Bug 1858851

Summary: [TESTONLY] Test TLS Cinder A/A to etcd with tripleo-ipa
Product: Red Hat OpenStack Reporter: Gregory Charot <gcharot>
Component: openstack-tripleo-heat-templatesAssignee: Alan Bishop <abishop>
Status: CLOSED CURRENTRELEASE QA Contact: Tzach Shefi <tshefi>
Severity: medium Docs Contact:
Priority: medium    
Version: 16.1 (Train)CC: alee, mburns, mkrcmari, nwolf, rheslop
Target Milestone: z2Keywords: FutureFeature, TestOnly, Triaged
Target Release: 16.1 (Train on RHEL 8.2)   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: openstack-tripleo-heat-templates-11.3.2-0.20200616081537.396affd.el8ost Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-10-15 10:53:06 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1859750, 1873329    
Bug Blocks: 1802774, 1879664    

Description Gregory Charot 2020-07-20 14:55:45 UTC 
Description of problem:

Currently DCN with TLS-e (novajoin) does not support TLS between Cinder A/A (at the edge) and the DLM (etcd).

With the introduction of triple-ipa as an alternative of novajoin it is possible to enable TLS on that flow.

This RFE is to track the testing of DCN + TLS-e Tripleo-ipa + Cinder at the edge and ensure cinder to etcd flow is indeed encrypted.

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:
Comment 1 Alan Bishop 2020-07-20 15:16:25 UTC 
The tls-e deployment needs to include these additional settings (substitute $THT with the path to your tripleo heat templates).

resource_registry:
  OS::TripleO::Services::IpaClient: $THT/deployment/ipa/ipaservices-baremetal-ansible.yaml                                                                                                    

parameter_defaults:
  EnableEtcdInternalTLS: true
Comment 7 Marian Krcmarik 2020-08-31 14:25:22 UTC 
There were couple of new bugs filed, one of them not that severe and the other one very severe if glance is being deployed on the EDGE site.
1. https://bugzilla.redhat.com/show_bug.cgi?id=1869001
2. https://bugzilla.redhat.com/show_bug.cgi?id=1869001
The second one prevents successful deployment with glance deployed at the Edge site.
Comment 8 Alan Bishop 2020-08-31 14:33:32 UTC 
I think for number 2 you mean bug #1873329.
Comment 13 Lon Hohberger 2020-10-15 10:53:06 UTC 
According to our records, this should be resolved by openstack-tripleo-heat-templates-11.3.2-0.20200616081539.396affd.el8ost.  This build is available now.
Comment 14 Red Hat Bugzilla 2023-09-14 06:04:07 UTC 
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 1000 days