Created attachment 1516076 [details] freeipa logs from ipa node, undercloud, overcloud compute node. ansible deployment logs and failures Description of problem: OSP14 TLS everywhere scenario 3ctrl+3comp+3ceph+1freeipa node Overcloud deployment failed For all nodes: "Warning: Could not get certificate: Execution of '/usr/bin/getcert request -I libvirt-vnc-server-cert -f /etc/pki/libvirt-vnc/server-cert.pem -c IPA -N CN=compute-0.internalapi.redhat.local -K libvirt-vnc/compute-0.internalapi.redhat.local -D compute-0.internalapi.redhat.local -C \"systemctl reload libvirtd\" -w -k /etc/pki/libvirt-vnc/server-key.pem -F /etc/pki/CA/certs/vnc.crt' returned 3: New signing request \"libvirt-vnc-server-cert\" added.", "Error: /Stage[main]/Tripleo::Profile::Base::Certmonger_user/Tripleo::Certmonger::Libvirt_vnc[libvirt-vnc-server-cert]/Certmonger_certificate[libvirt-vnc-server-cert]: Could not evaluate: Could not get certificate: Server at https://freeipa-0.redhat.local/ipa/xml failed request, will retry: 4001 (RPC failed at server. The host 'compute-0.internalapi.redhat.local' does not exist to add a service to.).", ... "Warning: Could not get certificate: Execution of '/usr/bin/getcert request -I libvirt-server-cert -f /etc/pki/libvirt/servercert.pem -c IPA -N CN=compute-1.internalapi.redhat.local -K libvirt/compute-1.internalapi.redhat.local -D compute-1.internalapi.redhat.local -C \"true\" -w -k /etc/pki/libvirt/private/serverkey.pem' returned 3: New signing request \"libvirt-server-cert\" added.", "Error: /Stage[main]/Tripleo::Profile::Base::Certmonger_user/Tripleo::Certmonger::Libvirt[libvirt-server-cert]/Certmonger_certificate[libvirt-server-cert]: Could not evaluate: Could not get certificate: Server at https://freeipa-0.redhat.local/ipa/xml failed request, will retry: 4001 (RPC failed at server. The host 'compute-1.internalapi.redhat.local' does not exist to add a service to.).", ... "Warning: Could not get certificate: Execution of '/usr/bin/getcert request -I libvirt-vnc-server-cert -f /etc/pki/libvirt-vnc/server-cert.pem -c IPA -N CN=compute-2.internalapi.redhat.local -K libvirt-vnc/compute-2.internalapi.redhat.local -D compute-2.internalapi.redhat.local -C \"systemctl reload libvirtd\" -w -k /etc/pki/libvirt-vnc/server-key.pem -F /etc/pki/CA/certs/vnc.crt' returned 3: New signing request \"libvirt-vnc-server-cert\" added.", "Error: /Stage[main]/Tripleo::Profile::Base::Certmonger_user/Tripleo::Certmonger::Libvirt_vnc[libvirt-vnc-server-cert]/Certmonger_certificate[libvirt-vnc-server-cert]: Could not evaluate: Could not get certificate: Server at https://freeipa-0.redhat.local/ipa/xml failed request, will retry: 4001 (RPC failed at server. The host 'compute-2.internalapi.redhat.local' does not exist to add a service to.).", ... "Warning: Could not get certificate: Execution of '/usr/bin/getcert request -I libvirt-vnc-client-cert -f /etc/pki/libvirt-vnc/client-cert.pem -c IPA -N CN=controller-0.internalapi.redhat.local -K libvirt-vnc/controller-0.internalapi.redhat.local -D controller-0.internalapi.redhat.local -C \"systemctl reload libvirtd\" -w -k /etc/pki/libvirt-vnc/client-key.pem -F /etc/pki/CA/certs/vnc.crt' returned 3: New signing request \"libvirt-vnc-client-cert\" added.", "Error: /Stage[main]/Tripleo::Profile::Base::Certmonger_user/Tripleo::Certmonger::Libvirt_vnc[libvirt-vnc-client-cert]/Certmonger_certificate[libvirt-vnc-client-cert]: Could not evaluate: Could not get certificate: Server at https://freeipa-0.redhat.local/ipa/xml failed request, will retry: 4001 (RPC failed at server. The host 'controller-0.internalapi.redhat.local' does not exist to add a service to.).", ... Version-Release number of selected component (if applicable): RHOSP14 puddle 2018-12-17.1 How reproducible: Always Steps to Reproduce: 1.Prepare FreeIPA node, register it in Undercloud, deploy Undercloud 2.Deploy Overcloud with tls everywhere Actual results: Failed to install,The host '*host*.internalapi.redhat.local' does not exist to add a service to Expected results: Pass Additional info:
The relevant bit of the error message is: The host 'controller-0.internalapi.redhat.local' does not exist to add a service to.).", Is that entry in FreeIPA? You can check by doing: ipa host-find with freeipa's admin credentials. That entry should have been created by novajoin though, what version of novajoin do you have? and what version of t-h-t?
were the services created in freeipa? ipa service-find
Could we get an environment that reproduces this issue? Seems some hosts are missing (the ones with internalapi.redhat.local domain).
I'm going to close this bz because last runs was good in our OSP14 automation. will open in case of new reproduces