[13->16.2 FFU] bootstrap controller failing on "Check Keystone project status" task
Issue
- In this environment, the first controller upgrade is failing on the following upgrade task: Check Keystone project status during the step: "openstack overcloud upgrade run --stack overcloud --limit overcloud-controller-0":
2022-06-22 16:38:16.031613 | 525400c7-f74c-d785-76ad-000000000328 | WAITING | Check Keystone project status | controller-0 | 1 retries left │·······················································
│·······················································
2022-06-22 16:38:21.537352 | 525400c7-f74c-d785-76ad-000000000328 | FATAL | Check Keystone project status | controller-0 -> localhost | item=service | error={"ansibl│·······················································
e_job_id": "714173508577.43144", "ansible_loop_var": "tripleo_keystone_resources_project_async_result_item", "attempts": 30, "changed": false, "finished": 0, "started": 1,│·······················································
"tripleo_keystone_resources_project_async_result_item": {"ansible_job_id": "714173508577.43144", "ansible_loop_var": "tripleo_keystone_resources_project", "changed": true│·······················································
, "failed": false, "finished": 0, "results_file": "/root/.ansible_async/714173508577.43144", "started": 1, "tripleo_keystone_resources_project": "service"}} │·······················································
2022-06-22 16:38:21.660422 | 525400c7-f74c-d785-76ad-0000000000d2 | SUMMARY | controller-0 | Manage Keystone domains from LDAP config | 0.06s │·······················································
2022-06-22 16:38:21.660488 | 525400c7-f74c-d785-76ad-0000000000d0 | SUMMARY | controller-0 | is Keystone LDAP enabled | 0.06s │·······················································
2022-06-22 16:38:21.660555 | 525400c7-f74c-d785-76ad-00000000009c | SUMMARY | controller-0 | include_tasks | 0.06s │·······················································
This environment has a LDAP domain and some signs of an unused federated auth config.
Initially, this failure seemed to be related to a SSL (LDAP/ssl) crypto incompatibility with rhel8; however, after disabling SSL for LDAP and ensuring successful LDAP communication the upgrade continued to fail at this step with no related keystone error.
Environment
- Red Hat OpenStack Platform 13
- Red Hat OpenStack Platform 16.2
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.