hook failed: "identity-service-relation-changed" for keystone when connected to vault charm
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Keystone Charm |
Triaged
|
Low
|
Unassigned |
Bug Description
Hi,
Successfully deploying an OpenStack environment mainly in LXD containers. Has been working successfully on a regular basis. We've now added vault into the bundle and linked to keystone plus some other services.
This reliably generates an error on keystone deploy with hook failed on "identity-
Model Controller Cloud/Region Version SLA Timestamp
xxxxx-ed-ssl2 google-controller google/us-east1 2.5.1 unsupported 09:31:05Z
App Version Status Scale Charm Store Rev OS Notes
aodh 6.0.1 active 1 aodh jujucharms 22 ubuntu
ceilometer 10.0.1 waiting 1 ceilometer jujucharms 258 ubuntu
ceilometer-agent 11.0.1 active 1 ceilometer-agent jujucharms 248 ubuntu
central-monitor active 1 nagios jujucharms 28 ubuntu
ceph-mon 13.2.4+dfsg1 active 3 ceph-mon jujucharms 31 ubuntu
ceph-osd 13.2.4+dfsg1 active 3 ceph-osd jujucharms 273 ubuntu
ceph-radosgw 13.2.4+dfsg1 active 1 ceph-radosgw jujucharms 263 ubuntu
cinder 13.0.2 active 1 cinder jujucharms 276 ubuntu
cinder-ceph 13.0.2 active 1 cinder-ceph jujucharms 238 ubuntu
dpcop-dashboard essex active 1 dpcop-dashboard local 0 ubuntu
glance 17.0.0 active 1 glance jujucharms 271 ubuntu
gnocchi 4.2.5 waiting 1 gnocchi jujucharms 16 ubuntu
grafana active 1 grafana jujucharms 23 ubuntu
keystone 14.0.1 error 1 keystone jujucharms 294 ubuntu
memcached active 1 memcached jujucharms 23 ubuntu
mongo-db 3.6.3 active 1 mongodb jujucharms 52 ubuntu
mysql 5.7.20-29.24 active 1 percona-cluster jujucharms 272 ubuntu
neutron-api 13.0.2 active 1 neutron-api jujucharms 266 ubuntu
neutron-gateway 13.0.2 active 1 neutron-gateway jujucharms 256 ubuntu
neutron-openvswitch 13.0.2 active 1 neutron-openvswitch jujucharms 255 ubuntu
nova-cloud-
nova-compute 18.0.3 active 1 nova-compute jujucharms 293 ubuntu
ntp 3.2 active 2 ntp jujucharms 31 ubuntu
openstack-dashboard 14.0.1 waiting 1 openstack-dashboard local 32 ubuntu
prometheus active 1 prometheus jujucharms 7 ubuntu
prometheus-
rabbitmq-server 3.6.10 active 1 rabbitmq-server jujucharms 82 ubuntu
vault 1.0.3 active 1 vault jujucharms 12 ubuntu
Unit Workload Agent Machine Public address Ports Message
aodh/0* active idle 0/lxd/0 252.5.188.70 8042/tcp Unit is ready
ceilometer/0* waiting idle 0/lxd/1 252.5.185.186 Incomplete relations: database
central-monitor/0* active idle 0/lxd/2 252.5.184.115 80/tcp ready
ceph-mon/0 active idle 0/lxd/3 252.5.184.103 Unit is ready and clustered
ceph-mon/1 active idle 0/lxd/4 252.5.187.39 Unit is ready and clustered
ceph-mon/2* active idle 0/lxd/5 252.5.190.88 Unit is ready and clustered
ceph-osd/0 active idle 0/lxd/6 252.5.181.179 Unit is ready (3 OSD)
ceph-osd/1* active idle 0/lxd/7 252.5.188.135 Unit is ready (3 OSD)
ceph-osd/2 active idle 0/lxd/8 252.5.189.150 Unit is ready (3 OSD)
ceph-radosgw/0* active idle 0/lxd/9 252.5.180.19 80/tcp Unit is ready
cinder/0* active idle 0/lxd/10 252.5.180.221 8776/tcp Unit is ready
cinder-ceph/0* active idle 252.5.180.221 Unit is ready
glance/0* active idle 0/lxd/11 252.5.178.243 9292/tcp Unit is ready
gnocchi/0* waiting idle 0/lxd/12 252.5.184.8 8041/tcp 'identity-service' incomplete
grafana/0* active idle 0/lxd/13 252.5.182.253 3000/tcp Started grafana-server
keystone/0* error idle 0/lxd/14 252.5.184.123 5000/tcp hook failed: "identity-
memcached/0* active idle 0/lxd/15 252.5.182.48 11211/tcp Unit is ready
mongo-db/0* active idle 0/lxd/16 252.5.185.214 27017/tcp,
mysql/0* active idle 0/lxd/17 252.5.186.143 3306/tcp Unit is ready
neutron-api/0* active idle 0/lxd/18 252.5.185.67 9696/tcp Unit is ready
neutron-gateway/0* active idle 0 35.231.102.68 Unit is ready
ntp/0* active idle 35.231.102.68 123/udp chrony: Ready
nova-cloud-
nova-compute/0* active idle 0/lxd/20 252.5.179.17 Unit is ready
ceilometer-
neutron-
ntp/1 active idle 252.5.179.17 123/udp chrony: Ready
openstack-
dpcop-
prometheus-
prometheus/0* active idle 0/lxd/22 252.5.176.199 9090/tcp,12321/tcp Ready
rabbitmq-server/0* active idle 0/lxd/24 252.5.177.106 5672/tcp Unit is ready
vault/0* active idle 0/lxd/25 252.5.190.163 8200/tcp Unit is ready (active: true, mlock: disabled)
Machine State DNS Inst id Series AZ Message
0 started 35.231.102.68 juju-6ca089-0 bionic us-east1-b RUNNING
0/lxd/0 started 252.5.188.70 juju-6ca089-0-lxd-0 bionic us-east1-b Container started
0/lxd/1 started 252.5.185.186 juju-6ca089-0-lxd-1 bionic us-east1-b Container started
0/lxd/2 started 252.5.184.115 juju-6ca089-0-lxd-2 bionic us-east1-b Container started
0/lxd/3 started 252.5.184.103 juju-6ca089-0-lxd-3 bionic us-east1-b Container started
0/lxd/4 started 252.5.187.39 juju-6ca089-0-lxd-4 bionic us-east1-b Container started
0/lxd/5 started 252.5.190.88 juju-6ca089-0-lxd-5 bionic us-east1-b Container started
0/lxd/6 started 252.5.181.179 juju-6ca089-0-lxd-6 bionic us-east1-b Container started
0/lxd/7 started 252.5.188.135 juju-6ca089-0-lxd-7 bionic us-east1-b Container started
0/lxd/8 started 252.5.189.150 juju-6ca089-0-lxd-8 bionic us-east1-b Container started
0/lxd/9 started 252.5.180.19 juju-6ca089-0-lxd-9 bionic us-east1-b Container started
0/lxd/10 started 252.5.180.221 juju-6ca089-
0/lxd/11 started 252.5.178.243 juju-6ca089-
0/lxd/12 started 252.5.184.8 juju-6ca089-
0/lxd/13 started 252.5.182.253 juju-6ca089-
0/lxd/14 started 252.5.184.123 juju-6ca089-
0/lxd/15 started 252.5.182.48 juju-6ca089-
0/lxd/16 started 252.5.185.214 juju-6ca089-
0/lxd/17 started 252.5.186.143 juju-6ca089-
0/lxd/18 started 252.5.185.67 juju-6ca089-
0/lxd/19 started 252.5.183.216 juju-6ca089-
0/lxd/20 started 252.5.179.17 juju-6ca089-
0/lxd/21 started 252.5.177.101 juju-6ca089-
0/lxd/22 started 252.5.176.199 juju-6ca089-
0/lxd/23 started 252.5.188.30 juju-6ca089-
0/lxd/24 started 252.5.177.106 juju-6ca089-
0/lxd/25 started 252.5.190.163 juju-6ca089-
Note we are using the latest released vault and keystone charms.
The error in the juju unit-keystone-
2019-03-28 09:38:06 DEBUG identity-
2019-03-28 09:38:06 DEBUG identity-
... and it's failing to connect because Apache hasn't started with SSL:
Mar 28 08:26:47 juju-6ca089-
Mar 28 08:26:47 juju-6ca089-
Mar 28 08:26:47 juju-6ca089-
Mar 28 08:35:02 juju-6ca089-
Mar 28 08:45:02 juju-6ca089-
Mar 28 08:55:03 juju-6ca089-
Mar 28 09:05:03 juju-6ca089-
Mar 28 09:15:03 juju-6ca089-
Mar 28 09:25:04 juju-6ca089-
Mar 28 09:35:04 juju-6ca089-
No SSL directory in /etc/apache2:
root@juju-
total 80
-rw-r--r-- 1 root root 320 Oct 10 18:59 ports.conf
-rw-r--r-- 1 root root 31063 Oct 10 18:59 magic
-rw-r--r-- 1 root root 1782 Oct 10 18:59 envvars
-rw-r--r-- 1 root root 7224 Oct 10 18:59 apache2.conf
drwxr-xr-x 2 root root 4096 Mar 28 08:13 conf-available
drwxr-xr-x 2 root root 12288 Mar 28 08:13 mods-available
drwxr-xr-x 2 root root 4096 Mar 28 08:13 conf-enabled
drwxr-xr-x 2 root root 4096 Mar 28 08:14 sites-enabled
drwxr-xr-x 2 root root 4096 Mar 28 08:15 sites-available
drwxr-xr-x 2 root root 4096 Mar 28 08:27 mods-enabled
Sometimes we do see an SSL directory, but it only contains some of the certificates. In these cases Apache doesn't start at all because it's wsgi-openstack-
Logs attached
Changed in charm-keystone: | |
status: | New → Incomplete |
assignee: | nobody → Chris MacNaughton (chris.macnaughton) |
Changed in charm-keystone: | |
milestone: | 19.04 → 19.07 |
Changed in charm-keystone: | |
milestone: | 19.07 → 19.10 |
Changed in charm-keystone: | |
milestone: | 19.10 → 20.01 |
Changed in charm-keystone: | |
milestone: | 20.01 → 20.05 |
Changed in charm-keystone: | |
milestone: | 20.05 → 20.08 |
Changed in charm-keystone: | |
milestone: | 20.08 → none |
Can we get a copy of this bundle, at least the parts including keystone and vault?