Page MenuHomePhabricator

puppet vs. stretch vs. keystone
Closed, ResolvedPublic


On cloudcontrol2001-dev, keystone is sometimes running and sometimes not... it seems like a coin-toss. Explicitly starting it with 'service keystone start' generally does not result in it running.

It's also the case that puppet never settles down into a stable state on that system. I suspect these facts are related.


I've confirmed that puppet runs are stable on cloudcontrol1003 which has a similar catalog but for Jessie.

Event Timeline

This seems to be some kind of conflict in the packages? between python-ldap and keystone. I will investigate.

aborrero triaged this task as Medium priority.May 20 2019, 12:07 PM
aborrero moved this task from Inbox to Doing on the cloud-services-team (Kanban) board.

I originally tried to solve this with this patch because python-pyldap was a fork of python-ldap.

It turns out that python-ldap is installed also by:

class ldap::client::utils($ldapconfig) {
    require_package('python-ldap', 'python-pycurl')
aborrero@cumin1001:~ $ sudo cumin "P{R:Class = ldap::client::utils}"
15 hosts will be targeted:
DRY-RUN mode enabled, aborting

Since python-ldap can be replaced by python-pyldap my proposal is to simply drop python-ldap from ldap::client::utils.

But wait! this seems to be a bit more complex:

14:30 <arturo> hey zigo, can you share some hints on `python-pyldap` vs `python-ldap`?
14:30 <zigo> arturo: I can't remember the exact details, but basically, the fork got remerged.
14:30 <zigo> I can't remember what the direction is, sorry ...
14:30 <arturo> -_-
14:30 <zigo> But the one with version 3 has the re-merge.

So it seems we have another super special snowflake here.

I should investigate now how to deal with this combo... CC'ing @jbond and @MoritzMuehlenhoff just in case.

Change 511413 had a related patch set uploaded (by Arturo Borrero Gonzalez; owner: Arturo Borrero Gonzalez):
[operations/puppet@production] ldap::client::utils: don't require python-ldap if already declared

Change 511413 merged by Andrew Bogott:
[operations/puppet@production] ldap::client::utils: don't require python-ldap if already declared

This seems better now!

Change 511460 had a related patch set uploaded (by Andrew Bogott; owner: Andrew Bogott):
[operations/puppet@production] keystone: set logdir group to 'keystone'

Change 511460 merged by Andrew Bogott:
[operations/puppet@production] keystone: set logdir group to 'keystone'