1636634 – Expand TripleO-Validations to support TripleO TLS-Everywhere deployments

Bug 1636634 - Expand TripleO-Validations to support TripleO TLS-Everywhere deployments

Summary: Expand TripleO-Validations to support TripleO TLS-Everywhere deployments

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat OpenStack
Classification:	Red Hat
Component:	openstack-tripleo-heat-templates
Sub Component:
Version:	13.0 (Queens)
Hardware:	x86_64
OS:	Linux
Priority:	high
Severity:	medium
Target Milestone:	Upstream M3
Target Release:	16.0 (Train on RHEL 8.1)
Assignee:	Harry Rybacki
QA Contact:	Jeremy Agee
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1637717 1637719 1658316
TreeView+	depends on / blocked

Reported:	2018-10-06 01:29 UTC by Mircea Vutcovici
Modified:	2023-03-24 14:16 UTC (History)
CC List:	14 users (show)
Fixed In Version:	openstack-tripleo-heat-templates-11.3.1-0.20191107045910.a5fa2be.el8ost
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Clones:	1637717 (view as bug list)
Environment:
Last Closed:	2020-02-06 14:39:53 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
OpenStack gerrit	659885	0	'None'	MERGED	Add new role to validate tls-everywhere	2020-11-30 19:01:24 UTC
Red Hat Product Errata	RHEA-2020:0283	0	None	None	None	2020-02-06 14:40:38 UTC

Description Mircea Vutcovici 2018-10-06 01:29:31 UTC

Description of problem:
The command "openstack undercloud install" fails with:
2018-10-02T18:38:49Z DEBUG args=/usr/sbin/ipa-join -s rhelipaclient.id.sl.test.vzcpe.net -b dc=d,dc=sl,dc=test,dc=vzcpe,dc=net -h txslst02nce-h-pe1dluc-001.d.sl.test.vzcpe.net -w XXXXXXXX
2018-10-02T18:38:49Z DEBUG Process finished, return code=15
2018-10-02T18:38:49Z DEBUG stdout=
2018-10-02T18:38:49Z DEBUG stderr=Incorrect password.

However we found that the root cause was that the certificate downloaded from IPA server (http://rhelipaclient.d.sl.test.vzcpe.net/ipa/config/ca.crt) was an intermediate certificate, not the root certificate.

The problem is that the error is misleading. The password was fine, but the problem was that the certificate validation failed.


Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:

Comment 3 Harry Rybacki 2019-06-10 08:22:52 UTC

The current plan is to land these changes into TripleO-Validations during OSP16 while testing against older environments to ensure they work against OSP13 and newer. Documentation will be written walking through use in OSP13 as TripleO-Validations is set to be in Tech Preview until OSP17.

Comment 10 errata-xmlrpc 2020-02-06 14:39:53 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2020:0283

Note You need to log in before you can comment on or make changes to this bug.