red hat integration with ceph error
hi,
anybody see this error before, while integrating red hat open stack with ubuntu ceph
overcloud-computeids-2 | error={"ansible_job_id": "34 6042025410.662459", "attempts": 2, "changed": false, "finished": 1, "msg": "Paunch failed with config_id tripleo_step4", "rc": 1, "stderr": "Error executing ['podman', 'container', 'exists' , 'nova_libvirt_init_secret']: returned 1\nDid not find container with "['podman', 'ps', '-a', '--filter', 'label=container_name=nova_libvirt_init_secret', '--filter', 'label=config_id=tri pleo_step4', '--format', '{{.Names}}']" - retrying without config_id\nDid not find container with "['podman', 'ps', '-a', '--filter', 'label=container_name=nova_libvirt_init_secret', '--f ormat', '{{.Names}}']"\nError executing ['podman', 'run', '--name', 'nova_libvirt_init_secret', '--label', 'config_id=tripleo_step4', '--label', 'container_name=nova_libvirt_init_secret', '--label', 'managed_by=tripleo-Computeids', '--label', 'config_data={"command": ["/bin/bash", "-c", "/usr/bin/virsh secret-define --file /etc/nova/secret.xml && SECRET_UUID=$(fgrep \ \\"fsid = \\" /etc/ceph/ceph.conf | cut -d \\" \\" -f 3) && test -n \\"$SECRET_UUID\\" && SECRET_KEY=$(fgrep \\"key = \\" /etc/ceph/ceph.client.openstack.keyring | cu t -d \\" \\" -f 3) && test -n \\"$SECRET_KEY\\" && /usr/bin/virsh secret-set-value --secret $SECRET_UUID --base64 $SECRET_KEY\\n"], "detach": false, "image": "192.168.0. 1:8787/rhosp-rhel8/openstack-nova-libvirt:16.2", "net": "host", "privileged": false, "security_opt": "label=disable", "user": "root", "volumes": ["/etc/hosts:/etc/hosts:ro ", "/etc/localtime:/etc/localtime:ro", "/etc/pki/ca-trust/extracted:/etc/pki/ca-trust/extracted:ro", "/etc/pki/ca-trust/source/anchors:/etc/pki/ca-trust/source/anchors:ro", "/etc/pk i/tls/certs/ca-bundle.crt:/etc/pki/tls/certs/ca-bundle.crt:ro", "/etc/pki/tls/certs/ca-bundle.trust.crt:/etc/pki/tls/certs/ca-bundle.trust.crt:ro", "/etc/pki/tls/cert.pem:/etc/pki/tls/c ert.pem:ro", "/dev/log:/dev/log", "/etc/puppet:/etc/puppet:ro", "/var/lib/config-data/puppet-generated/nova_libvirt/etc/nova:/etc/nova:ro", "/etc/ceph:/etc/ceph:ro", "/etc/libvirt :/etc/libvirt", "/var/run/libvirt:/var/run/libvirt:shared,z", "/var/lib/libvirt:/var/lib/libvirt:shared"], "environment": {"TRIPLEO_CONFIG_HASH": "f780b2585d2cb2edc5954608158cf938 "}}', '--conmon-pidfile=/var/run/nova_libvirt_init_secret.pid', '--log-driver', 'k8s-file', '--log-opt', 'path=/var/log/containers/stdouts/nova_libvirt_init_secret.log', '--env=TRIPLEO_CON
regards Adivya Sungh
On Thu, Apr 25, 2024 at 9:35 AM Adivya Singh adivya1.singh@gmail.com wrote:
hi,
anybody see this error before, while integrating red hat open stack with ubuntu ceph
overcloud-computeids-2 | error={"ansible_job_id": "34 6042025410.662459", "attempts": 2, "changed": false, "finished": 1, "msg": "Paunch failed with config_id tripleo_step4", "rc": 1, "stderr": "Error executing ['podman', 'container', 'exists' , 'nova_libvirt_init_secret']: returned 1\nDid not find container with "['podman', 'ps', '-a', '--filter', 'label=container_name=nova_libvirt_init_secret', '--filter', 'label=config_id=tri pleo_step4', '--format', '{{.Names}}']" - retrying without config_id\nDid not find container with "['podman', 'ps', '-a', '--filter', 'label=container_name=nova_libvirt_init_secret', '--f ormat', '{{.Names}}']"\nError executing ['podman', 'run', '--name', 'nova_libvirt_init_secret', '--label', 'config_id=tripleo_step4', '--label', 'container_name=nova_libvirt_init_secret', '--label', 'managed_by=tripleo-Computeids', '--label', 'config_data={"command": ["/bin/bash", "-c", "/usr/bin/virsh secret-define --file /etc/nova/secret.xml && SECRET_UUID=$(fgrep \ \\"fsid = \\" /etc/ceph/ceph.conf | cut -d \\" \\" -f 3) && test -n \\"$SECRET_UUID\\" && SECRET_KEY=$(fgrep \\"key = \\" /etc/ceph/ceph.client.openstack.keyring | cu t -d \\" \\" -f 3) && test -n \\"$SECRET_KEY\\" && /usr/bin/virsh secret-set-value --secret $SECRET_UUID --base64 $SECRET_KEY\\n"], "detach": false, "image": "192.168.0. 1:8787/rhosp-rhel8/openstack-nova-libvirt:16.2", "net": "host", "privileged": false, "security_opt": "label=disable", "user": "root", "volumes": ["/etc/hosts:/etc/hosts:ro ", "/etc/localtime:/etc/localtime:ro", "/etc/pki/ca-trust/extracted:/etc/pki/ca-trust/extracted:ro", "/etc/pki/ca-trust/source/anchors:/etc/pki/ca-trust/source/anchors:ro", "/etc/pk i/tls/certs/ca-bundle.crt:/etc/pki/tls/certs/ca-bundle.crt:ro", "/etc/pki/tls/certs/ca-bundle.trust.crt:/etc/pki/tls/certs/ca-bundle.trust.crt:ro", "/etc/pki/tls/cert.pem:/etc/pki/tls/c ert.pem:ro", "/dev/log:/dev/log", "/etc/puppet:/etc/puppet:ro", "/var/lib/config-data/puppet-generated/nova_libvirt/etc/nova:/etc/nova:ro", "/etc/ceph:/etc/ceph:ro", "/etc/libvirt :/etc/libvirt", "/var/run/libvirt:/var/run/libvirt:shared,z", "/var/lib/libvirt:/var/lib/libvirt:shared"], "environment": {"TRIPLEO_CONFIG_HASH": "f780b2585d2cb2edc5954608158cf938 "}}', '--conmon-pidfile=/var/run/nova_libvirt_init_secret.pid', '--log-driver', 'k8s-file', '--log-opt', 'path=/var/log/containers/stdouts/nova_libvirt_init_secret.log', '--env=TRIPLEO_CON
The tripleo_nova_libvirt ansible role is running the libvirt commands, with an already existing cephx key, described here:
https://docs.ceph.com/en/latest/rbd/rbd-openstack/#setup-ceph-client-authent...
It is trying to run these commands inside the container nova_libvirt_init_secret but it cannot find it.
SSH into overcloud-computeids-2 to debug. Looks like you're using an older version which used paunch to interface with the containers.
https://docs.openstack.org/project-deploy-guide/tripleo-docs/zed/deployment/...
If this bit of ansible is able to do its job correctly, then it should create the libvirt secret and you should see something like this:
[stack@centos standalone]$ sudo podman exec -ti nova_compute /bin/bash bash-5.1$ ls /etc/ceph/ ceph.conf ceph.openstack.keyring rbdmap bash-5.1$
bash-5.1$ cat /etc/nova/secret.xml <secret ephemeral='no' private='no'> <usage type='ceph'> <name>client.openstack secret</name> </usage> <uuid>604c9994-1d82-11ed-8ae5-5254003d6107</uuid> </secret> bash-5.1$
John
regards Adivya Sungh
participants (2)
-
Adivya Singh
-
John Fulton