Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 1572278 - After undercloud ssl certificate is updated, ca-trust is not updated automatically
After undercloud ssl certificate is updated, ca-trust is not updated automati...
Status: CLOSED ERRATA
Product: Red Hat OpenStack
Classification: Red Hat
Component: puppet-tripleo (Show other bugs)
10.0 (Newton)
Unspecified Linux
high Severity medium
: beta
: 13.0 (Queens)
Assigned To: RHOS Maint
Pavan
: Triaged
Depends On: 1547248 1595876
Blocks: 1572280 1572282
  Show dependency treegraph
 
Reported: 2018-04-26 11:15 EDT by Harry Rybacki
Modified: 2018-07-26 16:55 EDT (History)
15 users (show)

See Also:
Fixed In Version: puppet-tripleo-8.3.2-4.el7ost
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 1547248
: 1572280 1595876 (view as bug list)
Environment:
Last Closed: 2018-06-27 09:53:50 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Launchpad 1753948 None None None 2018-04-26 11:15 EDT
Red Hat Knowledge Base (Solution) 3357871 None None None 2018-04-26 11:15 EDT
OpenStack gerrit 553311 None stable/queens: MERGED puppet-tripleo: Extract local CA if it expired (I61577be2434d7321dd462902d386c6911c2c4f57) 2018-06-27 09:21 EDT
Red Hat Product Errata RHEA-2018:2086 None None None 2018-06-27 09:55 EDT

  None (edit)
Comment 3 Harry Rybacki 2018-04-26 11:51:34 EDT 
Upstream review located in openstack-tripleo-8.3.2. Updating fixed-in and moving bug to MODIFIED.
Comment 7 Scott Lewis 2018-04-30 10:59:49 EDT 
This item has been properly Triaged and planned for the OSP13 release, and is being tagged for tracking. For details, see https://url.corp.redhat.com/1851efd
Comment 13 Juan Antonio Osorio 2018-06-25 12:25:29 EDT 
So, certmonger should update the local CA certificate when at least one of these two things happen:

* when certmonger is restarted
* when a certificate is requested for that CA

so, the thing to verify would be that, when the certificate expires, you should restart certmonger, and then run the undercloud install again. That should update the trust of that certificate.
Comment 14 Rob Crittenden 2018-06-25 15:04:36 EDT 
The execution doesn't happen in a shell. This should be put into a script (bash, python, whatever) in /usr/libexec/<something>/<something> and set that as the post command.

You can define arguments to be passed in when setting the post-callback command.

For example:

/usr/libexec/director/renew_cert /etc/pki/tls/certs/undercloud-front.crt  /etc/pki/tls/private/undercloud-front.key /etc/pki/tls/certs/undercloud-192.168.24.2.pem
Comment 16 errata-xmlrpc 2018-06-27 09:53:50 EDT 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2018:2086
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.