Bug 1608395
| Summary: | RFE: TLS-Everywhere - public certificates issued by IdM doesn't create public API DNS entry | ||
|---|---|---|---|
| Product: | Red Hat OpenStack | Reporter: | Federico Iezzi <fiezzi> |
| Component: | puppet-certmonger | Assignee: | Juan Antonio Osorio <josorior> |
| Status: | CLOSED DUPLICATE | QA Contact: | Pavan <pkesavar> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 13.0 (Queens) | CC: | hrybacki, jjoyce, jschluet, kbasil, nkinder, slinaber, tvignaud |
| Target Milestone: | --- | Keywords: | FutureFeature, Triaged, ZStream |
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2020-06-25 16:59:19 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Re-aligning to RFE and requesting ACKs. This is addressed in the Ansible-based re-implementation of TLS-everywhere as described in bug#1823932. Closing as a duplicate. *** This bug has been marked as a duplicate of bug 1823932 *** |
Description of problem: As by BZ title, during the certificate generation process/host registration/etc one last step is missing: create a DNS entry having public API record. Version-Release number of selected component (if applicable): OSP13 z1 (tested version) How reproducible: - Install IdM - Install undercloud enabling novajoin - Install overcloud and include the following templates -e /usr/share/openstack-tripleo-heat-templates/environments/ssl/enable-internal-tls.yaml \ -e /usr/share/openstack-tripleo-heat-templates/environments/ssl/tls-everywhere-endpoints-dns.yaml \ -e /usr/share/openstack-tripleo-heat-templates/environments/services/haproxy-public-tls-certmonger.yaml \ Actual results: dig @172.16.0.2 overcloud.redhat.local ; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> @172.16.0.2 overcloud.redhat.local ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 23607 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;overcloud.redhat.local. IN A ;; AUTHORITY SECTION: redhat.local. 3600 IN SOA freeipa.redhat.local. hostmaster.redhat.local. 1532522733 3600 900 1209600 3600 ;; Query time: 0 msec ;; SERVER: 172.16.0.2#53(172.16.0.2) ;; WHEN: Wed Jul 25 08:45:53 EDT 2018 ;; MSG SIZE rcvd: 106 Expected results: dig @172.16.0.2 overcloud.redhat.local ; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> @172.16.0.2 overcloud.redhat.local ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2039 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;overcloud.redhat.local. IN A ;; ANSWER SECTION: overcloud.redhat.local. 86400 IN A 192.168.122.150 ;; AUTHORITY SECTION: redhat.local. 86400 IN NS freeipa.redhat.local. ;; ADDITIONAL SECTION: freeipa.redhat.local. 1200 IN A 172.16.0.2 ;; Query time: 1 msec ;; SERVER: 172.16.0.2#53(172.16.0.2) ;; WHEN: Wed Jul 25 08:46:06 EDT 2018 ;; MSG SIZE rcvd: 105