Bug 1636634 - Expand TripleO-Validations to support TripleO TLS-Everywhere deployments
Summary: Expand TripleO-Validations to support TripleO TLS-Everywhere deployments
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-tripleo-heat-templates
Version: 13.0 (Queens)
Hardware: x86_64
OS: Linux
high
medium
Target Milestone: Upstream M3
: 16.0 (Train on RHEL 8.1)
Assignee: Harry Rybacki
QA Contact: Jeremy Agee
URL:
Whiteboard:
Depends On:
Blocks: 1637717 1637719 1658316
TreeView+ depends on / blocked
 
Reported: 2018-10-06 01:29 UTC by Mircea Vutcovici
Modified: 2023-03-24 14:16 UTC (History)
14 users (show)

Fixed In Version: openstack-tripleo-heat-templates-11.3.1-0.20191107045910.a5fa2be.el8ost
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
: 1637717 (view as bug list)
Environment:
Last Closed: 2020-02-06 14:39:53 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
OpenStack gerrit 659885 0 'None' MERGED Add new role to validate tls-everywhere 2020-11-30 19:01:24 UTC
Red Hat Product Errata RHEA-2020:0283 0 None None None 2020-02-06 14:40:38 UTC

Description Mircea Vutcovici 2018-10-06 01:29:31 UTC
Description of problem:
The command "openstack undercloud install" fails with:
2018-10-02T18:38:49Z DEBUG args=/usr/sbin/ipa-join -s rhelipaclient.id.sl.test.vzcpe.net -b dc=d,dc=sl,dc=test,dc=vzcpe,dc=net -h txslst02nce-h-pe1dluc-001.d.sl.test.vzcpe.net -w XXXXXXXX
2018-10-02T18:38:49Z DEBUG Process finished, return code=15
2018-10-02T18:38:49Z DEBUG stdout=
2018-10-02T18:38:49Z DEBUG stderr=Incorrect password.

However we found that the root cause was that the certificate downloaded from IPA server (http://rhelipaclient.d.sl.test.vzcpe.net/ipa/config/ca.crt) was an intermediate certificate, not the root certificate.

The problem is that the error is misleading. The password was fine, but the problem was that the certificate validation failed.


Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:

Comment 3 Harry Rybacki 2019-06-10 08:22:52 UTC
The current plan is to land these changes into TripleO-Validations during OSP16 while testing against older environments to ensure they work against OSP13 and newer. Documentation will be written walking through use in OSP13 as TripleO-Validations is set to be in Tech Preview until OSP17.

Comment 10 errata-xmlrpc 2020-02-06 14:39:53 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2020:0283


Note You need to log in before you can comment on or make changes to this bug.