<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=Windows-1252">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
        {font-family:"Cambria Math";
        panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0in;
        font-size:10.0pt;
        font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:blue;
        text-decoration:underline;}
span.EmailStyle19
        {mso-style-type:personal-reply;
        font-family:"Calibri",sans-serif;
        color:windowtext;}
.MsoChpDefault
        {mso-style-type:export-only;
        font-size:10.0pt;}
@page WordSection1
        {size:8.5in 11.0in;
        margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
        {page:WordSection1;}
--></style>
</head>
<body lang="EN-US" link="blue" vlink="purple" style="word-wrap:break-word">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt">Hi –<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">The ansible command to test the DB hits the Galera container directly, while the Ansible playbooks are likely using the VIP managed by HAproxy. I suspect that HAproxy has not started properly or is otherwise
 not serving traffic directed toward the </span><span style="font-size:11.0pt">internal_lb_vip_address.</span><span style="font-size:11.0pt"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">My suggestion at the moment is to check out the logs on the haproxy node to see if it’s working properly, and try testing connectivity from the deploy node via
</span><span style="font-size:11.0pt">172.29.236.101:3306. The haproxy logs will likely provide some insight here.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<div>
<div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt">-- <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt">James Denton<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">Principal Architect<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">Rackspace Private Cloud - OpenStack<o:p></o:p></span></p>
</div>
</div>
</div>
<p class="MsoNormal"><span style="font-size:11.0pt">james.denton@rackspace.com</span><span style="font-size:11.0pt"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal" style="margin-bottom:12.0pt"><b><span style="font-size:12.0pt;color:black">From:
</span></b><span style="font-size:12.0pt;color:black">jmarcelo.alencar@gmail.com <jmarcelo.alencar@gmail.com><br>
<b>Date: </b>Friday, January 20, 2023 at 6:45 AM<br>
<b>To: </b>openstack-discuss@lists.openstack.org <openstack-discuss@lists.openstack.org><br>
<b>Subject: </b>[openstack-ansible] Installing OpenStack with Ansible fails during Keystone playbook on TASK openstack.osa.db_setup<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><span style="font-size:11.0pt">CAUTION: This message originated externally, please use caution when clicking on links or opening attachments!<br>
<br>
<br>
Hello Community,<br>
<br>
I am trying to create a two machine deployment following Openstack<br>
Ansible Deployment Guide<br>
(<a href="https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.openstack.org%2Fproject-deploy-guide%2Fopenstack-ansible%2Flatest%2F&data=05%7C01%7Cjames.denton%40rackspace.com%7C2030b246126f4b053abd08dafae42aba%7C570057f473ef41c8bcbb08db2fc15c2b%7C0%7C0%7C638098155124685217%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=jBqnF439N%2BD4e05ZoWzz11rMrtu1gxA7fxYStBnRXnw%3D&reserved=0">https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.openstack.org%2Fproject-deploy-guide%2Fopenstack-ansible%2Flatest%2F&data=05%7C01%7Cjames.denton%40rackspace.com%7C2030b246126f4b053abd08dafae42aba%7C570057f473ef41c8bcbb08db2fc15c2b%7C0%7C0%7C638098155124685217%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=jBqnF439N%2BD4e05ZoWzz11rMrtu1gxA7fxYStBnRXnw%3D&reserved=0</a>).<br>
The two machines are named targethost01 and targethost02, and I am<br>
running Ansible from deploymenthost. Every machine has 4-Core CPUs, 8<br>
GB of RAM, and 240 GB SSD. I am using Ubuntu 22.04.1 LTS.<br>
<br>
The machine targethost01 has the following network configuration:<br>
<br>
network:<br>
  version: 2<br>
  ethernets:<br>
    enp5s0:<br>
      dhcp4: true<br>
    enp6s0: {}<br>
    enp7s0: {}<br>
    enp8s0: {}<br>
    enp9s0: {}<br>
  vlans:<br>
    vlan.10:<br>
        id: 10<br>
        link: enp6s0<br>
        addresses: [ ]<br>
    vlan.20:<br>
        id: 20<br>
        link: enp7s0<br>
        addresses: [ ]<br>
    vlan.30:<br>
        id: 30<br>
        link: enp8s0<br>
        addresses: [ ]<br>
    vlan.40:<br>
        id: 40<br>
        link: enp9s0<br>
        addresses: [ ]<br>
  bridges:<br>
    br-mgmt:<br>
      addresses: [ 172.29.236.101/22  ]<br>
      mtu: 1500<br>
      interfaces:<br>
        - vlan.10<br>
    br-storage:<br>
      addresses: [ 172.29.244.101/22  ]<br>
      mtu: 1500<br>
      interfaces:<br>
        - vlan.20<br>
    br-vlan:<br>
      addresses: []<br>
      mtu: 1500<br>
      interfaces:<br>
        - vlan.30<br>
    br-vxlan:<br>
      addresses: [ 172.29.240.101/22  ]<br>
      mtu: 1500<br>
      interfaces:<br>
        - vlan.40<br>
<br>
<br>
And targethost02 has the following network configuration:<br>
<br>
<br>
network:<br>
  version: 2<br>
  ethernets:<br>
    enp5s0:<br>
      dhcp4: true<br>
    enp6s0: {}<br>
    enp7s0: {}<br>
    enp8s0: {}<br>
    enp9s0: {}<br>
  vlans:<br>
    vlan.10:<br>
        id: 10<br>
        link: enp6s0<br>
        addresses: [ ]<br>
    vlan.20:<br>
        id: 20<br>
        link: enp7s0<br>
        addresses: [ ]<br>
    vlan.30:<br>
        id: 30<br>
        link: enp8s0<br>
        addresses: [ ]<br>
    vlan.40:<br>
        id: 40<br>
        link: enp9s0<br>
        addresses: [ ]<br>
  bridges:<br>
    br-mgmt:<br>
      addresses: [ 172.29.236.102/22  ]<br>
      mtu: 1500<br>
      interfaces:<br>
        - vlan.10<br>
    br-storage:<br>
      addresses: [ 172.29.244.102/22  ]<br>
      mtu: 1500<br>
      interfaces:<br>
        - vlan.20<br>
    br-vlan:<br>
      addresses: []<br>
      mtu: 1500<br>
      interfaces:<br>
        - vlan.30<br>
    br-vxlan:<br>
      addresses: [ 172.29.240.102/22  ]<br>
      mtu: 1500<br>
      interfaces:<br>
        - vlan.40<br>
<br>
<br>
On the deploymenthost, /etc/openstack_deploy/openstack_user_config.yml<br>
has the following:<br>
<br>
<br>
---<br>
cidr_networks:<br>
   container: 172.29.236.0/22<br>
   tunnel: 172.29.240.0/22<br>
   storage: 172.29.244.0/22<br>
used_ips:<br>
   - 172.29.236.1<br>
   - "172.29.236.100,172.29.236.200"<br>
   - "172.29.240.100,172.29.240.200"<br>
   - "172.29.244.100,172.29.244.200"<br>
global_overrides:<br>
  internal_lb_vip_address: 172.29.236.101<br>
  external_lb_vip_address: "{{ bootstrap_host_public_address |<br>
default(ansible_facts['default_ipv4']['address']) }}"<br>
  management_bridge: "br-mgmt"<br>
  provider_networks:<br>
    - network:<br>
        group_binds:<br>
          - all_containers<br>
          - hosts<br>
        type: "raw"<br>
        container_bridge: "br-mgmt"<br>
        container_interface: "eth1"<br>
        container_type: "veth"<br>
        ip_from_q: "container"<br>
        is_container_address: true<br>
    - network:<br>
        group_binds:<br>
          - glance_api<br>
          - cinder_api<br>
          - cinder_volume<br>
          - nova_compute<br>
        type: "raw"<br>
        container_bridge: "br-storage"<br>
        container_type: "veth"<br>
        container_interface: "eth2"<br>
        container_mtu: "9000"<br>
        ip_from_q: "storage"<br>
    - network:<br>
        group_binds:<br>
          - neutron_linuxbridge_agent<br>
        container_bridge: "br-vxlan"<br>
        container_type: "veth"<br>
        container_interface: "eth10"<br>
        container_mtu: "9000"<br>
        ip_from_q: "tunnel"<br>
        type: "vxlan"<br>
        range: "1:1000"<br>
        net_name: "vxlan"<br>
    - network:<br>
        group_binds:<br>
          - neutron_linuxbridge_agent<br>
        container_bridge: "br-vlan"<br>
        container_type: "veth"<br>
        container_interface: "eth11"<br>
        type: "vlan"<br>
        range: "101:200,301:400"<br>
        net_name: "vlan"<br>
    - network:<br>
         group_binds:<br>
           - neutron_linuxbridge_agent<br>
         container_bridge: "br-vlan"<br>
         container_type: "veth"<br>
         container_interface: "eth12"<br>
         host_bind_override: "eth12"<br>
         type: "flat"<br>
         net_name: "flat"<br>
shared-infra_hosts:<br>
  targethost01:<br>
    ip: 172.29.236.101<br>
repo-infra_hosts:<br>
  targethost01:<br>
    ip: 172.29.236.101<br>
coordination_hosts:<br>
  targethost01:<br>
    ip: 172.29.236.101<br>
os-infra_hosts:<br>
  targethost01:<br>
    ip: 172.29.236.101<br>
identity_hosts:<br>
  targethost01:<br>
    ip: 172.29.236.101<br>
network_hosts:<br>
  targethost01:<br>
    ip: 172.29.236.101<br>
compute_hosts:<br>
   targethost01:<br>
    ip: 172.29.236.101<br>
   targethost02:<br>
     ip: 172.29.236.102<br>
storage-infra_hosts:<br>
  targethost01:<br>
    ip: 172.29.236.101<br>
storage_hosts:<br>
  targethost01:<br>
    ip: 172.29.236.101<br>
<br>
<br>
Also on the deploymenthost, /etc/openstack_deploy/conf.d/haproxy.yml<br>
has the following:<br>
<br>
<br>
haproxy_hosts:<br>
  targethost01:<br>
    ip: 172.29.236.101<br>
<br>
<br>
At the Run Playbooks step of the guide, the following two Ansible<br>
commands return with unreachable=0 failed=0:<br>
<br>
# openstack-ansible setup-hosts.yml<br>
# openstack-ansible setup-infrastructure.yml<br>
<br>
And verifying the database also returns no error:<br>
<br>
<br>
root@deploymenthost:/opt/openstack-ansible/playbooks# ansible<br>
galera_container -m shell \<br>
  -a "mysql -h localhost -e 'show status like \"%wsrep_cluster_%\";'"<br>
Variable files: "-e @/etc/openstack_deploy/user_secrets.yml -e<br>
@/etc/openstack_deploy/user_variables.yml "<br>
[WARNING]: Unable to parse /etc/openstack_deploy/inventory.ini as an<br>
inventory source<br>
targethost01_galera_container-5aa8474a | CHANGED | rc=0 >><br>
Variable_name   Value<br>
wsrep_cluster_weight    1<br>
wsrep_cluster_capabilities<br>
wsrep_cluster_conf_id   1<br>
wsrep_cluster_size      1<br>
wsrep_cluster_state_uuid        e7a0c332-97fe-11ed-b0d4-26b30049826d<br>
wsrep_cluster_status    Primary<br>
<br>
<br>
But when I execute openstack-ansible setup-openstack.yml, I get this:<br>
<br>
<br>
TASK [os_keystone : Fact for apache module mod_auth_openidc to be installed] ***<br>
ok: [targethost01_keystone_container-76e9b31b]<br>
TASK [include_role : openstack.osa.db_setup] ***********************************<br>
TASK [openstack.osa.db_setup : Create database for service] ********************<br>
failed: [targethost01_keystone_container-76e9b31b -><br>
targethost01_utility_container-dc05dc90(172.29.238.59)] (item=None) =><br>
{"censored": "the output has been hidden due to the fact that 'no_log:<br>
true' was specified for this result", "changed": false}<br>
fatal: [targethost01_keystone_container-76e9b31b -> {{<br>
_oslodb_setup_host }}]: FAILED! => {"censored": "the output has been<br>
hidden due to the fact that 'no_log: true' was specified for this<br>
result", "changed": false}<br>
PLAY RECAP *********************************************************************<br>
targethost01_keystone_container-76e9b31b : ok=33   changed=0<br>
unreachable=0    failed=1    skipped=8    rescued=0    ignored=0<br>
targethost01_utility_container-dc05dc90 : ok=3    changed=0<br>
unreachable=0    failed=0    skipped=0    rescued=0    ignored=0<br>
EXIT NOTICE [Playbook execution failure] **************************************<br>
===============================================================================<br>
<br>
<br>
First, how can I disable the "censored" warning? I wonder if the<br>
uncensored running could give me more clues. Second, it appears to be<br>
a problem creating the database (keystone db sync?) How can I test the<br>
database execution inside the LXC containers? I tried to log into one<br>
of the containers and ping the hosts IP and it works, so they have<br>
connectivity. I set up the passwords with:<br>
<br>
# cd /opt/openstack-ansible<br>
# ./scripts/pw-token-gen.py --file /etc/openstack_deploy/user_secrets.yml<br>
<br>
<br>
Any help?<br>
<br>
Best Regards.<br>
<br>
<br>
<br>
<br>
--<br>
__________________________________<br>
<br>
João Marcelo Uchôa de Alencar<br>
jmarcelo.alencar(at)gmail.com<br>
__________________________________<o:p></o:p></span></p>
</div>
</div>
</body>
</html>