Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 1608450 - TLS everywhere deployment fails - missing TLS bits in T-H-T
TLS everywhere deployment fails - missing TLS bits in T-H-T
Status: CLOSED ERRATA
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-tripleo-heat-templates (Show other bugs)
12.0 (Pike)
Unspecified Unspecified
high Severity high
: z3
: 12.0 (Pike)
Assigned To: Damien Ciabrini
Marian Krcmarik
: Triaged, ZStream
Depends On:
Blocks: 1566598 1513502 1573583 1579023
  Show dependency treegraph
 
Reported: 2018-07-25 10:45 EDT by Pavan
Modified: 2018-08-20 09:04 EDT (History)
6 users (show)

See Also:
Fixed In Version: openstack-tripleo-heat-templates-7.0.12-8.el7ost puppet-tripleo-7.4.12-8.el7ost
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2018-08-20 09:02:42 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Launchpad 1784205 None None None 2018-07-29 03:39 EDT
OpenStack gerrit 586862 None None None 2018-07-29 03:41 EDT
OpenStack gerrit 586863 None None None 2018-07-29 03:42 EDT
Red Hat Product Errata RHSA-2018:2331 None None None 2018-08-20 09:04 EDT

  None (edit)
Description Pavan 2018-07-25 10:45:15 EDT 
Description of problem:

Version-Release number of selected component (if applicable):
RHOSP-12 with TLS everywhere enabled
Topology: Compute:1,Controller:1,freeipa:1

Additional info:

The puppet code has TLS Bits, however the TripleO-Heat-Templates(T-H-T) does not have TLS bits

Debugging logs:
[root@controller-0 heat-admin]# docker ps
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES
[root@controller-0 heat-admin]# docker ps -a
CONTAINER ID        IMAGE                                                    COMMAND                  CREATED             STATUS                      PORTS               NAMES
8ac903f6903a        192.168.24.1:8787/rhosp12/openstack-redis:2018-07-19.1   "/var/lib/docker-p..."   17 minutes ago      Exited (1) 17 minutes ago                       docker-puppet-redis
[root@controller-0 heat-admin]# docker logs -f docker-puppet-redis
+ mkdir -p /etc/puppet
+ cp -a /tmp/puppet-etc/auth.conf /tmp/puppet-etc/hiera.yaml /tmp/puppet-etc/hieradata /tmp/puppet-etc/modules /tmp/puppet-etc/puppet.conf /tmp/puppet-etc/ssl /etc/puppet
+ rm -Rf /etc/puppet/ssl
+ echo '{"step": 6}'
+ TAGS=
+ '[' -n file,file_line,concat,augeas,cron,exec ']'
+ TAGS='--tags file,file_line,concat,augeas,cron,exec'
+ origin_of_time=/var/lib/config-data/redis.origin_of_time
+ touch /var/lib/config-data/redis.origin_of_time
+ sync
+ set +e
+ FACTER_hostname=controller-0
+ FACTER_uuid=docker
+ /usr/bin/puppet apply --detailed-exitcodes --color=false --logdest syslog --logdest console --modulepath=/etc/puppet/modules:/usr/share/openstack-puppet/modules --tags file,file_line,concat,augeas,cron,exec /etc/config.pp
Failed to get D-Bus connection: Operation not permitted
Notice: hiera(): Cannot load backend module_data: cannot load such file -- hiera/backend/module_data_backend
Warning: Undefined variable 'deploy_config_name';
   (file & line not available)
Notice: hiera(): Cannot load backend module_data: cannot load such file -- hiera/backend/module_data_backend
Error: Evaluation Error: Error while evaluating a Function Call, tls_proxy_bind_ip is not set in the hieradata. at /etc/puppet/modules/tripleo/manifests/profile/base/database/redis.pp:86:9 on node controller-0.redhat.local
+ rc=1
+ set -e
+ '[' 1 -ne 2 -a 1 -ne 0 ']'
+ exit 1
Comment 2 Damien Ciabrini 2018-07-25 10:50:12 EDT 
Is this a failure introduced in recent puddles? I remember we explicitely disabled TLS for Redis in OSP12, so we need to figure out what triggers the TLS path in the puppet-code for redis.
Comment 8 Damien Ciabrini 2018-07-29 03:42:37 EDT 
Proposed patches upstream in puppet-tripleo and tripleo-heat-templates
Comment 16 errata-xmlrpc 2018-08-20 09:02:42 EDT 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2018:2331
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.