Description of problem: The command "openstack undercloud install" fails with: 2018-10-02T18:38:49Z DEBUG args=/usr/sbin/ipa-join -s rhelipaclient.id.sl.test.vzcpe.net -b dc=d,dc=sl,dc=test,dc=vzcpe,dc=net -h txslst02nce-h-pe1dluc-001.d.sl.test.vzcpe.net -w XXXXXXXX 2018-10-02T18:38:49Z DEBUG Process finished, return code=15 2018-10-02T18:38:49Z DEBUG stdout= 2018-10-02T18:38:49Z DEBUG stderr=Incorrect password. However we found that the root cause was that the certificate downloaded from IPA server (http://rhelipaclient.d.sl.test.vzcpe.net/ipa/config/ca.crt) was an intermediate certificate, not the root certificate. The problem is that the error is misleading. The password was fine, but the problem was that the certificate validation failed. Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info:
The current plan is to land these changes into TripleO-Validations during OSP16 while testing against older environments to ensure they work against OSP13 and newer. Documentation will be written walking through use in OSP13 as TripleO-Validations is set to be in Tech Preview until OSP17.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHEA-2020:0283