DescriptionMircea Vutcovici
2018-10-06 01:29:31 UTC
Description of problem:
The command "openstack undercloud install" fails with:
2018-10-02T18:38:49Z DEBUG args=/usr/sbin/ipa-join -s rhelipaclient.id.sl.test.vzcpe.net -b dc=d,dc=sl,dc=test,dc=vzcpe,dc=net -h txslst02nce-h-pe1dluc-001.d.sl.test.vzcpe.net -w XXXXXXXX
2018-10-02T18:38:49Z DEBUG Process finished, return code=15
2018-10-02T18:38:49Z DEBUG stdout=
2018-10-02T18:38:49Z DEBUG stderr=Incorrect password.
However we found that the root cause was that the certificate downloaded from IPA server (http://rhelipaclient.d.sl.test.vzcpe.net/ipa/config/ca.crt) was an intermediate certificate, not the root certificate.
The problem is that the error is misleading. The password was fine, but the problem was that the certificate validation failed.
Version-Release number of selected component (if applicable):
How reproducible:
Steps to Reproduce:
1.
2.
3.
Actual results:
Expected results:
Additional info:
The current plan is to land these changes into TripleO-Validations during OSP16 while testing against older environments to ensure they work against OSP13 and newer. Documentation will be written walking through use in OSP13 as TripleO-Validations is set to be in Tech Preview until OSP17.
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.
https://access.redhat.com/errata/RHEA-2020:0283