puppet-keystone

Invalid tag '-keystone_wsgi.conf' after upgrade to 2023.2

Bug #2054306 reported by Francesco Di Nucci on 2024-02-19

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	puppet-keystone	Fix Released	Medium	Takashi Kajinami

Bug Description

Switched from 2023.1 to 2023.2, keystone setup fails with the error:

Error: Could not retrieve catalog from remote server: Error 500 on SERVER: Server Error: Evaluation Error: Error while evaluating a Resource Statement, Invalid tag '-keystone_wsgi.conf' (file: /etc/puppetlabs/code/environments/development/modules/concat/manifests/fragment.pp, line: 39) (file: /etc/puppetlabs/code/environments/development/modules/keystone/manifests/federation/openidc.pp, line: 219) on node keystone.example.com
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run

Even if keystone::wsgi::apache::priority is defined in the appropriate EYAML (tried keystone::wsgi::apache::priority: "10" / keystone::wsgi::apache::priority: 10 / keystone::wsgi::apache::priority: '10'), it looks like it is not evaluated

Interested line: https://github.com/openstack/puppet-keystone/blob/cf6b06dba274ca0a00f7eb353e2da57f0b6273ce/manifests/federation/openidc.pp#L219

Same manifests/YAML/EYAML work with 2023.1, just changed the Puppetfile

See original description

Francesco Di Nucci (d1nuc0m) on 2024-02-19

description:

updated

Revision history for this message

Takashi Kajinami (kajinamit) wrote on 2024-02-19:

Please check if keystone::wsgi::apache is included in your manifest BEFORE keystone::federation::openidc. We probably have to add a check to ensure the first class is already loaded when the 2nd class is loaded.

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2024-02-19: Related fix proposed to puppet-keystone (master)

Related fix proposed to branch: master
Review: https://review.opendev.org/c/openstack/puppet-keystone/+/909447

Revision history for this message

Takashi Kajinami (kajinamit) wrote on 2024-02-19:

I've checked the current latest content of stable/2023.1 but could not find the exact change which may cause the issue only in stable/2023.2. That's strange.

Revision history for this message

Francesco Di Nucci (d1nuc0m) wrote on 2024-02-19:

> check if keystone::wsgi::apache is included in your manifest BEFORE keystone::federation::openidc

This solved it, changed

include ::keystone
include ::keystone::federation
include ::keystone::federation::openidc
include ::apache
include ::keystone::wsgi::apache

to
include ::keystone
include ::keystone::wsgi::apache
include ::keystone::federation
include ::keystone::federation::openidc
include ::apache

And now it works

I agree that is strange, maybe somehow the classes were loaded in the correct order because of luck?

Revision history for this message

Takashi Kajinami (kajinamit) wrote on 2024-02-19 (last edit on 2024-02-19):

Quick grep doesn't show any other manifest file including wsgi::apache so I have no clear idea.

I'll use this bug to track the change to add an appropriate validation so that we show more sensible error instead of wired result.

OpenStack Infra (hudson-openstack) on 2024-02-19

Changed in puppet-keystone:
status:	New → In Progress

Takashi Kajinami (kajinamit) on 2024-02-19

Changed in puppet-keystone:
importance:	Undecided → Medium
assignee:	nobody → Takashi Kajinami (kajinamit)

Revision history for this message

Francesco Di Nucci (d1nuc0m) wrote on 2024-02-19:

Maybe this is related:
https://bugs.launchpad.net/puppet-keystone/+bug/2054308

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2024-02-24: Fix merged to puppet-keystone (master)

Reviewed: https://review.opendev.org/c/openstack/puppet-keystone/+/909447
Committed: https://opendev.org/openstack/puppet-keystone/commit/2cc0bfdc74b4341beedaebd1bf8fe58a0f483b05
Submitter: "Zuul (22348)"
Branch: master

commit 2cc0bfdc74b4341beedaebd1bf8fe58a0f483b05
Author: Takashi Kajinami <email address hidden>
Date: Mon Feb 19 21:52:09 2024 +0900

federation: Ensure keyston::wsgi::apache is loaded

... otherwise the reference to keystone::wsgi::apache::priority fails.

Closes-Bug: #2054306
Change-Id: If33a0f50a071157314bbac820ce13dbd79bc9d3e

Changed in puppet-keystone:
status:	In Progress → Fix Released

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2024-04-18: Fix included in openstack/puppet-keystone 24.0.0

This issue was fixed in the openstack/puppet-keystone 24.0.0 release.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.