1677003 – Enable TLS-Everywhere when IdM is not on the ctlplane network

Bug 1677003 - Enable TLS-Everywhere when IdM is not on the ctlplane network

Summary: Enable TLS-Everywhere when IdM is not on the ctlplane network

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat OpenStack
Classification:	Red Hat
Component:	openstack-tripleo-heat-templates
Sub Component:
Version:	13.0 (Queens)
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	high
Target Milestone:	z6
Target Release:	13.0 (Queens)
Assignee:	Ade Lee
QA Contact:	Jeremy Agee
Docs Contact:
URL:
Whiteboard:
Duplicates (1):	1655185 (view as bug list)
Depends On:	1677001
Blocks:	1655185
TreeView+	depends on / blocked

Reported:	2019-02-13 18:26 UTC by Harry Rybacki
Modified:	2024-03-25 15:13 UTC (History)
CC List:	9 users (show)
Fixed In Version:	openstack-tripleo-heat-templates-8.2.0-7.el7ost
Doc Type:	Bug Fix
Doc Text:	Previously, when using TLS Everywhere, your controller node was required to access IdM through the `ctlplane` network. As a result, if traffic was routed through a different network, then the overcloud deployment process would fail due to `getcert` errors. To address this, IdM enrolment has been moved into a composable service that runs within `host_prep_tasks`; this runs at the start of the deployment phase. Note that the script will simply exit if the instance has already been enrolled in IdM.
Clone Of:	1677001
Environment:
Last Closed:	2019-04-30 17:27:36 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
OpenStack gerrit	638523	'None'	MERGED	Move ipa enrollment to host_prep_tasks	2020-04-29 17:24:25 UTC
Red Hat Issue Tracker	OSP-28695	None	None	None	2023-09-14 05:32:46 UTC
Red Hat Product Errata	RHBA-2019:0939	None	None	None	2019-04-30 17:27:54 UTC

Comment 1 Harry Rybacki 2019-02-28 16:25:39 UTC

Upstream patch has merged. Moving bug to POST.

Comment 2 Harry Rybacki 2019-02-28 20:00:18 UTC

Downstream build complete. Moving bug to MODIFIED.

Comment 11 errata-xmlrpc 2019-04-30 17:27:36 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2019:0939

Comment 12 Harry Rybacki 2019-06-10 12:31:52 UTC

*** Bug 1655185 has been marked as a duplicate of this bug. ***

Comment 13 Red Hat Bugzilla 2023-09-14 05:23:33 UTC

The needinfo request[s] on this closed bug have been removed as they have been unresolved for 1000 days

Note You need to log in before you can comment on or make changes to this bug.