Bug 2186420
| Summary: | [TLS-E/STF] qdrouter cannot load SSL certificate files | ||
|---|---|---|---|
| Product: | Red Hat OpenStack | Reporter: | Rajesh <rpulapak> |
| Component: | openstack-tripleo | Assignee: | James Slagle <jslagle> |
| Status: | CLOSED DUPLICATE | QA Contact: | Joe H. Rahme <jhakimra> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 17.1 (Wallaby) | CC: | bshephar, lnatapov, mburns |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2023-04-19 13:08:04 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
This bug is duplicated of https://bugzilla.redhat.com/show_bug.cgi?id=2129165 which has been fixed in the puppet-tripleo-14.2.3-1.20221208230857.572edbd.el9ost Closing this one. *** This bug has been marked as a duplicate of bug 2129165 *** |
Description of problem: TLS-E enabled OpenStack deployments with STF are failing due to insufficient permissions for the user 'qdrouterd' in the container 'metrics_qdr' to read OpenStack's SSL certificates. Although this does not fail the deployment, This blocks OpenStack from sending metrics to STF. Error log from "metrics_qdr" container: 2023-03-16 03:49:47.570217 +0000 SERVER (error) SSL CA configuration failed for connection [C1] to default-interconnect-5671-service-telemetry.apps.vlan617307.rdu2.scalelab.redhat.com:443 2023-03-16 03:49:47.570721 +0000 SERVER (error) [C1] Connection aborted due to internal setup error 2023-03-16 03:49:47.570755 +0000 SERVER (info) [C1] Connection to default-interconnect-5671-service-telemetry.apps.vlan617307.rdu2.scalelab.redhat.com:443 failed: amqp:connection:framing-error Expected AMQP protocol header: no protocol header found (connection aborted) Workaround: Temporarily using ansible-playbook we are adjusting permissions on the required certificate files on all overcloud nodes inorder for "metrics_qdr" to send metrics to STF. - name: fix STF hosts: overcloud_nodes gather_facts: false become: true tasks: - name: adjust permissions for /etc/pki/tls/certs/CA_sslProfile.pem inside metrics_qdr shell: | podman exec -it -u root metrics_qdr chmod 777 /etc/pki/tls/certs/CA_sslProfile.pem ignore_errors: true - name: run qrouterd shell: | podman exec -it metrics_qdr /usr/sbin/qdrouterd -c /etc/qpid-dispatch/qdrouterd.conf -d ignore_errors: true How reproducible: 100% Steps to reproduce: 1) Deploy Openstack(TLS-E) with STF. Actual results: openstack fails to send metrics to STF Expected results: Successful overcloud deployment with STF properly configured. Additional info: OpenStack puddle: RHOS-17.1-RHEL-9-20221130.n.1 STF version: 1.5