Puppet fails during updating ceilometer node

Bug #1354494 reported by Ihor Kalnytskyi
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Fuel for OpenStack
Fix Committed
Critical
Vladimir Kuklin
5.0.x
Fix Committed
Critical
Fuel Library (Deprecated)
5.1.x
Fix Committed
Critical
Vladimir Kuklin
6.0.x
Won't Fix
Medium
Dmitry Ilyin
6.1.x
Won't Fix
Medium
Fuel Library (Deprecated)

Bug Description

Repro step:

1. Run Fuel 5.0 (ISO 26)
2. Deploy environment with ceilometer node
3. Upgrade master node to 5.1
4. Update env to 5.0.2

Expected result:

    Successfull update

Actual result:

    Puppet fails with the following error: "Could not evaluate: Execution of '/usr/bin/mongo --quiet --eval db.getMongo().getDBNames()' returned 252"

Log:

    http://paste.openstack.org/raw/92112/

Revision history for this message
Łukasz Oleś (loles) wrote :

I couldn 't reproduce this.

Revision history for this message
Ihor Kalnytskyi (ikalnytskyi) wrote :

Łukasz, do you know about our mongo implementation? If so I can give you a tunnel when I meet this issue again.

Revision history for this message
Timur Nurlygayanov (tnurlygayanov) wrote :

listDatabases failed:{ "ok" : 0, "errmsg" : "unauthorized" } at src/mongo/shell/mongo.js:46

Revision history for this message
Dina Belova (dbelova) wrote :

Why don't we have the snapshots attached to this bug? Actually that's impossible to understand what was happening while the upgrade on the nodes without them

Changed in fuel:
assignee: Fuel Library Team (fuel-library) → Denis Egorenko (degorenko)
Revision history for this message
Timur Nurlygayanov (tnurlygayanov) wrote :

Need to reproduce and provide the access to tha lab.

Revision history for this message
Dmitry Ilyin (idv1985) wrote :

Lokks like Puppet's mongodb module is trying to gem list of databases to determin if it should create one or not. But there is absolutely no auth support in this module. Probabbly it relies on "localhost exception" when you can connect to mongo without login and password from local interface. But it works only when there are no users created. After the first Puppet run admin and ceilometer users and ther rights are created and mongo no longer can connect to the database without password. So it doesn't work on the second and later runs.

This kinda sucks there is no easy fix but to implement auth mechanism in Mongo Puppet module.

Changed in fuel:
status: New → Incomplete
Dmitry Ilyin (idv1985)
Changed in fuel:
assignee: Denis Egorenko (degorenko) → Dmitry Ilyin (idv1985)
Changed in fuel:
status: Incomplete → Confirmed
Changed in fuel:
status: Confirmed → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to fuel-library (master)

Fix proposed to branch: master
Review: https://review.openstack.org/113602

Revision history for this message
Tatyanka (tatyana-leontovich) wrote :
Revision history for this message
OpenStack Infra (hudson-openstack) wrote :

Fix proposed to branch: master
Review: https://review.openstack.org/114297

Changed in fuel:
assignee: Dmitry Ilyin (idv1985) → Vladimir Kuklin (vkuklin)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Change abandoned on fuel-library (master)

Change abandoned by Dmitry Ilyin (<email address hidden>) on branch: master
Review: https://review.openstack.org/113602
Reason: close

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to fuel-library (master)

Reviewed: https://review.openstack.org/114297
Committed: https://git.openstack.org/cgit/stackforge/fuel-library/commit/?id=21e1efbe9ce1d51a6f84dbb0d3fccd6896346235
Submitter: Jenkins
Branch: master

commit 21e1efbe9ce1d51a6f84dbb0d3fccd6896346235
Author: Dmitry Ilyin <email address hidden>
Date: Mon Aug 11 20:43:14 2014 +0400

    Add auth and remote connections support to MongoDB

    Add options to provide admin user login and
    password to be used while managing databases
    and users.

    Admin user should have at least permissions
    'root' and 'restore'.

    If there is no admin user mongo will work
    in 'localhost exception' mode allowing
    administration from the local interface.

    Closes-Bug: 1354494

    Change-Id: I253ee50523fba66586e7a42a7f0772adebe96e83

Changed in fuel:
status: In Progress → Fix Committed
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to fuel-library (stable/5.0)

Fix proposed to branch: stable/5.0
Review: https://review.openstack.org/115324

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to fuel-library (stable/5.0)

Reviewed: https://review.openstack.org/115324
Committed: https://git.openstack.org/cgit/stackforge/fuel-library/commit/?id=2e55e9a7436ff6d833536c994e9d8eb68ab87eff
Submitter: Jenkins
Branch: stable/5.0

commit 2e55e9a7436ff6d833536c994e9d8eb68ab87eff
Author: Dmitry Ilyin <email address hidden>
Date: Mon Aug 11 20:43:14 2014 +0400

    Add auth and remote connections support to MongoDB

    Add options to provide admin user login and
    password to be used while managing databases
    and users.

    Admin user should have at least permissions
    'root' and 'restore'.

    If there is no admin user mongo will work
    in 'localhost exception' mode allowing
    administration from the local interface.

    Closes-Bug: 1354494

    Change-Id: I253ee50523fba66586e7a42a7f0772adebe96e83

Revision history for this message
Dmitry Borodaenko (angdraug) wrote :

Please submit this patch to upstream, so that in 6.0 (or later if it takes too long) we can resync with an upstream version that includes this functionality. Targeting to 6.0 as Medium to track that.

Revision history for this message
Bogdan Dobrelya (bogdando) wrote :

Why this bug is open for 6.1?

Revision history for this message
Stanislaw Bogatkin (sbogatkin) wrote :

We don't support that type of patching anymore. So, closed.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.