Description of problem: Following documentation for TLS everywhere: https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/12/html/advanced_overcloud_customization/sect-enabling_internal_ssltls_on_the_overcloud While novajoin does register all overcloud nodes with IDM and sets up dns entries, it does not set up dns entries for the VIP endpoints. This renders the overcloudrc produced by the deployment useless (because TLS everywhere uses FQDN) until those are added manually. Deployment should add those for you. These entries are present in /etc/hosts of all overcloud nodes which is why it does not fail outright. Version-Release number of selected component (if applicable): How reproducible: Always Steps to Reproduce: 1. Set up IDM to use DNS 2. Follow documentation https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/12/html/advanced_overcloud_customization/sect-enabling_internal_ssltls_on_the_overcloud 3. Deploy Openstack 4. Examine IDM dns for the overcloud endpoint entries Actual results: Entries are not in DNS. Manual entry required to source overcloudrc and have it function Expected results: The endpoints are added to DNS and post deployment the overcloudrc works as expected. Additional info:
This was implemented as a part of the recent Ansible-based TLS re-implementation as tracked by bug#1823932. Closing as a duplicate. *** This bug has been marked as a duplicate of bug 1823932 ***