Bug 1572278
Summary: | After undercloud ssl certificate is updated, ca-trust is not updated automatically | |||
---|---|---|---|---|
Product: | Red Hat OpenStack | Reporter: | Harry Rybacki <hrybacki> | |
Component: | puppet-tripleo | Assignee: | RHOS Maint <rhos-maint> | |
Status: | CLOSED ERRATA | QA Contact: | Pavan <pkesavar> | |
Severity: | medium | Docs Contact: | ||
Priority: | high | |||
Version: | 10.0 (Newton) | CC: | achernet, aschultz, ftaylor, hrybacki, jjoyce, josorior, jschluet, mburns, nalmond, nkinder, rcritten, rhel-osp-director-maint, sclewis, slinaber, tvignaud | |
Target Milestone: | beta | Keywords: | Triaged | |
Target Release: | 13.0 (Queens) | |||
Hardware: | Unspecified | |||
OS: | Linux | |||
Whiteboard: | ||||
Fixed In Version: | puppet-tripleo-8.3.2-4.el7ost | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | ||
Clone Of: | 1547248 | |||
: | 1572280 1595876 (view as bug list) | Environment: | ||
Last Closed: | 2018-06-27 13:53:50 UTC | Type: | Bug | |
Regression: | --- | Mount Type: | --- | |
Documentation: | --- | CRM: | ||
Verified Versions: | Category: | --- | ||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
Cloudforms Team: | --- | Target Upstream Version: | ||
Embargoed: | ||||
Bug Depends On: | 1547248, 1595876 | |||
Bug Blocks: | 1572280, 1572282 |
Comment 3
Harry Rybacki
2018-04-26 15:51:34 UTC
This item has been properly Triaged and planned for the OSP13 release, and is being tagged for tracking. For details, see https://url.corp.redhat.com/1851efd So, certmonger should update the local CA certificate when at least one of these two things happen: * when certmonger is restarted * when a certificate is requested for that CA so, the thing to verify would be that, when the certificate expires, you should restart certmonger, and then run the undercloud install again. That should update the trust of that certificate. The execution doesn't happen in a shell. This should be put into a script (bash, python, whatever) in /usr/libexec/<something>/<something> and set that as the post command. You can define arguments to be passed in when setting the post-callback command. For example: /usr/libexec/director/renew_cert /etc/pki/tls/certs/undercloud-front.crt /etc/pki/tls/private/undercloud-front.key /etc/pki/tls/certs/undercloud-192.168.24.2.pem Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHEA-2018:2086 |