Bug 1602891

Summary: Octavia and Barbican fail to deploy along with TLS Everywhere
Product: Red Hat OpenStack Reporter: Andrew Austin <aaustin>
Component: openstack-tripleo-heat-templatesAssignee: Juan Antonio Osorio <josorior>
Status: CLOSED ERRATA QA Contact: Pavan <pkesavar>
Severity: high Docs Contact:
Priority: high    
Version: 13.0 (Queens)CC: aaustin, amuller, ccopello, cgoncalves, gouthamr, hrybacki, jagee, josorior, kbasil, mburns, mhernon, nkinder, rzaleski, slinaber
Target Milestone: z4Keywords: TestOnly, Triaged, ZStream
Target Release: 13.0 (Queens)   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: openstack-tripleo-heat-templates-8.0.4-30.el7ost Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-03-14 13:54:51 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Andrew Austin 2018-07-18 18:14:54 UTC 
Description of problem:
When deploying either Barbican or Octavia with TLS everywhere, the deployment fails with a MySQL authentication error. The db_sync containers do not have the my.cnf.d files that dictate SSL usage and the privilege grants for the Octavia and Barbican users require the use of SSL.

Version-Release number of selected component (if applicable):
13.0 (GA)

How reproducible:
Attempt to deploy an overcloud with Octavia or Barbican along with TLS everywhere. Observe that the deployment fails with a MySQL authentication failure.

Actual results:
The deployment fails with a MySQL authentication error from the db_sync containers.

Expected results:
The deployment should succeed.
Comment 1 Dan Prince 2018-07-18 20:00:16 UTC 
Moving to DF:Security since this is related to Barbican. We are able to assist with the efforts here too.
Comment 2 Dan Prince 2018-07-18 20:00:43 UTC 
Moving to DF:Security since this is related to Barbican. We are able to assist with the efforts here too.
Comment 18 errata-xmlrpc 2019-03-14 13:54:51 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2019:0448