Description of problem: In TLS deployments a key and certificate are created for ODL on the host (as owner/group odl/odl). These artifacts are then used to configure TLS for ODL. In containerized deployments these files are still created on the host, and then mounted into the ODL container. However, now that we containerize ODL, it means the RPM is no longer installed on the host, and the 'odl' linux group/user are not created. Thus when deploying with TLS and ODL, there is a puppet error saying: "Error: /Stage[main]/Tripleo::Certmonger::Opendaylight/File[/etc/pki/tls/certs/odl.crt]/group: change from root to odl failed: Could not find group odl", "Error: /Stage[main]/Tripleo::Certmonger::Opendaylight/File[/etc/pki/tls/private/odl.key]/owner: change from root to odl failed: Could not find user odl", "Error: /Stage[main]/Tripleo::Certmonger::Opendaylight/File[/etc/pki/tls/private/odl.key]/group: change from root to odl failed: Could not find group odl" Version-Release number of selected component (if applicable): How reproducible: Always Steps to Reproduce: 1. Deploy ODL with internal TLS enabled and containers 2. 3. Actual results: Expected results: Additional info: A workaround to this issue is to virt-customize the overcloud image and install ODL on it to get the user/group created.
Checked with: puppet-tripleo-8.3.2-0.20180416191414.cb114de.el7ost.noarch
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHEA-2018:2086