[kolla][ssl] Deploy third-party SSL for HAProxy

Satish Patel satish.txt at gmail.com
Thu Sep 29 09:32:04 UTC 2022 

Hi Radosław,

Following error encounter if i turn on above 3 lines to implement SSL. if i
remove then the error disappears.
https://paste.opendev.org/show/bOqOAQyqni0nJcWbUuv9/

TASK [nova-cell : Waiting for nova-compute services to register
themselves] ******************************************************************************************************
skipping: [kolla-comp-2]
skipping: [kolla-infra-1]
fatal: [kolla-comp-1 -> kolla-infra-1]: FAILED! => {"msg": "The
conditional check '(nova_compute_services.stdout | from_json |
map(attribute='Host') | list) is
superset(expected_compute_service_hosts)' failed. The error was:
Expecting value: line 1 column 1 (char 0)"}

TASK [nova-cell : Fail if nova-compute service failed to register]
***************************************************************************************************************
fatal: [kolla-comp-2]: FAILED! => {"msg": "The conditional check
'any_failed_services or (nova_compute_registration_fatal | bool and\n
failed_compute_service_hosts | length > 0)' failed. The error was:
error while evaluating conditional (any_failed_services or
(nova_compute_registration_fatal | bool and\n
failed_compute_service_hosts | length > 0)): {{ ansible_facts.nodename
in failed_compute_service_hosts or\n   (ansible_facts.hostname ~
\"-ironic\") in failed_compute_service_hosts }}: {{
expected_compute_service_hosts |
difference(nova_compute_service_hosts) | list }}: {{
hostvars[all_computes_in_batch[0]].nova_compute_services.stdout |\n
from_json |\n   map(attribute='Host') |\n   list }}: Unable to look up
a name or access an attribute in template string ({{
hostvars[all_computes_in_batch[0]].nova_compute_services.stdout |\n
from_json |\n   map(attribute='Host') |\n   list }}).\nMake sure your
variable name does not contain invalid characters like '-': the JSON
object must be str, bytes or bytearray, not AnsibleUndefined\n\nThe
error appears to be in
'/root/venv-kolla/share/kolla-ansible/ansible/roles/nova-cell/tasks/wait_discover_computes.yml':
line 46, column 7, but may\nbe elsewhere in the file depending on the
exact syntax problem.\n\nThe offending line appears to be:\n\n    #
that failed to register.\n    - name: Fail if nova-compute service
failed to register\n      ^ here\n"}
fatal: [kolla-infra-1]: FAILED! => {"msg": "The conditional check
'any_failed_services or (nova_compute_registration_fatal | bool and\n
failed_compute_service_hosts | length > 0)' failed. The error was:
error while evaluating conditional (any_failed_services or
(nova_compute_registration_fatal | bool and\n
failed_compute_service_hosts | length > 0)): {{ ansible_facts.nodename
in failed_compute_service_hosts or\n   (ansible_facts.hostname ~
\"-ironic\") in failed_compute_service_hosts }}: {{
expected_compute_service_hosts |
difference(nova_compute_service_hosts) | list }}: {{
hostvars[all_computes_in_batch[0]].nova_compute_services.stdout |\n
from_json |\n   map(attribute='Host') |\n   list }}: Unable to look up
a name or access an attribute in template string ({{
hostvars[all_computes_in_batch[0]].nova_compute_services.stdout |\n
from_json |\n   map(attribute='Host') |\n   list }}).\nMake sure your
variable name does not contain invalid characters like '-': the JSON
object must be str, bytes or bytearray, not AnsibleUndefined\n\nThe
error appears to be in
'/root/venv-kolla/share/kolla-ansible/ansible/roles/nova-cell/tasks/wait_discover_computes.yml':
line 46, column 7, but may\nbe elsewhere in the file depending on the
exact syntax problem.\n\nThe offending line appears to be:\n\n    #
that failed to register.\n    - name: Fail if nova-compute service
failed to register\n      ^ here\n"}

PLAY RECAP ***********************************************************************************************************************************************************************
kolla-comp-1               : ok=46   changed=9    unreachable=0
failed=1    skipped=14   rescued=0    ignored=0
kolla-comp-2               : ok=42   changed=9    unreachable=0
failed=1    skipped=13   rescued=0    ignored=0
kolla-infra-1              : ok=214  changed=51   unreachable=0
failed=1    skipped=133  rescued=0    ignored=0
localhost                  : ok=4    changed=0    unreachable=0
failed=0    skipped=0    rescued=0    ignored=0

Command failed ansible-playbook -i multinode -e
@/etc/kolla/globals.yml  -e @/etc/kolla/passwords.yml -e
CONFIG_DIR=/etc/kolla  -e kolla_action=deploy
/root/venv-kolla/share/kolla-ansible/ansible/site.yml


On Thu, Sep 29, 2022 at 5:26 AM Radosław Piliszek <
radoslaw.piliszek at gmail.com> wrote:

> On Thu, 29 Sept 2022 at 11:22, Satish Patel <satish.txt at gmail.com> wrote:
> > I did the following in global.yml and ran "deploy" but it stuck
> somewhere in nova. I am looking for errors to find out what happened. Am I
> missing something in the following configuration?
>
> It looks correct at first glance. You need to be more specific about
> the issue at hand. The error message, circumstances...
>
> > kolla_enable_tls_internal: "yes"
> > kolla_certificates_dir: "/etc/kolla/certificates"
> > kolla_internal_fqdn_cert: "{{ kolla_certificates_dir
> }}/my_company_certificate.pem"
> >
> > Is the above going to enable SSL for all communications or just horizon
> web GUI?
>
> All communications via haproxy.
>
> Radek
> -yoctozepto
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.openstack.org/pipermail/openstack-discuss/attachments/20220929/d9b9d305/attachment.htm>

More information about the openstack-discuss mailing list