Description of problem: https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/13/html/integrate_with_identity_service/idm-novajoin#configure_overcloud_to_use_novajoin Those templates have been deprecated - /usr/share/openstack-tripleo-heat-templates/environments/enable-internal-tls.yaml - /usr/share/openstack-tripleo-heat-templates/environments/tls-everywhere-endpoints-dns.yaml And replaced respectivelly by - /usr/share/openstack-tripleo-heat-templates/environments/ssl/enable-internal-tls.yaml - /usr/share/openstack-tripleo-heat-templates/environments/ssl/tls-everywhere-endpoints-dns.yaml The new enable-internal-tls.yaml has major differences.
The following one is also deprecated. /usr/share/openstack-tripleo-heat-templates/environments/enable-tls.yaml And replaced by this one: /usr/share/openstack-tripleo-heat-templates/environments/ssl/enable-tls.yaml In the docs, is specifically mentioned "./tripleo-heat-templates/environments/enable-tls.yaml" aka the deprecated version
HI , we sorted the configuration issue , Now on the compute node the command: openssl crl -in /etc/pki/CA/crl/overcloud-crl.bin -inform DER -outform PEM -out /etc/pki/CA/crl/overcloud-crl.pem has completed successfully but on the control node it failed with an error "unable to load CRL" we notice that the overcloud-crl.bin is a different file from the compute node. the overcloud-crl.bin in the controller contains an HTML reference which an openssl error : Problem Processing your request The Certificate Manager encountered a problem while processing your request. the following is a detailed message of the error that occurred. you must select an option from the form. please consult your local administrator for futher assistant . the Certificate System log may provide further information. we deleted the configuration with openstack overcloud delete --yes and redeployed again, we hit the same errors and this time on both nodes. we are working with a 3 IPA Servers with multi master replica and the ipa-ca A record directs to all nodes
Checked the linked documentation and all subsequent documentation on versions not deprecated. All referenced paths point to the now valid /usr/share/openstack-tripleo-heat-templates/environments/ssl/ directory for tls template files. Closing as CURRENT_RELEASE
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 1000 days