Closed ccollicutt closed 10 years ago
Actually it looks like a bug, because there are two restarts, one for debian and one for redhat but the when criteria didn't include "keystone.changed" for the debian restart whereas the redhat restart did.
And it may also be some kind of bug in keystone?
(keystone.openstack.common.versionutils): 2014-07-13 08:18:18,045 WARNING Deprecated: keystone.middleware.core.XmlBodyMiddleware is deprecated as of Icehouse in favor of support for "application/json" only and may be removed in K.
(keystone.common.environment.eventlet_server): 2014-07-13 08:20:54,144 ERROR Server error
Traceback (most recent call last):
File "/usr/lib/python2.7/dist-packages/keystone/common/environment/eventlet_server.py", line 121, in _run
log=log.WritableLogger(logger), debug=False)
File "/usr/lib/python2.7/dist-packages/eventlet/wsgi.py", line 671, in server
client_socket = sock.accept()
File "/usr/lib/python2.7/dist-packages/eventlet/green/ssl.py", line 279, in accept
suppress_ragged_eofs=self.suppress_ragged_eofs)
File "/usr/lib/python2.7/dist-packages/eventlet/green/ssl.py", line 46, in __init__
super(GreenSSLSocket, self).__init__(sock.fd, *args, **kw)
File "/usr/lib/python2.7/ssl.py", line 241, in __init__
ciphers)
SSLError: [Errno 336265218] _ssl.c:355: error:140B0002:SSL routines:SSL_CTX_use_PrivateKey_file:system lib
Actually it was a bug, typo. The when check was not checking the return code, just if keystone_pem_missing > 0. oof.
- name: remove /etc/keystone/ssl if there is not a keystone.pem file
file: path=/etc/keystone/ssl state=absent
when: keystone_pem_missing.rc > 0
changed_when: keystone_pem_missing.rc > 0
I don't remember why I'm restarting keystone on every run, but I shouldn't be.
However, right now that occasionally creates an error in the playbook run because keystone isn't listening.
I think it's because a connection is still open. Note the 192.168.100.50:35357 192.168.100.50:48032 CLOSE_WAIT.