Hi – The ansible command to test the DB hits the Galera container directly, while the Ansible playbooks are likely using the VIP managed by HAproxy. I suspect that HAproxy has not started properly or is otherwise not serving traffic directed toward the internal_lb_vip_address. My suggestion at the moment is to check out the logs on the haproxy node to see if it’s working properly, and try testing connectivity from the deploy node via 172.29.236.101:3306. The haproxy logs will likely provide some insight here. -- James Denton Principal Architect Rackspace Private Cloud - OpenStack james.denton@rackspace.com From: jmarcelo.alencar@gmail.com <jmarcelo.alencar@gmail.com> Date: Friday, January 20, 2023 at 6:45 AM To: openstack-discuss@lists.openstack.org <openstack-discuss@lists.openstack.org> Subject: [openstack-ansible] Installing OpenStack with Ansible fails during Keystone playbook on TASK openstack.osa.db_setup CAUTION: This message originated externally, please use caution when clicking on links or opening attachments! Hello Community, I am trying to create a two machine deployment following Openstack Ansible Deployment Guide (https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.openstack.org%2Fproject-deploy-guide%2Fopenstack-ansible%2Flatest%2F&data=05%7C01%7Cjames.denton%40rackspace.com%7C2030b246126f4b053abd08dafae42aba%7C570057f473ef41c8bcbb08db2fc15c2b%7C0%7C0%7C638098155124685217%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=jBqnF439N%2BD4e05ZoWzz11rMrtu1gxA7fxYStBnRXnw%3D&reserved=0). The two machines are named targethost01 and targethost02, and I am running Ansible from deploymenthost. Every machine has 4-Core CPUs, 8 GB of RAM, and 240 GB SSD. I am using Ubuntu 22.04.1 LTS. The machine targethost01 has the following network configuration: network: version: 2 ethernets: enp5s0: dhcp4: true enp6s0: {} enp7s0: {} enp8s0: {} enp9s0: {} vlans: vlan.10: id: 10 link: enp6s0 addresses: [ ] vlan.20: id: 20 link: enp7s0 addresses: [ ] vlan.30: id: 30 link: enp8s0 addresses: [ ] vlan.40: id: 40 link: enp9s0 addresses: [ ] bridges: br-mgmt: addresses: [ 172.29.236.101/22 ] mtu: 1500 interfaces: - vlan.10 br-storage: addresses: [ 172.29.244.101/22 ] mtu: 1500 interfaces: - vlan.20 br-vlan: addresses: [] mtu: 1500 interfaces: - vlan.30 br-vxlan: addresses: [ 172.29.240.101/22 ] mtu: 1500 interfaces: - vlan.40 And targethost02 has the following network configuration: network: version: 2 ethernets: enp5s0: dhcp4: true enp6s0: {} enp7s0: {} enp8s0: {} enp9s0: {} vlans: vlan.10: id: 10 link: enp6s0 addresses: [ ] vlan.20: id: 20 link: enp7s0 addresses: [ ] vlan.30: id: 30 link: enp8s0 addresses: [ ] vlan.40: id: 40 link: enp9s0 addresses: [ ] bridges: br-mgmt: addresses: [ 172.29.236.102/22 ] mtu: 1500 interfaces: - vlan.10 br-storage: addresses: [ 172.29.244.102/22 ] mtu: 1500 interfaces: - vlan.20 br-vlan: addresses: [] mtu: 1500 interfaces: - vlan.30 br-vxlan: addresses: [ 172.29.240.102/22 ] mtu: 1500 interfaces: - vlan.40 On the deploymenthost, /etc/openstack_deploy/openstack_user_config.yml has the following: --- cidr_networks: container: 172.29.236.0/22 tunnel: 172.29.240.0/22 storage: 172.29.244.0/22 used_ips: - 172.29.236.1 - "172.29.236.100,172.29.236.200" - "172.29.240.100,172.29.240.200" - "172.29.244.100,172.29.244.200" global_overrides: internal_lb_vip_address: 172.29.236.101 external_lb_vip_address: "{{ bootstrap_host_public_address | default(ansible_facts['default_ipv4']['address']) }}" management_bridge: "br-mgmt" provider_networks: - network: group_binds: - all_containers - hosts type: "raw" container_bridge: "br-mgmt" container_interface: "eth1" container_type: "veth" ip_from_q: "container" is_container_address: true - network: group_binds: - glance_api - cinder_api - cinder_volume - nova_compute type: "raw" container_bridge: "br-storage" container_type: "veth" container_interface: "eth2" container_mtu: "9000" ip_from_q: "storage" - network: group_binds: - neutron_linuxbridge_agent container_bridge: "br-vxlan" container_type: "veth" container_interface: "eth10" container_mtu: "9000" ip_from_q: "tunnel" type: "vxlan" range: "1:1000" net_name: "vxlan" - network: group_binds: - neutron_linuxbridge_agent container_bridge: "br-vlan" container_type: "veth" container_interface: "eth11" type: "vlan" range: "101:200,301:400" net_name: "vlan" - network: group_binds: - neutron_linuxbridge_agent container_bridge: "br-vlan" container_type: "veth" container_interface: "eth12" host_bind_override: "eth12" type: "flat" net_name: "flat" shared-infra_hosts: targethost01: ip: 172.29.236.101 repo-infra_hosts: targethost01: ip: 172.29.236.101 coordination_hosts: targethost01: ip: 172.29.236.101 os-infra_hosts: targethost01: ip: 172.29.236.101 identity_hosts: targethost01: ip: 172.29.236.101 network_hosts: targethost01: ip: 172.29.236.101 compute_hosts: targethost01: ip: 172.29.236.101 targethost02: ip: 172.29.236.102 storage-infra_hosts: targethost01: ip: 172.29.236.101 storage_hosts: targethost01: ip: 172.29.236.101 Also on the deploymenthost, /etc/openstack_deploy/conf.d/haproxy.yml has the following: haproxy_hosts: targethost01: ip: 172.29.236.101 At the Run Playbooks step of the guide, the following two Ansible commands return with unreachable=0 failed=0: # openstack-ansible setup-hosts.yml # openstack-ansible setup-infrastructure.yml And verifying the database also returns no error: root@deploymenthost:/opt/openstack-ansible/playbooks# ansible galera_container -m shell \ -a "mysql -h localhost -e 'show status like \"%wsrep_cluster_%\";'" Variable files: "-e @/etc/openstack_deploy/user_secrets.yml -e @/etc/openstack_deploy/user_variables.yml " [WARNING]: Unable to parse /etc/openstack_deploy/inventory.ini as an inventory source targethost01_galera_container-5aa8474a | CHANGED | rc=0 >> Variable_name Value wsrep_cluster_weight 1 wsrep_cluster_capabilities wsrep_cluster_conf_id 1 wsrep_cluster_size 1 wsrep_cluster_state_uuid e7a0c332-97fe-11ed-b0d4-26b30049826d wsrep_cluster_status Primary But when I execute openstack-ansible setup-openstack.yml, I get this: TASK [os_keystone : Fact for apache module mod_auth_openidc to be installed] *** ok: [targethost01_keystone_container-76e9b31b] TASK [include_role : openstack.osa.db_setup] *********************************** TASK [openstack.osa.db_setup : Create database for service] ******************** failed: [targethost01_keystone_container-76e9b31b -> targethost01_utility_container-dc05dc90(172.29.238.59)] (item=None) => {"censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false} fatal: [targethost01_keystone_container-76e9b31b -> {{ _oslodb_setup_host }}]: FAILED! => {"censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false} PLAY RECAP ********************************************************************* targethost01_keystone_container-76e9b31b : ok=33 changed=0 unreachable=0 failed=1 skipped=8 rescued=0 ignored=0 targethost01_utility_container-dc05dc90 : ok=3 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 EXIT NOTICE [Playbook execution failure] ************************************** =============================================================================== First, how can I disable the "censored" warning? I wonder if the uncensored running could give me more clues. Second, it appears to be a problem creating the database (keystone db sync?) How can I test the database execution inside the LXC containers? I tried to log into one of the containers and ping the hosts IP and it works, so they have connectivity. I set up the passwords with: # cd /opt/openstack-ansible # ./scripts/pw-token-gen.py --file /etc/openstack_deploy/user_secrets.yml Any help? Best Regards. -- __________________________________ João Marcelo Uchôa de Alencar jmarcelo.alencar(at)gmail.com __________________________________