Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1534070

Summary: [RFE] TLS everywhere should make required DNS entries for endpoints inside IDM at deployment conclusion
Product: Red Hat OpenStack Reporter: pgambard
Component: puppet-certmongerAssignee: Ade Lee <alee>
Status: CLOSED DUPLICATE QA Contact: Jeremy Agee <jagee>
Severity: low Docs Contact:
Priority: low    
Version: 12.0 (Pike)CC: acanan, alee, hrybacki, jagee, jjoyce, jschluet, nkinder, slinaber, sputhenp, tvignaud
Target Milestone: ---Keywords: FutureFeature, Triaged
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-06-25 16:28:47 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description pgambard 2018-01-12 23:40:31 UTC 
Description of problem:

Following documentation for TLS everywhere:
https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/12/html/advanced_overcloud_customization/sect-enabling_internal_ssltls_on_the_overcloud

While novajoin does register all overcloud nodes with IDM and sets up dns entries, it does not set up dns entries for the VIP endpoints.  This renders the overcloudrc produced by the deployment useless (because TLS everywhere uses FQDN) until those are added manually.  Deployment should add those for you.  These entries are present in /etc/hosts of all overcloud nodes which is why it does not fail outright.

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1. Set up IDM to use DNS
2. Follow documentation https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/12/html/advanced_overcloud_customization/sect-enabling_internal_ssltls_on_the_overcloud
3. Deploy Openstack
4. Examine IDM dns for the overcloud endpoint entries

Actual results:

Entries are not in DNS.  Manual entry required to source overcloudrc and have it function

Expected results:

The endpoints are added to DNS and post deployment the overcloudrc works as expected.

Additional info:
Comment 1 Nathan Kinder 2020-06-25 16:28:47 UTC 
This was implemented as a part of the recent Ansible-based TLS re-implementation as tracked by bug#1823932.  Closing as a duplicate.

*** This bug has been marked as a duplicate of bug 1823932 ***