Bug 1947116

Summary: [RHOSP16.1] /etc/ipa/ca.crt: duplicate mount destination when deploying metrics_qdr container with TLS everywhere
Product: Red Hat OpenStack Reporter: Stephane Vigan <svigan>
Component: openstack-tripleo-heat-templatesAssignee: Chris Sibbitt <csibbitt>
Status: CLOSED ERRATA QA Contact: Leonid Natapov <lnatapov>
Severity: high Docs Contact:
Priority: high    
Version: 16.1 (Train)CC: aschultz, csibbitt, dwilde, jbadiapa, lmadsen, mburns, mrunge, slinaber
Target Milestone: z7Keywords: Triaged
Target Release: 16.1 (Train on RHEL 8.2)   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: openstack-tripleo-heat-templates-11.3.2-1.20210607133307.29a02c1.el8ost Doc Type: No Doc Update
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-12-09 20:18:39 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Stephane Vigan 2021-04-07 17:50:16 UTC 
Description of problem:

While running an OSP16.1 with TLS everywhere and Service Telemetry Framework, container metrics_qdr failed to start because /etc/ipa/ca.crt is referenced twice.
Once in openstack-tripleo-heat-templates/deployment/containers-common.yaml part of the base volume list 
and also in openstack-tripleo-heat-templates/deployment/metrics/qdr-container-puppet.yaml


Version-Release number of selected component (if applicable):

openstack-tripleo-heat-templates-11.3.2-1.20210104205664.el8ost.2.noarch

Applied the following patch and deployment was succesfull

--- qdr-container-puppet.yaml   2021-03-11 16:25:41.000000000 +0100
+++ qdr-container-puppet.yaml.new       2021-04-07 19:27:09.612509023 +0200
@@ -349,12 +349,7 @@
                   - internal_tls_enabled
                   - - /etc/pki/tls/certs/metrics_qdr.crt:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/metrics_qdr.crt:ro
                     - /etc/pki/tls/private/metrics_qdr.key:/var/lib/kolla/config_files/src-tls/etc/pki/tls/private/metrics_qdr.key:ro
-                    - list_join:
-                      - ':'
-                      - - {get_param: InternalTLSCAFile}
-                        - {get_param: InternalTLSCAFile}
-                        - 'ro'
-                  - null
+                  - []
             environment:
               KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
       host_prep_tasks:
Comment 4 Chris Sibbitt 2021-06-07 19:56:31 UTC 
This patch is also included in openstack-tripleo-heat-templates-11.5.1-2.20210603174813.0a60ff2.el8ost which will be in OSP 16.2
Comment 24 errata-xmlrpc 2021-12-09 20:18:39 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Red Hat OpenStack Platform 16.1.7 (Train) bug fix and enhancement advisory), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2021:3762