From 387a20ab23b000b99692abab494c42bc6b6a76cb Mon Sep 17 00:00:00 2001 From: Andy Ning Date: Wed, 22 Jan 2020 09:11:09 -0500 Subject: [PATCH] Populate barbican region_name during bootstrap During DC System Controller deployment, the ansible script intermittently fails during the barbican credential creation on ansible re-play. Even in the re-play case, it is a random failure depending on the order of the endpoints in the service catalog. The reason for this to happen is that, during the initial play, the barbican secrets are created prior to initial system configuration population so endpoints for SystemController region are not created. Barbican will use the RegionOne keystone endpoint. But after initial play finished, endpoints for SystemController region are created thus there are two keystone endpoints (RegionOne and SystemController). With two region keystone endpoints during re-play, Barbican may pickup SystemController region keystone endpoint during credential creation. Yet the service for SystemController region (dcorch identity proxy) has not started, causing the credential creation to fail. The fix is to explicitly configure Barbican region_name to RegionOne during bootstrap so re-play will use RegionOne keystone endpoint. Then update Barbican region_name after service endpoints reconfiguration to make region_name consistent with keystone service catalog, so requests to Barbican will always succeed. Change-Id: I7afda2806aad6437f746ca8ff39adee2d29571cf Closes-Bug: 1859726 Signed-off-by: Andy Ning --- sysinv/sysinv/sysinv/sysinv/conductor/manager.py | 3 ++- sysinv/sysinv/sysinv/sysinv/puppet/barbican.py | 2 ++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/sysinv/sysinv/sysinv/sysinv/conductor/manager.py b/sysinv/sysinv/sysinv/sysinv/conductor/manager.py index 6e26d29900..49072b8068 100644 --- a/sysinv/sysinv/sysinv/sysinv/conductor/manager.py +++ b/sysinv/sysinv/sysinv/sysinv/conductor/manager.py @@ -10657,7 +10657,8 @@ class ConductorManager(service.PeriodicService): config_dict = { "personalities": personalities, "host_uuids": [host.uuid], - "classes": ['openstack::keystone::endpoint::runtime'] + "classes": ['openstack::keystone::endpoint::runtime', + 'openstack::barbican::runtime'] } self._config_apply_runtime_manifest( context, config_uuid, config_dict, force=True) diff --git a/sysinv/sysinv/sysinv/sysinv/puppet/barbican.py b/sysinv/sysinv/sysinv/sysinv/puppet/barbican.py index b20f9733af..b77b235974 100644 --- a/sysinv/sysinv/sysinv/sysinv/puppet/barbican.py +++ b/sysinv/sysinv/sysinv/sysinv/puppet/barbican.py @@ -19,6 +19,8 @@ class BarbicanPuppet(openstack.OpenstackBasePuppet): return { 'barbican::db::postgresql::user': dbuser, + 'barbican::keystone::authtoken::region_name': + self._keystone_region_name(), } def get_secure_static_config(self):