os_neutron Fails to install neutron role packages when VPNaaS is present

Bug #2039098 reported by Xavier Lauzon
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
openstack-ansible
Fix Released
Undecided
Unassigned

Bug Description

When VPNaaS is enabled, the os_neutron playbook fails due to the following error:

TASK [os_neutron : Install neutron role packages] ***********************************************************************************************************
fatal: [infra1]: FAILED! => {"attempts": 5, "changed": false, "failures": ["No package openswan available."], "msg": "Failed to install some of the specified packages", "rc": 1, "results": []}

Version: 2023.1
OS: Rocky Linux 9

description: updated
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to openstack-ansible-os_neutron (master)
Changed in openstack-ansible:
status: New → In Progress
Revision history for this message
Dmitriy Rabotyagov (noonedeadpunk) wrote :

Hi Xavier,

Thanks for reporting that.

Can you kindly check if the patch above would solve the issue and result in successfully working service afterwards?

FWIW, I'm not really sure in what shape is support for OpenSwan/LibreSwan drivers (and EL9 overall) in upstream neutron-vpnaas driver, as I doubt this scenario is tested there. I was fixing compatibility with EL8 there couple of years ago, but not sure what the state is as of today, as production VPNaaS consumers I know about tend to use Debian/Ubuntu instead. So there might be slightly more caveats down the road...

Revision history for this message
Xavier Lauzon (lumaexavier) wrote :

Hi Dmitriy,

I'll get back to you tomorrow with the test results.

We've noticed that there's been a few issues that seem to be exclusive to EL. For stability's sake, would it be advisable to switch to Deb/Ubuntu? Are there any notable pros/cons of doing so?

I appreciate your quick responses and fixes greatly

Revision history for this message
Dmitriy Rabotyagov (noonedeadpunk) wrote :

It's that more operators as of today are just using Deb/Ubuntu or moved there after CentOS Stream announcement. So EL part gets slightly less love since then.
Though we still attempt to keep it as stable as possible (which is not always) and folks from Rocky are helping us greatly with that.

So even if smth is broken, it's usually getting fix relatively fast, especially for Rocky.

So I guess it's more up to you to pick what you are feeling more comfortable with.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to openstack-ansible-os_neutron (master)

Reviewed: https://review.opendev.org/c/openstack/openstack-ansible-os_neutron/+/898008
Committed: https://opendev.org/openstack/openstack-ansible-os_neutron/commit/ef4d3278556c6e34f79b195cfb3e0d300f7184f7
Submitter: "Zuul (22348)"
Branch: master

commit ef4d3278556c6e34f79b195cfb3e0d300f7184f7
Author: Dmitriy Rabotyagov <email address hidden>
Date: Wed Oct 11 21:51:07 2023 +0200

    Update VPNaaS package for RHEL

    OpenSwan Package for IPSec has been replaced with libreswan in EL9.
    We missed to reflect that while adding EL9 support.

    Closes-Bug: #2039098
    Change-Id: I04742324ff472b3c40ee4c7d333305c67046aba2

Changed in openstack-ansible:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to openstack-ansible-os_neutron (stable/2023.1)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to openstack-ansible-os_neutron (stable/zed)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to openstack-ansible-os_neutron (stable/yoga)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to openstack-ansible-os_neutron (stable/zed)

Reviewed: https://review.opendev.org/c/openstack/openstack-ansible-os_neutron/+/898170
Committed: https://opendev.org/openstack/openstack-ansible-os_neutron/commit/4855de9a6641ef6acc77b5bbae3ff5c44a2af0c9
Submitter: "Zuul (22348)"
Branch: stable/zed

commit 4855de9a6641ef6acc77b5bbae3ff5c44a2af0c9
Author: Dmitriy Rabotyagov <email address hidden>
Date: Wed Oct 11 21:51:07 2023 +0200

    Update VPNaaS package for RHEL

    OpenSwan Package for IPSec has been replaced with libreswan in EL9.
    We missed to reflect that while adding EL9 support.

    Closes-Bug: #2039098
    Change-Id: I04742324ff472b3c40ee4c7d333305c67046aba2
    (cherry picked from commit ef4d3278556c6e34f79b195cfb3e0d300f7184f7)

tags: added: in-stable-zed
tags: added: in-stable-yoga
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to openstack-ansible-os_neutron (stable/yoga)

Reviewed: https://review.opendev.org/c/openstack/openstack-ansible-os_neutron/+/898171
Committed: https://opendev.org/openstack/openstack-ansible-os_neutron/commit/5f7e8e34a8e862ebfb12ecd89ba2f8f9f6853aff
Submitter: "Zuul (22348)"
Branch: stable/yoga

commit 5f7e8e34a8e862ebfb12ecd89ba2f8f9f6853aff
Author: Dmitriy Rabotyagov <email address hidden>
Date: Wed Oct 11 21:51:07 2023 +0200

    Update VPNaaS package for RHEL

    OpenSwan Package for IPSec has been replaced with libreswan in EL9.
    We missed to reflect that while adding EL9 support.

    Closes-Bug: #2039098
    Change-Id: I04742324ff472b3c40ee4c7d333305c67046aba2
    (cherry picked from commit ef4d3278556c6e34f79b195cfb3e0d300f7184f7)

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to openstack-ansible-os_neutron (stable/2023.1)

Reviewed: https://review.opendev.org/c/openstack/openstack-ansible-os_neutron/+/898169
Committed: https://opendev.org/openstack/openstack-ansible-os_neutron/commit/5605b90a4e4e743ec127212c645160832d0abe9d
Submitter: "Zuul (22348)"
Branch: stable/2023.1

commit 5605b90a4e4e743ec127212c645160832d0abe9d
Author: Dmitriy Rabotyagov <email address hidden>
Date: Wed Oct 11 21:51:07 2023 +0200

    Update VPNaaS package for RHEL

    OpenSwan Package for IPSec has been replaced with libreswan in EL9.
    We missed to reflect that while adding EL9 support.

    Closes-Bug: #2039098
    Change-Id: I04742324ff472b3c40ee4c7d333305c67046aba2
    (cherry picked from commit ef4d3278556c6e34f79b195cfb3e0d300f7184f7)

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.