-
Bug
-
Resolution: Done
-
Undefined
-
rhos-18.0 Dev Preview 3
-
None
-
False
-
-
False
-
?
-
No
-
-
-
Critical
When deploying the following dataplane node set:
apiVersion: dataplane.openstack.org/v1beta1
kind: OpenStackDataPlaneNodeSet
metadata:
name: openstack-edpm-ipam
spec:
env:
- name: ANSIBLE_FORCE_COLOR
value: "True"
- name: ANSIBLE_ENABLE_TASK_DEBUGGER
value: "True"
- name: ANSIBLE_VERBOSITY
value: "2"
preProvisioned: true
services:
- bootstrap
- configure-network
- validate-network
- install-os
- configure-os
- run-os
- reboot-os
- install-certs
- ovn
- neutron-metadata
- libvirt
- nova
- telemetry
nodes:
edpm-compute-0:
hostName: edpm-compute-0
ansible:
ansibleHost: 172.22.0.100
networks:
- name: CtlPlane
subnetName: subnet1
defaultRoute: false
fixedIP: 172.22.0.100
- name: InternalApi
subnetName: subnet1
- name: Storage
subnetName: subnet1
- name: Tenant
subnetName: subnet1
- name: External
subnetName: subnet1
networkAttachments:
- ctlplane
nodeTemplate:
ansibleSSHPrivateKeySecret: dataplane-ansible-ssh-private-key-secret
managementNetwork: ctlplane
ansible:
ansibleUser: root
ansiblePort: 22
ansibleVars:
service_net_map:
nova_api_network: internal_api
nova_libvirt_network: internal_api
timesync_ntp_servers:
- hostname: pool.ntp.org
edpm_network_config_template: |
---
{% set mtu_list = [ctlplane_mtu] %}
{% for network in role_networks %}
{{ mtu_list.append(lookup('vars', networks_lower[network] ~ '_mtu')) }}
{%- endfor %}
{% set min_viable_mtu = mtu_list | max %}
network_config:
- type: ovs_bridge
name: {{ neutron_physical_bridge_name }}
mtu: {{ min_viable_mtu }}
use_dhcp: false
dns_servers: {{ ctlplane_dns_nameservers }}
domain: {{ dns_search_domains }}
addresses:
- ip_netmask: {{ ctlplane_ip }}/{{ ctlplane_cidr }}
routes: {{ ctlplane_host_routes }}
members:
- type: interface
name: nic1
mtu: {{ min_viable_mtu }}
# force the MAC address of the bridge to this interface
primary: true
{% for network in role_networks if network != 'External' %}
- type: vlan
mtu: {{ lookup('vars', networks_lower[network] ~ '_mtu') }}
vlan_id: {{ lookup('vars', networks_lower[network] ~ '_vlan_id') }}
addresses:
- ip_netmask:
{{ lookup('vars', networks_lower[network] ~ '_ip') }}/{{ lookup('vars', networks_lower[network] ~ '_cidr') }}
routes: {{ lookup('vars', networks_lower[network] ~ '_host_routes') }}
{% endfor %}
{% if 'External' in role_networks or 'external_bridge' in role_tags %}
- type: ovs_bridge
name: br-ex
dns_servers: {{ ctlplane_dns_nameservers }}
domain: {{ dns_search_domains }}
use_dhcp: false
members:
- type: interface
name: nic2
mtu: 1500
primary: true
{% endif %}
{% if 'External' in role_networks %}
routes:
- ip_netmask: 0.0.0.0/0
next_hop: {{ external_gateway_ip | default('192.168.123.1') }}
addresses:
- ip_netmask: {{ external_ip }}/{{ external_cidr }}
{% endif %}
edpm_network_config_hide_sensitive_logs: false
#
# These vars are for the network config templates themselves and are
# considered EDPM network defaults (for all computes).
ctlplane_host_routes: []
ctlplane_dns_nameservers:
- 172.22.0.89
- 10.11.5.160
ctlplane_subnet_cidr: 24
dns_search_domains: aio.example.com
ctlplane_mtu: 1500
external_mtu: 1500
external_vlan_id: 44
external_cidr: '24'
external_host_routes: []
internal_api_mtu: 1500
internal_api_vlan_id: 20
internal_api_cidr: '24'
internal_api_host_routes: []
storage_mtu: 1500
storage_vlan_id: 21
storage_cidr: '24'
storage_host_routes: []
tenant_mtu: 1500
tenant_vlan_id: 22
tenant_cidr: '24'
tenant_host_routes: []
neutron_physical_bridge_name: br-osp
# name of the first network interface on the compute node:
neutron_public_interface_name: eth0
role_networks:
- InternalApi
- Storage
- Tenant
networks_lower:
External: external
InternalApi: internal_api
Storage: storage
Tenant: tenant
# edpm_nodes_validation
edpm_nodes_validation_validate_controllers_icmp: false
edpm_nodes_validation_validate_gateway_icmp: false
gather_facts: false
enable_debug: false
# edpm firewall, change the allowed CIDR if needed
edpm_sshd_configure_firewall: true
edpm_sshd_allowed_ranges: ['172.22.0.0/16']
# SELinux module
edpm_selinux_mode: enforcing
edpm_podman_buildah_login: true
edpm_container_registry_logins:
registry.redhat.io:
testuser: testpassword
The openstackansibleee jobs ignores root user and uses cloud-admin instead:
[...]
│
│ bootstrap-openstack-edpm-ipam-7kkfm fatal: [edpm-compute-0]: UNREACHABLE! => {"changed": false, "msg": "Failed to connect to the host via ssh: Warning: Permanently added '172.22.0.100' (ED25519) to the list of known hosts.\r\ncloud-admin@172.22.0.100: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).", "unreachable": true}
