Bug 1619242

Summary: note that deployment of tls certs is necessary on new nodes during expand if RHGS WA uses tls based etcd client server auth
Product: [Red Hat Storage] Red Hat Gluster Storage Reporter: Martin Bukatovic <mbukatov>
Component: doc-RHGS_Web_AdministrationAssignee: storage-doc
Status: CLOSED CURRENTRELEASE QA Contact: Martin Bukatovic <mbukatov>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: rhgs-3.4CC: apaladug, asriram, fbalak, rhs-bugs, sankarshan
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-02-15 10:13:06 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1623518    

Description Martin Bukatovic 2018-08-20 12:05:08 UTC 
Document URL
============

Red Hat Gluster Storage 3.4: Monitoring Gluster Cluster

version from doc-stage

Section Number and Name
=======================

Chapter 3. Cluster Expansion

Section: Running Tendrl-ansible installation for new nodes

Describe the issue
==================

When customer uses tls based etcd client server authentication, it's necessary
to deploy tls certificates on the new machines as well before running the
tendrl-ansible as described in given section.

When one forgets this, the expand feature won't be available, because WA
components on new machines won't be able to talk to WA's etcd instance.

See eng BZ 1614874 (NOT A BUG) for details on this scenario.

Suggestions for improvement
===========================

Add a note or admonition to the chapter "Running Tendrl-ansible installation
for new nodes" about the need to deploy tls certificates before running tendrl
ansible if one uses tls based client server authentication (ansible variable
etcd_tls_client_auth is set to True).

Additional information
======================

This was originally suggested to be included in troubleshooting guide, but
having this directly in "Cluster Expansion" chapter as a not would be nice
as well.
Comment 3 Martin Bukatovic 2018-12-17 13:52:26 UTC 
The new admonition looks good.