Description of problem: When deploying either Barbican or Octavia with TLS everywhere, the deployment fails with a MySQL authentication error. The db_sync containers do not have the my.cnf.d files that dictate SSL usage and the privilege grants for the Octavia and Barbican users require the use of SSL. Version-Release number of selected component (if applicable): 13.0 (GA) How reproducible: Attempt to deploy an overcloud with Octavia or Barbican along with TLS everywhere. Observe that the deployment fails with a MySQL authentication failure. Actual results: The deployment fails with a MySQL authentication error from the db_sync containers. Expected results: The deployment should succeed.
Moving to DF:Security since this is related to Barbican. We are able to assist with the efforts here too.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2019:0448