kolla-ansible

When generating certificates, the wrong path is used in the defaults file

Bug #1821805 reported by James Bagwell on 2019-03-26

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	kolla-ansible	Fix Released	Undecided	James Bagwell

Bug Description

When using the 'kolla-ansible certificates' command to generate tls certificates, we encounter the following error:

TASK [certificates : Setting permissions on key] *********************************************************************************************************************************************************
Tuesday 26 March 2019 20:29:03 +0000 (0:00:00.620) 0:00:09.874 *********
fatal: [localhost]: FAILED! => {"changed": false, "msg": "file (/etc/kolla/certificatescertificates/private/haproxy.key) is absent, cannot continue", "path": "/etc/kolla/certificatescertificates/private
/haproxy.key", "state": "absent"}

NO MORE HOSTS LEFT ***************************************************************************************************************************************************************************************
to retry, use: --limit @/home/stack/.ansible-retry/certificates.retry

PLAY RECAP ***********************************************************************************************************************************************************************************************
localhost : ok=5 changed=0 unreachable=0 failed=1

Upon inspection of the following file:
ansible/roles/certificates/tasks/generate.yml . specifically in the setting permissions on key' task, The 'Setting
permissions on Key' task has a path of '{{ certificates_dir
}}/certificates/private/haproxy.key which is incorrect.
---
# Directory on deploy node (localhost) in which certificates are generated.
certificates_dir: "{{ node_config }}/certificates"

It seems as though the "certificates" is not needed as {{ node_config }} is already defined with this path. This leads to a wrong path as seen in the error above:

"/etc/kolla/certificatescertificates/private/haproxy.key"

Removing the certificates directory from the generate.yaml 'Setting permissions on key' task, and rerunning the 'kolla-ansible certificates' returns successfully now. Tested a deployment using these certificates which also was successful.

See original description

James Bagwell (jimbagwell) on 2019-03-26

Changed in kolla-ansible:
assignee:	nobody → James Bagwell (jimbagwell)
status:	New → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-03-26: Fix proposed to kolla-ansible (master)

Fix proposed to branch: master
Review: https://review.openstack.org/647933

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-03-27: Change abandoned on kolla-ansible (master)

Change abandoned by James Bagwell (<email address hidden>) on branch: master
Review: https://review.openstack.org/647933
Reason: Abandoning as this was incorrect - will generate a new one with the correct fix.

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-03-27: Fix proposed to kolla-ansible (master)

Fix proposed to branch: master
Review: https://review.openstack.org/648162

James Bagwell (jimbagwell) on 2019-03-27

description:

updated

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-03-27: Fix merged to kolla-ansible (master)

Reviewed: https://review.openstack.org/648162
Committed: https://git.openstack.org/cgit/openstack/kolla-ansible/commit/?id=c0a3970e36ac11901f740905d7183ce93f2b3949
Submitter: Zuul
Branch: master

commit c0a3970e36ac11901f740905d7183ce93f2b3949
Author: jamesbagwell <email address hidden>
Date: Wed Mar 27 09:26:58 2019 -0600

Removing '/certificates' entry in generate.yml as this causes an
incorrect path when generating certificates.

    The 'setting permissions on key' task fails because the task looks for
    the haproxy.key in an invalid path. The certificates_dir is defined as
    '{{ node_config }}/certificates' in the main.yml . The 'Setting
    permissions on Key' task has a path of '{{ certificates_dir
    }}/certificates/private/haproxy.key which is incorrect. Removing the
    'certificates' in the path corrects this problem and allows the user to
    successfully create certificates using 'kolla-ansible certificates'.

Change-Id: I37b10b994b05d955b6f67c908df1472231a91160
Closes-Bug: 1821805

Changed in kolla-ansible:
status:	In Progress → Fix Released

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-04-05: Fix included in openstack/kolla-ansible 8.0.0.0rc1

This issue was fixed in the openstack/kolla-ansible 8.0.0.0rc1 release candidate.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.