1602891 – Octavia and Barbican fail to deploy along with TLS Everywhere

Bug 1602891 - Octavia and Barbican fail to deploy along with TLS Everywhere

Summary: Octavia and Barbican fail to deploy along with TLS Everywhere

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat OpenStack
Classification:	Red Hat
Component:	openstack-tripleo-heat-templates
Sub Component:
Version:	13.0 (Queens)
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	high
Target Milestone:	z4
Target Release:	13.0 (Queens)
Assignee:	Juan Antonio Osorio
QA Contact:	Pavan
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2018-07-18 18:14 UTC by Andrew Austin
Modified:	2019-10-22 10:12 UTC (History)
CC List:	14 users (show)
Fixed In Version:	openstack-tripleo-heat-templates-8.0.4-30.el7ost
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2019-03-14 13:54:51 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Launchpad	1782392	None	None	None	2018-07-18 18:14:54 UTC
OpenStack gerrit	583653	None	MERGED	Mount my.cnf.d into the db_sync container for Barbican and Octavia.	2020-07-13 14:25:27 UTC
OpenStack gerrit	586621	None	MERGED	Mount my.cnf.d into the db_sync container for Barbican and Octavia.	2020-07-13 14:25:27 UTC
Red Hat Bugzilla	1613576	urgent	CLOSED	octavia_api_tls_proxy does not work due to missing code and dependencies	2022-08-04 13:25:15 UTC
Red Hat Product Errata	RHBA-2019:0448	None	None	None	2019-03-14 13:55:04 UTC

Internal Links: 1613576

Description Andrew Austin 2018-07-18 18:14:54 UTC

Description of problem:
When deploying either Barbican or Octavia with TLS everywhere, the deployment fails with a MySQL authentication error. The db_sync containers do not have the my.cnf.d files that dictate SSL usage and the privilege grants for the Octavia and Barbican users require the use of SSL.

Version-Release number of selected component (if applicable):
13.0 (GA)

How reproducible:
Attempt to deploy an overcloud with Octavia or Barbican along with TLS everywhere. Observe that the deployment fails with a MySQL authentication failure.

Actual results:
The deployment fails with a MySQL authentication error from the db_sync containers.

Expected results:
The deployment should succeed.

Comment 1 Dan Prince 2018-07-18 20:00:16 UTC

Moving to DF:Security since this is related to Barbican. We are able to assist with the efforts here too.

Comment 2 Dan Prince 2018-07-18 20:00:43 UTC

Moving to DF:Security since this is related to Barbican. We are able to assist with the efforts here too.

Comment 18 errata-xmlrpc 2019-03-14 13:54:51 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2019:0448

Note You need to log in before you can comment on or make changes to this bug.