When xmpp auth is enabled in json file. Ansible tries to run contrail-compute-setup script with --xmpp_dns_auth_enable option and fails.
Without this flag, vrouter agent is not provisioned properly with xmpp auth enabled.
root@nodem8:~# contrail-compute-setup --cfgm_ip 10.10.10.10 --keystone_ip 10.10.10.20 --self_ip 10.10.10.8 --non_mgmt_ip 10.10.10.8 --non_mgmt_gw 10.10.10.100 --hypervisor libvirt --keystone_auth_protocol http --keystone_auth_port 35357 --keystone_admin_user admin --keystone_admin_password contrail123 --keystone_admin_tenant_name admin --register --control-nodes 10.10.10.14 10.10.10.6 10.10.10.7 --collectors 10.10.10.14 10.10.10.6 10.10.10.7 --xmpp_auth_enable --xmpp_dns_auth_enable
[Thu May 11 18:45:09 2017 contrail_vrouter_provisioning.setup(18) INFO]: Compute provisioning initiated:
['/usr/bin/contrail-compute-setup', '--cfgm_ip', '10.10.10.10', '--keystone_ip', '10.10.10.20', '--self_ip', '10.10.10.8', '--non_mgmt_ip', '10.10.10.8', '--non_mgmt_gw', '10.10.10.100', '--hypervisor', 'libvirt', '--keystone_auth_protocol', 'http', '--keystone_auth_port', '35357', '--keystone_admin_user', 'admin', '--keystone_admin_password', 'contrail123', '--keystone_admin_tenant_name', 'admin', '--register', '--control-nodes', '10.10.10.14', '10.10.10.6', '10.10.10.7', '--collectors', '10.10.10.14', '10.10.10.6', '10.10.10.7', '--xmpp_auth_enable', '--xmpp_dns_auth_enable']
usage: contrail-compute-setup [-h] [--conf_file CONF_FILE] [--cfgm_ip CFGM_IP]
[--keystone_ip KEYSTONE_IP] [--self_ip SELF_IP]
[--hypervisor HYPERVISOR]
[--mgmt_self_ip MGMT_SELF_IP]
[--non_mgmt_ip NON_MGMT_IP]
[--non_mgmt_gw NON_MGMT_GW]
[--physical_interface PHYSICAL_INTERFACE]
[--vgw_intf VGW_INTF]
[--vgw_public_subnet VGW_PUBLIC_SUBNET]
[--vgw_public_vn_name VGW_PUBLIC_VN_NAME]
[--vgw_intf_list VGW_INTF_LIST]
[--vgw_gateway_routes VGW_GATEWAY_ROUTES]
[--keystone_auth_protocol KEYSTONE_AUTH_PROTOCOL]
[--keystone_auth_port KEYSTONE_AUTH_PORT]
[--keystone_admin_user KEYSTONE_ADMIN_USER]
[--keystone_admin_password KEYSTONE_ADMIN_PASSWORD]
[--keystone_admin_tenant_name KEYSTONE_ADMIN_TENANT_NAME]
[--neutron_password NEUTRON_PASSWORD]
[--internal_vip INTERNAL_VIP]
[--external_vip EXTERNAL_VIP]
[--contrail_internal_vip CONTRAIL_INTERNAL_VIP]
[--cpu_mode CPU_MODE] [--cpu_model CPU_MODEL]
[--vmware VMWARE]
[--vmware_username VMWARE_USERNAME]
[--vmware_passwd VMWARE_PASSWD]
[--vmware_vmpg_vswitch VMWARE_VMPG_VSWITCH]
[--vmware_vmpg_vswitch_mtu VMWARE_VMPG_VSWITCH_MTU]
[--vmware_datanic_mtu VMWARE_DATANIC_MTU]
[--mode MODE] [--vcenter_server VCENTER_SERVER]
[--vcenter_username VCENTER_USERNAME]
[--vcenter_password VCENTER_PASSWORD]
[--vcenter_cluster VCENTER_CLUSTER]
[--vcenter_dvswitch VCENTER_DVSWITCH]
[--dpdk DPDK]
[--vrouter_module_params VROUTER_MODULE_PARAMS]
[--sriov SRIOV] [--tsn_mode TSN_MODE]
[--gateway_server_list GATEWAY_SERVER_LIST [GATEWAY_SERVER_LIST ...]]
[--qos_logical_queue QOS_LOGICAL_QUEUE [QOS_LOGICAL_QUEUE ...]]
[--qos_queue_id QOS_QUEUE_ID [QOS_QUEUE_ID ...]]
[--default_hw_queue_qos]
[--priority_id PRIORITY_ID [PRIORITY_ID ...]]
[--priority_scheduling PRIORITY_SCHEDULING [PRIORITY_SCHEDULING ...]]
[--priority_bandwidth PRIORITY_BANDWIDTH [PRIORITY_BANDWIDTH ...]]
[--collectors COLLECTORS [COLLECTORS ...]]
[--control-nodes CONTROL_NODES [CONTROL_NODES ...]]
[--metadata_secret METADATA_SECRET]
[--xmpp_auth_enable] [--sandesh_ssl_enable]
[--introspect_ssl_enable] [--register]
contrail-compute-setup: error: unrecognized arguments: --xmpp_dns_auth_enable
ABOVE ERROR IS THROWN WITH --xmpp_dns_auth_enable
WITHOUT THE FLAG CHECK THE conf FILE AT THE END IS NOT SET PROPERLY:-
root@nodem8:~# contrail-compute-setup --cfgm_ip 10.10.10.10 --keystone_ip 10.10.10.20 --self_ip 10.10.10.8 --non_mgmt_ip 10.10.10.8 --non_mgmt_gw 10.10.10.100 --hypervisor libvirt --keystone_auth_protocol http --keystone_auth_port 35357 --keystone_admin_user admin --keystone_admin_password contrail123 --keystone_admin_tenant_name admin --register --control-nodes 10.10.10.14 10.10.10.6 10.10.10.7 --collectors 10.10.10.14 10.10.10.6 10.10.10.7 --xmpp_auth_enable
[Thu May 11 18:45:35 2017 contrail_vrouter_provisioning.setup(18) INFO]: Compute provisioning initiated:
['/usr/bin/contrail-compute-setup', '--cfgm_ip', '10.10.10.10', '--keystone_ip', '10.10.10.20', '--self_ip', '10.10.10.8', '--non_mgmt_ip', '10.10.10.8', '--non_mgmt_gw', '10.10.10.100', '--hypervisor', 'libvirt', '--keystone_auth_protocol', 'http', '--keystone_auth_port', '35357', '--keystone_admin_user', 'admin', '--keystone_admin_password', 'contrail123', '--keystone_admin_tenant_name', 'admin', '--register', '--control-nodes', '10.10.10.14', '10.10.10.6', '10.10.10.7', '--collectors', '10.10.10.14', '10.10.10.6', '10.10.10.7', '--xmpp_auth_enable']
[Thu May 11 18:45:35 2017 contrail_vrouter_provisioning(67) INFO]: Executing: sudo sed -i 's/SELINUX=.*/SELINUX=disabled/g' /etc/selinux/config
[Thu May 11 18:45:35 2017 contrail_vrouter_provisioning(77) WARNING]: sed: can't read /etc/selinux/config: No such file or directory
................
.................
...................
[Thu May 11 18:45:42 2017 contrail_vrouter_provisioning(67) INFO]: Executing: sudo contrail-config --set /etc/contrail/contrail-lbaas-auth.conf BARBICAN auth_url 'http://10.10.10.20:35357/v2.0'
[Thu May 11 18:45:42 2017 contrail_vrouter_provisioning(67) INFO]: Executing: sudo contrail-config --set /etc/contrail/contrail-lbaas-auth.conf BARBICAN admin_password 'contrail123'
[Thu May 11 18:45:42 2017 contrail_vrouter_provisioning(67) INFO]: Executing: sudo contrail-config --set /etc/contrail/contrail-lbaas-auth.conf BARBICAN admin_user 'neutron'
[Thu May 11 18:45:42 2017 contrail_vrouter_provisioning(67) INFO]: Executing: sudo python /opt/contrail/utils/provision_vrouter.py --host_name nodem8 --host_ip 10.10.10.8 --api_server_ip 10.10.10.10 --oper add --admin_user admin --admin_password contrail123 --admin_tenant_name admin --openstack_ip 10.10.10.20 --api_server_use_ssl False
[Thu May 11 18:45:43 2017 contrail_vrouter_provisioning.setup(24) INFO]: Compute provisioning complete
root@nodem8:~# cat /etc/contrail/contrail-vrouter-agent.conf | grep xmpp
xmpp_auth_enable = True
# xmpp_auth_enable=false
# xmpp_dns_auth_enable=false <<<<< NOT SET TO TRUE AND UNCOMMENTED
# xmpp_server_cert=/etc/contrail/ssl/certs/server.pem
# xmpp_server_key=/etc/contrail/ssl/private/server-privkey.pem
# xmpp_ca_cert=/etc/contrail/ssl/certs/ca-cert.pem
root@nodem8:~#
"2017-05-11 17:34:29, 330-INFO- sm_ansible_ callback. py:43-append( ): TASK [contrail/ bare_metal_ agent : Run contrail- compute- setup script, logs at /var/log/ contrail/ contrail_ vrouter_ provisioning. log]" 854-INFO- sm_ansible_ callback. py:43-append( ): fatal: [10.204.216.97]: FAILED! => {"changed": true, "cmd": "contrail- compute- setup --cfgm_ip 10.10.10.10 --keystone_ip 10.10.10.20 --self_ip 10.10.10.8 --non_mgmt_ip 10.10.10.8 --non_mgmt_gw 10.10.10.100 --hypervisor libvirt --keystone_ auth_protocol http --keystone_ auth_port 35357 --keystone_ admin_user admin --keystone_ admin_password contrail123 --keystone_ admin_tenant_ name admin --register --control-nodes 10.10.10.14 10.10.10.6 10.10.10.7 --collectors 10.10.10.14 10.10.10.6 10.10.10.7 --xmpp_auth_enable --xmpp_ dns_auth_ enable ", "delta": "0:00:00.200131", "end": "2017-05-11 17:34:29.811318", "failed": true, "rc": 2, "start": "2017-05-11 17:34:29.611187", "stderr": "[Thu May 11 17:34:29 2017 contrail_ vrouter_ provisioning. setup(18) INFO]: Compute provisioning initiated:\n ['/usr/ bin/contrail- compute- setup', '--cfgm_ip', '10.10.10.10', '--keystone_ip', '10.10.10.20', '--self_ip', '10.10.10.8', '--non_mgmt_ip', '10.10.10.8', '--non_mgmt_gw', '10.10.10.100', '--hypervisor', 'libvirt', '--keystone_ auth_protocol' , 'http', '--keystone_ auth_port' , '35357', '--keystone_ admin_user' , 'admin', '--keystone_ admin_password' , 'contrail123', '--keystone_ admin_tenant_ name', 'admin', '--register', '--control-nodes', '10.10.10.14', '10.10.10.6', '10.10.10.7', '--collectors', '10.10.10.14', '10.10.10.6', '10.10.10.7', '--xmpp_ auth_enable' , '--xmpp_ dns_auth_ enable' ]\nusage: contrail- compute- setup [-h] [--conf_file CONF_FILE] [--cfgm_ip CFGM_IP]\n [--keystone_ip KEYSTONE_IP] [--self_ip SELF_IP]\n [--hypervisor HYPERVISOR]\n [--mgmt_self_ip MGMT_SELF_IP]\n [--non_mgmt_ip NON_MGMT_IP]\n [--non_mgmt_gw NON_MGMT_GW]\n [--physical_ interface PHYSICAL_ INTERFACE] \n [--vgw_intf VGW_INTF]\n [--vgw_ public_ subnet VGW_PUBLIC_ SUBNET] \n [--vgw_ public_ vn_name VGW_PUBLIC_ VN_NAME] \n [--vgw_intf_list VGW_INTF_LIST]\n [--vgw_ gateway_ routes VGW_GATEWAY_ ROUTES] \n [--keystone_ auth_protocol KEYSTONE_ AUTH_PROTOCOL] \n [--keystone_ auth_port KEYSTONE_ AUTH_PORT] \n [--keystone_ admin_user KEYSTONE_ ADMIN_USER] \n [--keystone_ admin_password KEYSTONE_ ADMIN_PASSWORD] \n [--keystone_ admin_tenant_ name KEYSTONE_ ADMIN_TENANT_ NAME]\n [--neutron_password NEUTRON_PASSWORD]\n [--internal_vip INTERNAL_VIP]\n [--external_vip EXTERNAL_VIP]\n [--contrail_ internal_ vip CONTRAIL_ INTERNAL_ VIP]\n [--cpu_mode CPU_MODE] [--cpu_model CPU_MODEL]\n ...
"2017-05-11 17:34:29,