Populate barbican region_name during bootstrap

During DC System Controller deployment, the ansible script intermittently fails during the barbican credential creation on ansible re-play. Even in the re-play case, it is a random failure depending on the order of the endpoints in the service catalog. The reason for this to happen is that, during the initial play, the barbican secrets are created prior to initial system configuration population so endpoints for SystemController region are not created. Barbican will use the RegionOne keystone endpoint. But after initial play finished, endpoints for SystemController region are created thus there are two keystone endpoints (RegionOne and SystemController). With two region keystone endpoints during re-play, Barbican may pickup SystemController region keystone endpoint during credential creation. Yet the service for SystemController region (dcorch identity proxy) has not started, causing the credential creation to fail. The fix is to explicitly configure Barbican region_name to RegionOne during bootstrap so re-play will use RegionOne keystone endpoint. Then update Barbican region_name after service endpoints reconfiguration to make region_name consistent with keystone service catalog, so requests to Barbican will always succeed. Change-Id: I7afda2806aad6437f746ca8ff39adee2d29571cf Closes-Bug: 1859726 Signed-off-by: Andy Ning <andy.ning@windriver.com>
2020-01-22 09:11:09 -05:00 · 2020-01-22 09:11:09 -05:00 · 387a20ab23
parent e345aaa231
commit 387a20ab23
2 changed files with 4 additions and 1 deletions
--- a/sysinv/sysinv/sysinv/sysinv/conductor/manager.py
+++ b/sysinv/sysinv/sysinv/sysinv/conductor/manager.py
@ -10657,7 +10657,8 @@ class ConductorManager(service.PeriodicService):
                config_dict = {
                    "personalities": personalities,
                    "host_uuids": [host.uuid],
-                    "classes": ['openstack::keystone::endpoint::runtime']
+                    "classes": ['openstack::keystone::endpoint::runtime',
+                                'openstack::barbican::runtime']
                }
                self._config_apply_runtime_manifest(
                    context, config_uuid, config_dict, force=True)
--- a/sysinv/sysinv/sysinv/sysinv/puppet/barbican.py
+++ b/sysinv/sysinv/sysinv/sysinv/puppet/barbican.py
@ -19,6 +19,8 @@ class BarbicanPuppet(openstack.OpenstackBasePuppet):

        return {
            'barbican::db::postgresql::user': dbuser,
+            'barbican::keystone::authtoken::region_name':
+                self._keystone_region_name(),
        }

    def get_secure_static_config(self):