When Nodepool spawns a Trusty image, the instance stall on boot while doing the puppet certificate work:
Info: Creating a new SSL key for i-00000b80.eqiad.wmflabs Info: Caching certificate for ca Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml Info: Creating a new SSL certificate request for i-00000b80.eqiad.wmflabs Info: Certificate Request fingerprint (SHA256): 24:DD:BF:BC:FA:B4:42:BC:E5:3D:58:F5:15:9F:51:D1:DE:7B:11:E1:F1:99:6A:D8:3A:CB:6F:B2:D4:E0:F6:BB Info: Caching certificate for ca Notice: Did not receive certificate Notice: Did not receive certificate Notice: Did not receive certificate
On Wikitech, the Nova_Resource page shows that it is missing a few fields injected by OpenStackManager. Compared to the an instance manually created, the instance spawned by Nodepool one is missing the fields:
Resource type instance Image Id ubuntu-14.04-trusty FQDN i-00000b7b.eqiad.wmflabs Puppet Class base, role::labs::instance Puppet Var realm=labs, use_dnsmasq=true, instanceproject=contintcloud, instancename=trusty-manual
Looking at firstboot.sh, the script does a LDAP search to grab puppet vars:
$ ldapsearch -x -D 'cn=proxyagent,ou=profile,dc=wikimedia,dc=org' -w '###########' -b 'ou=hosts,dc=wikimedia,dc=org' 'dc=i-00000b7b.eqiad.wmflabs'|grep puppetVar puppetVar: realm=labs puppetVar: use_dnsmasq=true puppetVar: instanceproject=contintcloud puppetVar: instancename=trusty-manual
The same query yields nothing for the NodePool instance since that is injected by OpenStack manager.