Bug 1378115

Summary: SSL/TLS documentation omits a critical step - copy CA to undercloud
Product: Red Hat OpenStack Reporter: Ken Savich <ksavich>
Component: documentationAssignee: Dan Macpherson <dmacpher>
Status: CLOSED NOTABUG QA Contact: RHOS Documentation Team <rhos-docs>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 9.0 (Mitaka)CC: dcadzow, dlamotta, dmacpher, ksavich, srevivo
Target Milestone: ---   
Target Release: 10.0 (Newton)   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-10-24 13:23:11 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Ken Savich 2016-09-21 13:52:03 UTC 
Description of problem:

ref: https://access.redhat.com/documentation/en/red-hat-openstack-platform/9/paged/director-installation-and-usage/appendix-a-ssl-tls-certificate-configuration

Section A.2 describes copying the generated CA cert to clients, but this needs to be copied to the undercloud node as well. Certificate generation will fail later on, thus causing installation of the undercloud to fail.

The step:

$ sudo cp ca.crt.pem /etc/pki/ca-trust/source/anchors/

needs to be completed on the undercloud node.

Version-Release number of selected component (if applicable):

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:
Comment 2 Dan Macpherson 2016-09-21 14:15:53 UTC 
Hi Ken,

Thanks for the report. This is mentioned in the later section A.6. Using the Certificate with the Undercloud.

I might close this BZ since the information is already in the guide, but was there anything else in that appendix that seems out of place?
Comment 3 Ken Savich 2016-10-24 13:23:11 UTC 
Dan - sorry for the delay. Go ahead and close, I think this was an error on our side. 

best