Bug 1690896

Summary: [OSP13] TLS everywhere: the apache service wrongly requests certificates for all networks
Product: Red Hat OpenStack Reporter: ggrimaux
Component: puppet-tripleoAssignee: RHOS Maint <rhos-maint>
Status: CLOSED DUPLICATE QA Contact: nlevinki <nlevinki>
Severity: high Docs Contact:
Priority: high    
Version: 13.0 (Queens)CC: jjoyce, jschluet, slinaber, tvignaud
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-03-20 13:40:13 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description ggrimaux 2019-03-20 12:28:11 UTC 
Description of problem:
I have a client facing this upstream bug when trying to deploy overcloud with SSL everywhere:
https://bugs.launchpad.net/tripleo/+bug/1811207

            "Warning: tag is a metaparam; this value will inherit to all contained resources in the tripleo::firewall::rule definition", 
            "Warning: Could not get certificate: Execution of '/usr/bin/getcert request -I httpd-management -f /etc/pki/tls/certs/httpd/httpd-management.crt -c IPA -N CN= -K HTTP/ -D  -C \"pkill -USR1 httpd\" -w -k /etc/pki/tls/private/httpd/httpd-management.key' returned 2: New signing request \"httpd-management\" added.", 
            "Error: /Stage[main]/Tripleo::Profile::Base::Certmonger_user/Tripleo::Certmonger::Httpd[httpd-management]/Certmonger_certificate[httpd-management]: Could not evaluate: Could not get certificate: Server at https://kvm.triliodata.demo/ipa/xml denied our request, giving up: 3007 (RPC failed at server.  'fqdn' is required).", 
            "Warning: /Stage[main]/Tripleo::Certmonger::Ca::Crl/Exec[tripleo-ca-crl]: Skipping because of failed dependencies", 
            "Warning: /Stage[main]/Tripleo::Certmonger::Ca::Crl/File[tripleo-ca-crl-file]: Skipping because of failed dependencies", 
            "Warning: /Stage[main]/Tripleo::Certmonger::Ca::Crl/Exec[tripleo-ca-crl-process-command]: Skipping because of failed dependencies", 
            "Warning: /Stage[main]/Tripleo::Certmonger::Ca::Crl/Cron[tripleo-refresh-crl-file]: Skipping because of failed dependencies"

Could this be pull downstream ?

Version-Release number of selected component (if applicable):
puppet-tripleo-8.3.6-15.el7ost.noarch

How reproducible:
Unknown

Steps to Reproduce:
1. Deploy with SSL everywhere
2.
3.

Actual results:
Fails with the error
            "Warning: tag is a metaparam; this value will inherit to all contained resources in the tripleo::firewall::rule definition", 
            "Warning: Could not get certificate: Execution of '/usr/bin/getcert request -I httpd-management -f /etc/pki/tls/certs/httpd/httpd-management.crt -c IPA -N CN= -K HTTP/ -D  -C \"pkill -USR1 httpd\" -w -k /etc/pki/tls/private/httpd/httpd-management.key' returned 2: New signing request \"httpd-management\" added.", 
            "Error: /Stage[main]/Tripleo::Profile::Base::Certmonger_user/Tripleo::Certmonger::Httpd[httpd-management]/Certmonger_certificate[httpd-management]: Could not evaluate: Could not get certificate: Server at https://kvm.triliodata.demo/ipa/xml denied our request, giving up: 3007 (RPC failed at server.  'fqdn' is required).", 
            "Warning: /Stage[main]/Tripleo::Certmonger::Ca::Crl/Exec[tripleo-ca-crl]: Skipping because of failed dependencies", 
            "Warning: /Stage[main]/Tripleo::Certmonger::Ca::Crl/File[tripleo-ca-crl-file]: Skipping because of failed dependencies", 
            "Warning: /Stage[main]/Tripleo::Certmonger::Ca::Crl/Exec[tripleo-ca-crl-process-command]: Skipping because of failed dependencies", 
            "Warning: /Stage[main]/Tripleo::Certmonger::Ca::Crl/Cron[tripleo-refresh-crl-file]: Skipping because of failed dependencies"

Expected results:
Goes beyond that part.

Additional info:
Comment 1 ggrimaux 2019-03-20 13:37:43 UTC 
Sorry it seem it was backported after all.

BZ 1643423

Closing BZ
Comment 2 ggrimaux 2019-03-20 13:40:13 UTC 

*** This bug has been marked as a duplicate of bug 1643423 ***