

Changed in fuel:
status:	In Progress → Fix Committed

Revision history for this message

Dmitry Belyaninov (dbelyaninov) wrote on 2015-12-07:

#11

Verified on ISO #241.
Environment created by dos.py script.
Env was deployed after changing DNS hostname for public TLS endpoints
VERSION:
  feature_groups:
    - mirantis
  production: "docker"
  release: "8.0"
  openstack_version: "2015.1.0-8.0"
  api: "1.0"
  build_number: "241"
  build_id: "241"
  fuel-nailgun_sha: "f47112b607d88ce55e5379a2356035cbee58b83f"
  python-fuelclient_sha: "91474bd8c526f4f536ab13368feb4a5c1b84d185"
  fuel-agent_sha: "820abc51714e2aa47b77d3f3b8787f41dad85b16"
  fuel-nailgun-agent_sha: "a33a58d378c117c0f509b0e7badc6f0910364154"
  astute_sha: "b60624ee2c5f1d6d805619b6c27965a973508da1"
  fuel-library_sha: "5ce49d7259d16c2fd118088e7795aef99d626812"
  fuel-ostf_sha: "a98973482f839554d90cc1c071d625a01e018cfe"
  fuel-createmirror_sha: "6daaf71bd78120461ae31561aeda777f40ca8653"
  fuelmenu_sha: "fcb15df4fd1a790b17dd78cf675c11c279040941"
  shotgun_sha: "25a0cc461a9fa4f7684f04cef0ff4ad9aa99a64d"
  network-checker_sha: "a3534f8885246afb15609c54f91d3b23d599a5b1"
  fuel-upgrade_sha: "1e894e26d4e1423a9b0d66abd6a79505f4175ff6"
  fuelmain_sha: "da9e5722836d21bf4b93d591c6fddba9f3bcde5e"

tags:

removed: on-verification

Dmitry Belyaninov (dbelyaninov) on 2015-12-17

Changed in fuel:
status:	Fix Committed → Fix Released

Evgeniya Shumakher (eshumakher) on 2016-03-26

tags:

added: customer-found

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-04-05: Fix proposed to fuel-web (stable/7.0)

#12

Fix proposed to branch: stable/7.0
Review: https://review.openstack.org/301813

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-05-16: Fix merged to fuel-web (stable/7.0)

#13

Reviewed: https://review.openstack.org/301813
Committed: https://git.openstack.org/cgit/openstack/fuel-web/commit/?id=fb491402d972abdb801ff768c6bef308d6130b6c
Submitter: Jenkins
Branch: stable/7.0

commit fb491402d972abdb801ff768c6bef308d6130b6c
Author: Maciej Kwiek <email address hidden>
Date: Mon Nov 16 14:44:40 2015 +0100

Send ssh and ssl data removal task with reset task

    The additional task is sent by manager to 'naily' rpc queue in similar
    way that provision and deployment task are casted to ensure the order of
    execution.

    Change-Id: I5204a258ac0f00cf9184bd4903ff82c13e68de6a
    Closes-bug: #1507361
    (cherry picked from commit 0446b99f10ea8453054a4ba46560bad8f2abc315)

Ekaterina Shutova (eshutova) on 2016-05-27

tags:

added: on-verification

Revision history for this message

Ekaterina Shutova (eshutova) wrote on 2016-05-31:

#14

Verified on MOS 7.0 + MU4 updates

Used steps to reproduce from description.

tags:

removed: on-verification

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Bug attachments

puppet.log Edit

Add attachment

Remote bug watches

Bug watches keep track of this bug in other bug trackers.