Public bug reported: Description ===========
Fresh Install Ubuntu 16.04 I followed Ubuntu install guide up to Install Nova on Controller, I configured Nova.conf and specified api_database and database connection string with SSL/TLS Parameters, then ran the DB commands. The following are successful. su -s /bin/sh -c "nova-manage api_db sync" nova su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova The following command fails with error su -s /bin/sh -c "nova-manage db sync" nova ERROR: could not access cell mapping database - has api db been created? My connection string is as follows connection = mysql+pymysql://nova:my_password@my_IP/nova_api?charset=utf8&ssl_ca=/etc/nova/tls/mysql /ca-cert.pem&ssl_cert=/etc/nova/tls/mysql/server- cert.pem&ssl_key=/etc/nova/tls/mysql/server-key.pem The following connection string is what appears in the database table mysql+pymysql://nova:[email protected]/nova?charset=utf8&ssl_ca=/etc/nova/tls/mysql /ca-cert.pem&ssl_cert=/etc/nova/tls/mysql/server- cert.pem&ssl_key=/etc/nova/tls/mysql/server-key.pemnova_cell0 <mriedem> on #openstack-nova suggests that this is a string substitution bug. Steps to reproduce =============== 1. Install Ubuntu 16.04 2. Install Keystone 3. Configure Database connection string with TLS/SSL Parameters 4. Install Glance 5. Configure Database connection string with TLS/SSL Parameters 6. Install Nova 7. Configure Database connection string with TLS/SSL Parameters 8. Run the DB sync commands in order from the Docs Failure at > su -s /bin/sh -c "nova-manage db sync" nova Expected result =============== Nova database Populates without error Actual result ============= Nova database does not populate and following error thrown ERROR: could not access cell mapping database - has api db been created? Environment =========== Ocata Ubuntu cloud Archive nova-api 2:15.0.5-0ubuntu1~cloud0 all OpenStack Compute - API frontend nova-common 2:15.0.5-0ubuntu1~cloud0 all OpenStack Compute - common files nova-conductor 2:15.0.5-0ubuntu1~cloud0 all OpenStack Compute - conductor service nova-consoleauth 2:15.0.5-0ubuntu1~cloud0 all OpenStack Compute - Console Authenticator nova-novncproxy 2:15.0.5-0ubuntu1~cloud0 all OpenStack Compute - NoVNC proxy nova-placement-api 2:15.0.5-0ubuntu1~cloud0 all OpenStack Compute - placement API frontend nova-scheduler 2:15.0.5-0ubuntu1~cloud0 all OpenStack Compute - virtual machine scheduler python-nova 2:15.0.5-0ubuntu1~cloud0 all OpenStack Compute Python libraries python-novaclient 2:7.1.0-0ubuntu1~cloud0 all client library for OpenStack Compute API - Python 2.7 OpenVSwitch KVM Logs & Configs ============== [DEFAULT] #debug = true ##################################### #dhcpbridge_flagfile=/etc/nova/nova.conf #dhcpbridge=/usr/bin/nova-dhcpbridge #force_dhcp_release=true ##################################### my_ip = my_ip state_path = /var/lib/nova #### enabled_apis = osapi_compute,metadata enabled_ssl_apis = osapi_compute,metadata #### osapi_compute_listen = my_ip osapi_compute_listen_port = 8774 #### metadata_host = $my_ip metadata_listen = my_ip metadata_listen_port = 8775 metadata_port = 8775 ##### rootwrap_config = /etc/nova/rootwrap.conf api_paste_config = /etc/nova/api-paste.ini log_dir = /var/log/nova use_neutron = True firewall_driver = nova.virt.firewall.NoopFirewallDriver ###### cert = /etc/nova/tls/server-cert.pem key = /etc/nova/tls/server-key.pem ssl_only = True transport_url = rabbit://controller01:my_password@my_ip compute_api_class=nova.compute.cells_api.ComputeCellsAPI [api] auth_strategy = keystone [api_database] connection = mysql+pymysql://nova:my_password@my_ip/nova_api?charset=utf8&ssl_ca=/etc/nova/tls/mysql/ca-cert.pem&ssl_cert=/etc/nova/tls/mysql/server-cert.pem&ssl_key=/etc/nova/tls/mysql/server-key.pem #connection_debug = 1 [barbican] [cache] [cells] enable=True cell_type = api [cinder] [cloudpipe] [conductor] [console] [consoleauth] [cors] [cors.subdomain] [crypto] ## cert_file = /etc/nova/tls/server-cert.pem key_file = /etc/nova/tls/server-key.pem ca_file = /etc/nova/tls/ca-cert.pem ## [database] connection = mysql+pymysql://nova:my_password@my_ip/nova?charset=utf8&ssl_ca=/etc/nova/tls/mysql/ca-cert.pem&ssl_cert=/etc/nova/tls/mysql/server-cert.pem&ssl_key=/etc/nova/tls/mysql/server-key.pem #connection_debug = 1 [ephemeral_storage_encryption] [filter_scheduler] [glance] api_servers = https://my_ip:9292 api_insecure = False [guestfs] [healthcheck] [hyperv] [image_file_url] [ironic] [key_manager] [keystone_authtoken] auth_uri = https://my_ip:5000 auth_url = https://my_ip:35357 memcached_servers = my_ip:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = nova password = my_password ### certfile = /etc/nova/tls/server-cert.pem keyfile = /etc/nova/tls/server-key.pem cafile = /etc/nova/tls/ca-cert.pem service_token_roles_required = True ### [libvirt] [matchmaker_redis] [metrics] [mks] [neutron] [notifications] [osapi_v21] [oslo_concurrency] lock_path=/var/lib/nova/tmp [oslo_messaging_amqp] [oslo_messaging_kafka] [oslo_messaging_notifications] [oslo_messaging_rabbit] rabbit_use_ssl = True kombu_ssl_keyfile = /etc/nova/tls/server-key.pem kombu_ssl_certfile = /etc/nova/tls/server-cert.pem kombu_ssl_ca_certs = /etc/nova/tls/ca-cert.pem kombu_ssl_version = TLSv1_2 rpc_reply_retry_attempts = 10 rpc_retry_delay = 10.0 socket_timeout = 0.25 tcp_user_timeout = 10.0 [oslo_messaging_zmq] [oslo_middleware] [oslo_policy] [pci] [placement] os_region_name = RegionOne project_domain_name = Default project_name = service user_domain_name = Default username = placement password = my_password auth_url = https://my_IP:35357/v3 auth_type = password certfile = /etc/nova/tls/server-cert.pem keyfile = /etc/nova/tls/server-key.pem cafile = /etc/nova/tls/ca-cert.pem insecure = False [quota] [rdp] [remote_debug] [scheduler] [serial_console] [service_user] [spice] [ssl] cert_file = /etc/nova/tls/server-cert.pem key_file = /etc/nova/tls/server-key.pem ca_file = /etc/nova/tls/ca-cert.pem ciphers = AES256-GCM-SHA384 version = TLSv1_2 [trusted_computing] [upgrade_levels] [vendordata_dynamic_auth] [vmware] [vnc] enabled = True vncserver_listen = 0.0.0.0 vncserver_proxyclient_address = $my_ip novncproxy_base_url = https://my_IP:6080/vnc_auto.html [workarounds] [wsgi] api_paste_config=/etc/nova/api-paste.ini secure_proxy_ssl_header = https ssl_key_file = /etc/nova/tls/server-key.pem ssl_cert_file = /etc/nova/tls/server-cert.pem ssl_ca_file = /etc/nova/tls/ca-cert.pem [xenserver] [xvp] ** Affects: nova Importance: Undecided Status: New ** Attachment added: "nova-manage logs" https://bugs.launchpad.net/bugs/1706118/+attachment/4920527/+files/nova-manage-logs.txt -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Compute (nova). https://bugs.launchpad.net/bugs/1706118 Title: Adding TLS Connection String To Database Connection Causes malformed URL in cell_mappings DB Status in OpenStack Compute (nova): New Bug description: Description =========== Fresh Install Ubuntu 16.04 I followed Ubuntu install guide up to Install Nova on Controller, I configured Nova.conf and specified api_database and database connection string with SSL/TLS Parameters, then ran the DB commands. The following are successful. su -s /bin/sh -c "nova-manage api_db sync" nova su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova The following command fails with error su -s /bin/sh -c "nova-manage db sync" nova ERROR: could not access cell mapping database - has api db been created? My connection string is as follows connection = mysql+pymysql://nova:my_password@my_IP/nova_api?charset=utf8&ssl_ca=/etc/nova/tls/mysql /ca-cert.pem&ssl_cert=/etc/nova/tls/mysql/server- cert.pem&ssl_key=/etc/nova/tls/mysql/server-key.pem The following connection string is what appears in the database table mysql+pymysql://nova:[email protected]/nova?charset=utf8&ssl_ca=/etc/nova/tls/mysql /ca-cert.pem&ssl_cert=/etc/nova/tls/mysql/server- cert.pem&ssl_key=/etc/nova/tls/mysql/server-key.pemnova_cell0 <mriedem> on #openstack-nova suggests that this is a string substitution bug. Steps to reproduce =============== 1. Install Ubuntu 16.04 2. Install Keystone 3. Configure Database connection string with TLS/SSL Parameters 4. Install Glance 5. Configure Database connection string with TLS/SSL Parameters 6. Install Nova 7. Configure Database connection string with TLS/SSL Parameters 8. Run the DB sync commands in order from the Docs Failure at > su -s /bin/sh -c "nova-manage db sync" nova Expected result =============== Nova database Populates without error Actual result ============= Nova database does not populate and following error thrown ERROR: could not access cell mapping database - has api db been created? Environment =========== Ocata Ubuntu cloud Archive nova-api 2:15.0.5-0ubuntu1~cloud0 all OpenStack Compute - API frontend nova-common 2:15.0.5-0ubuntu1~cloud0 all OpenStack Compute - common files nova-conductor 2:15.0.5-0ubuntu1~cloud0 all OpenStack Compute - conductor service nova-consoleauth 2:15.0.5-0ubuntu1~cloud0 all OpenStack Compute - Console Authenticator nova-novncproxy 2:15.0.5-0ubuntu1~cloud0 all OpenStack Compute - NoVNC proxy nova-placement-api 2:15.0.5-0ubuntu1~cloud0 all OpenStack Compute - placement API frontend nova-scheduler 2:15.0.5-0ubuntu1~cloud0 all OpenStack Compute - virtual machine scheduler python-nova 2:15.0.5-0ubuntu1~cloud0 all OpenStack Compute Python libraries python-novaclient 2:7.1.0-0ubuntu1~cloud0 all client library for OpenStack Compute API - Python 2.7 OpenVSwitch KVM Logs & Configs ============== [DEFAULT] #debug = true ##################################### #dhcpbridge_flagfile=/etc/nova/nova.conf #dhcpbridge=/usr/bin/nova-dhcpbridge #force_dhcp_release=true ##################################### my_ip = my_ip state_path = /var/lib/nova #### enabled_apis = osapi_compute,metadata enabled_ssl_apis = osapi_compute,metadata #### osapi_compute_listen = my_ip osapi_compute_listen_port = 8774 #### metadata_host = $my_ip metadata_listen = my_ip metadata_listen_port = 8775 metadata_port = 8775 ##### rootwrap_config = /etc/nova/rootwrap.conf api_paste_config = /etc/nova/api-paste.ini log_dir = /var/log/nova use_neutron = True firewall_driver = nova.virt.firewall.NoopFirewallDriver ###### cert = /etc/nova/tls/server-cert.pem key = /etc/nova/tls/server-key.pem ssl_only = True transport_url = rabbit://controller01:my_password@my_ip compute_api_class=nova.compute.cells_api.ComputeCellsAPI [api] auth_strategy = keystone [api_database] connection = mysql+pymysql://nova:my_password@my_ip/nova_api?charset=utf8&ssl_ca=/etc/nova/tls/mysql/ca-cert.pem&ssl_cert=/etc/nova/tls/mysql/server-cert.pem&ssl_key=/etc/nova/tls/mysql/server-key.pem #connection_debug = 1 [barbican] [cache] [cells] enable=True cell_type = api [cinder] [cloudpipe] [conductor] [console] [consoleauth] [cors] [cors.subdomain] [crypto] ## cert_file = /etc/nova/tls/server-cert.pem key_file = /etc/nova/tls/server-key.pem ca_file = /etc/nova/tls/ca-cert.pem ## [database] connection = mysql+pymysql://nova:my_password@my_ip/nova?charset=utf8&ssl_ca=/etc/nova/tls/mysql/ca-cert.pem&ssl_cert=/etc/nova/tls/mysql/server-cert.pem&ssl_key=/etc/nova/tls/mysql/server-key.pem #connection_debug = 1 [ephemeral_storage_encryption] [filter_scheduler] [glance] api_servers = https://my_ip:9292 api_insecure = False [guestfs] [healthcheck] [hyperv] [image_file_url] [ironic] [key_manager] [keystone_authtoken] auth_uri = https://my_ip:5000 auth_url = https://my_ip:35357 memcached_servers = my_ip:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = nova password = my_password ### certfile = /etc/nova/tls/server-cert.pem keyfile = /etc/nova/tls/server-key.pem cafile = /etc/nova/tls/ca-cert.pem service_token_roles_required = True ### [libvirt] [matchmaker_redis] [metrics] [mks] [neutron] [notifications] [osapi_v21] [oslo_concurrency] lock_path=/var/lib/nova/tmp [oslo_messaging_amqp] [oslo_messaging_kafka] [oslo_messaging_notifications] [oslo_messaging_rabbit] rabbit_use_ssl = True kombu_ssl_keyfile = /etc/nova/tls/server-key.pem kombu_ssl_certfile = /etc/nova/tls/server-cert.pem kombu_ssl_ca_certs = /etc/nova/tls/ca-cert.pem kombu_ssl_version = TLSv1_2 rpc_reply_retry_attempts = 10 rpc_retry_delay = 10.0 socket_timeout = 0.25 tcp_user_timeout = 10.0 [oslo_messaging_zmq] [oslo_middleware] [oslo_policy] [pci] [placement] os_region_name = RegionOne project_domain_name = Default project_name = service user_domain_name = Default username = placement password = my_password auth_url = https://my_IP:35357/v3 auth_type = password certfile = /etc/nova/tls/server-cert.pem keyfile = /etc/nova/tls/server-key.pem cafile = /etc/nova/tls/ca-cert.pem insecure = False [quota] [rdp] [remote_debug] [scheduler] [serial_console] [service_user] [spice] [ssl] cert_file = /etc/nova/tls/server-cert.pem key_file = /etc/nova/tls/server-key.pem ca_file = /etc/nova/tls/ca-cert.pem ciphers = AES256-GCM-SHA384 version = TLSv1_2 [trusted_computing] [upgrade_levels] [vendordata_dynamic_auth] [vmware] [vnc] enabled = True vncserver_listen = 0.0.0.0 vncserver_proxyclient_address = $my_ip novncproxy_base_url = https://my_IP:6080/vnc_auto.html [workarounds] [wsgi] api_paste_config=/etc/nova/api-paste.ini secure_proxy_ssl_header = https ssl_key_file = /etc/nova/tls/server-key.pem ssl_cert_file = /etc/nova/tls/server-cert.pem ssl_ca_file = /etc/nova/tls/ca-cert.pem [xenserver] [xvp] To manage notifications about this bug go to: https://bugs.launchpad.net/nova/+bug/1706118/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
