1619242 – note that deployment of tls certs is necessary on new nodes during expand if RHGS WA uses tls based etcd client server auth

Bug 1619242 - note that deployment of tls certs is necessary on new nodes during expand if RHGS WA uses tls based etcd client server auth

Summary: note that deployment of tls certs is necessary on new nodes during expand if ...

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Red Hat Gluster Storage
Classification:	Red Hat Storage
Component:	doc-RHGS_Web_Administration
Sub Component:
Version:	rhgs-3.4
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Target Release:	---
Assignee:	storage-doc
QA Contact:	Martin Bukatovic
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1623518
TreeView+	depends on / blocked

Reported:	2018-08-20 12:05 UTC by Martin Bukatovic
Modified:	2019-02-15 10:13 UTC (History)
CC List:	5 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2019-02-15 10:13:06 UTC
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Bugzilla	1575588	0	unspecified	CLOSED	[Doc RFE] Document how to expanding an existing RHGS cluster managed by RHGS WA	2021-02-22 00:41:40 UTC
Red Hat Bugzilla	1614874	1	None	None	None	2021-01-20 06:05:38 UTC

Internal Links: 1575588 1614874

Description Martin Bukatovic 2018-08-20 12:05:08 UTC

Document URL
============

Red Hat Gluster Storage 3.4: Monitoring Gluster Cluster

version from doc-stage

Section Number and Name
=======================

Chapter 3. Cluster Expansion

Section: Running Tendrl-ansible installation for new nodes

Describe the issue
==================

When customer uses tls based etcd client server authentication, it's necessary
to deploy tls certificates on the new machines as well before running the
tendrl-ansible as described in given section.

When one forgets this, the expand feature won't be available, because WA
components on new machines won't be able to talk to WA's etcd instance.

See eng BZ 1614874 (NOT A BUG) for details on this scenario.

Suggestions for improvement
===========================

Add a note or admonition to the chapter "Running Tendrl-ansible installation
for new nodes" about the need to deploy tls certificates before running tendrl
ansible if one uses tls based client server authentication (ansible variable
etcd_tls_client_auth is set to True).

Additional information
======================

This was originally suggested to be included in troubleshooting guide, but
having this directly in "Cluster Expansion" chapter as a not would be nice
as well.

Comment 3 Martin Bukatovic 2018-12-17 13:52:26 UTC

The new admonition looks good.

Note You need to log in before you can comment on or make changes to this bug.