Uploaded image for project: 'Red Hat OpenStack Services on OpenShift'
  1. Red Hat OpenStack Services on OpenShift
  2. OSPRH-4676

[DP3] ansibleUser from NodeTemplate->ansible->AnsibleUser is ignored and uses cloud-admin instead

XMLWordPrintable

    • False
    • Hide

      None

      Show
      None
    • False
    • ?
    • ?
    • ?
    • ?
    • No
    • Critical
    • EDPM

      When deploying the following dataplane node set:

       

      apiVersion: dataplane.openstack.org/v1beta1
      kind: OpenStackDataPlaneNodeSet
      metadata:
        name: openstack-edpm-ipam
      spec:
        env:
          - name: ANSIBLE_FORCE_COLOR
            value: "True"
          - name: ANSIBLE_ENABLE_TASK_DEBUGGER
            value: "True"
          - name: ANSIBLE_VERBOSITY
            value: "2"
        preProvisioned: true
        services:
          - bootstrap
          - configure-network
          - validate-network
          - install-os
          - configure-os
          - run-os
          - reboot-os
          - install-certs
          - ovn
          - neutron-metadata
          - libvirt
          - nova
          - telemetry
        nodes:
            edpm-compute-0:
              hostName: edpm-compute-0
              ansible:
                ansibleHost: 172.22.0.100
              networks:
              - name: CtlPlane
                subnetName: subnet1
                defaultRoute: false
                fixedIP: 172.22.0.100
              - name: InternalApi
                subnetName: subnet1
              - name: Storage
                subnetName: subnet1
              - name: Tenant
                subnetName: subnet1
              - name: External
                subnetName: subnet1
        networkAttachments:
          - ctlplane
        nodeTemplate:
          ansibleSSHPrivateKeySecret: dataplane-ansible-ssh-private-key-secret
          managementNetwork: ctlplane
          ansible:
            ansibleUser: root
            ansiblePort: 22
            ansibleVars:
               service_net_map:
                 nova_api_network: internal_api
                 nova_libvirt_network: internal_api
               timesync_ntp_servers:
                 - hostname: pool.ntp.org
               edpm_network_config_template: |
                ---
                {% set mtu_list = [ctlplane_mtu] %}
                {% for network in role_networks %}
                {{ mtu_list.append(lookup('vars', networks_lower[network] ~ '_mtu')) }}
                {%- endfor %}
                {% set min_viable_mtu = mtu_list | max %}
                network_config:
                - type: ovs_bridge
                  name: {{ neutron_physical_bridge_name }}
                  mtu: {{ min_viable_mtu }}
                  use_dhcp: false
                  dns_servers: {{ ctlplane_dns_nameservers }}
                  domain: {{ dns_search_domains }}
                  addresses:
                  - ip_netmask: {{ ctlplane_ip }}/{{ ctlplane_cidr }}
                  routes: {{ ctlplane_host_routes }}
                  members:
                  - type: interface
                    name: nic1
                    mtu: {{ min_viable_mtu }}
                    # force the MAC address of the bridge to this interface
                    primary: true
                {% for network in role_networks if network != 'External' %}
                  - type: vlan
                    mtu: {{ lookup('vars', networks_lower[network] ~ '_mtu') }}
                    vlan_id: {{ lookup('vars', networks_lower[network] ~ '_vlan_id') }}
                    addresses:
                    - ip_netmask:
                        {{ lookup('vars', networks_lower[network] ~ '_ip') }}/{{ lookup('vars', networks_lower[network] ~ '_cidr') }}
                    routes: {{ lookup('vars', networks_lower[network] ~ '_host_routes') }}
                {% endfor %}
                {% if 'External' in role_networks or 'external_bridge' in role_tags %}
                - type: ovs_bridge
                  name: br-ex
                  dns_servers: {{ ctlplane_dns_nameservers }}
                  domain: {{ dns_search_domains }}
                  use_dhcp: false
                  members:
                  - type: interface
                    name: nic2
                    mtu: 1500
                    primary: true
                {% endif %}
                {% if 'External' in role_networks %}
                  routes:
                  - ip_netmask: 0.0.0.0/0
                    next_hop: {{ external_gateway_ip | default('192.168.123.1') }}
                  addresses:
                  - ip_netmask: {{ external_ip }}/{{ external_cidr }}
                {% endif %}
               edpm_network_config_hide_sensitive_logs: false
                #
                # These vars are for the network config templates themselves and are
                # considered EDPM network defaults (for all computes).
               ctlplane_host_routes: []
               ctlplane_dns_nameservers:
               - 172.22.0.89
               - 10.11.5.160
               ctlplane_subnet_cidr: 24
               dns_search_domains: aio.example.com
               ctlplane_mtu: 1500
               external_mtu: 1500
               external_vlan_id: 44
               external_cidr: '24'
               external_host_routes: []
               internal_api_mtu: 1500
               internal_api_vlan_id: 20
               internal_api_cidr: '24'
               internal_api_host_routes: []
               storage_mtu: 1500
               storage_vlan_id: 21
               storage_cidr: '24'
               storage_host_routes: []
               tenant_mtu: 1500
               tenant_vlan_id: 22
               tenant_cidr: '24'
               tenant_host_routes: []
               neutron_physical_bridge_name: br-osp
               # name of the first network interface on the compute node:
               neutron_public_interface_name: eth0
               role_networks:
               - InternalApi
               - Storage
               - Tenant
               networks_lower:
                 External: external
                 InternalApi: internal_api
                 Storage: storage
                 Tenant: tenant
               # edpm_nodes_validation
               edpm_nodes_validation_validate_controllers_icmp: false
               edpm_nodes_validation_validate_gateway_icmp: false
               gather_facts: false
               enable_debug: false
               # edpm firewall, change the allowed CIDR if needed
               edpm_sshd_configure_firewall: true
               edpm_sshd_allowed_ranges: ['172.22.0.0/16']
               # SELinux module
               edpm_selinux_mode: enforcing
               edpm_podman_buildah_login: true
               edpm_container_registry_logins:
                registry.redhat.io:
                  testuser: testpassword 

      The openstackansibleee jobs ignores root user and uses cloud-admin instead:

       

      [...]
              │
      │ bootstrap-openstack-edpm-ipam-7kkfm fatal: [edpm-compute-0]: UNREACHABLE! => {"changed": false, "msg": "Failed to connect to the host via ssh: Warning: Permanently added '172.22.0.100' (ED25519) to the list of known hosts.\r\ncloud-admin@172.22.0.100: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).", "unreachable": true} 

            grosenbe-redhat.com Gil Rosenberg
            pnavarro@redhat.com Pedro Navarro Perez
            rhos-dfg-df
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved: