Kolla-ansible is writing amp_ssh_key from passwords even if user disabled octavia auto configure

Bug #1927727 reported by Michal Arbet
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
kolla-ansible
Fix Released
Medium
Unassigned
Victoria
Fix Committed
Medium
Unassigned
Wallaby
Fix Committed
Medium
Unassigned
Xena
Fix Released
Medium
Unassigned

Bug Description

Hi,

Found a bug in kolla-ansible, k-a is trying to get amp_ssh_key from passwords and write to /etc/kolla/octavia-worker/octavia_ssh_key even if user disabled octavia_auto_configure in globals.

I found the bug by accident, because I was missing octavia_amp_ssh_key.private_key and octavia_amp_ssh_key.public_key **BUT** this should not fail as I set octavia_auto_configure: "no" and ssh key already created in openstack.

Fail :

deploy|TASK [octavia : Copying over Octavia SSH key] **********************************
deploy|fatal: [jenkins-kolla-infrastructure-90-victoria-full-controller0]: FAILED! => {"msg": "The task includes an option with an undefined variable. The error was: 'octavia_amp_ssh_key' is undefined\n\nThe error appears to be in '/opt/kolla-ansible/ansible/roles/octavia/tasks/config.yml': line 91, column 3, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n\n- name: Copying over Octavia SSH key\n ^ here\n"}
deploy|fatal: [jenkins-kolla-infrastructure-90-victoria-full-controller1]: FAILED! => {"msg": "The task includes an option with an undefined variable. The error was: 'octavia_amp_ssh_key' is undefined\n\nThe error appears to be in '/opt/kolla-ansible/ansible/roles/octavia/tasks/config.yml': line 91, column 3, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n\n- name: Copying over Octavia SSH key\n ^ here\n"}
deploy|

This task should run only if octavia_auto_configure: "yes".

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to kolla-ansible (master)
Changed in kolla-ansible:
status: New → In Progress
Mark Goddard (mgoddard)
Changed in kolla-ansible:
importance: Undecided → Medium
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to kolla-ansible (master)

Reviewed: https://review.opendev.org/c/openstack/kolla-ansible/+/790234
Committed: https://opendev.org/openstack/kolla-ansible/commit/41fe771bccd6ba2ad9b19f35af7351a508781d27
Submitter: "Zuul (22348)"
Branch: master

commit 41fe771bccd6ba2ad9b19f35af7351a508781d27
Author: Michal Arbet <email address hidden>
Date: Fri May 7 14:10:46 2021 +0200

    Do not write octavia_amp_ssh_key if auto_config disabled

    This task is writing private key from passwords to
    /etc/kolla/octavia-worker/{{ octavia_amp_ssh_key_name }} even
    if user disabled octavia auto configure.

    This patch is adding conditional for this task and skipping
    it if octavia_auto_configure: "no".

    Closes-Bug: #1927727

    Change-Id: Ib993b387d681921d804f654bea780a1481b2b0d0

Changed in kolla-ansible:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to kolla-ansible (stable/wallaby)

Fix proposed to branch: stable/wallaby
Review: https://review.opendev.org/c/openstack/kolla-ansible/+/790563

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to kolla-ansible (stable/victoria)

Fix proposed to branch: stable/victoria
Review: https://review.opendev.org/c/openstack/kolla-ansible/+/790564

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to kolla-ansible (stable/wallaby)

Reviewed: https://review.opendev.org/c/openstack/kolla-ansible/+/790563
Committed: https://opendev.org/openstack/kolla-ansible/commit/deafe00dd281441581533fc62fa70969ca668929
Submitter: "Zuul (22348)"
Branch: stable/wallaby

commit deafe00dd281441581533fc62fa70969ca668929
Author: Michal Arbet <email address hidden>
Date: Fri May 7 14:10:46 2021 +0200

    Do not write octavia_amp_ssh_key if auto_config disabled

    This task is writing private key from passwords to
    /etc/kolla/octavia-worker/{{ octavia_amp_ssh_key_name }} even
    if user disabled octavia auto configure.

    This patch is adding conditional for this task and skipping
    it if octavia_auto_configure: "no".

    Closes-Bug: #1927727

    Change-Id: Ib993b387d681921d804f654bea780a1481b2b0d0
    (cherry picked from commit 41fe771bccd6ba2ad9b19f35af7351a508781d27)

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to kolla-ansible (stable/victoria)

Reviewed: https://review.opendev.org/c/openstack/kolla-ansible/+/790564
Committed: https://opendev.org/openstack/kolla-ansible/commit/326e15d580bc021bf3bc3370f00612f848f4a7c9
Submitter: "Zuul (22348)"
Branch: stable/victoria

commit 326e15d580bc021bf3bc3370f00612f848f4a7c9
Author: Michal Arbet <email address hidden>
Date: Fri May 7 14:10:46 2021 +0200

    Do not write octavia_amp_ssh_key if auto_config disabled

    This task is writing private key from passwords to
    /etc/kolla/octavia-worker/{{ octavia_amp_ssh_key_name }} even
    if user disabled octavia auto configure.

    This patch is adding conditional for this task and skipping
    it if octavia_auto_configure: "no".

    Closes-Bug: #1927727

    Change-Id: Ib993b387d681921d804f654bea780a1481b2b0d0
    (cherry picked from commit 41fe771bccd6ba2ad9b19f35af7351a508781d27)

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/kolla-ansible 12.0.0.0rc2

This issue was fixed in the openstack/kolla-ansible 12.0.0.0rc2 release candidate.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/kolla-ansible 11.1.0

This issue was fixed in the openstack/kolla-ansible 11.1.0 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/kolla-ansible 13.0.0.0rc1

This issue was fixed in the openstack/kolla-ansible 13.0.0.0rc1 release candidate.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.