Description of problem: After installation of OSP13 using TLS/SSL everywhere, I can see the "post-save command" for the certificates are not properly configured for containers. Request ID 'mysql': post-save command: "systemctl reload mariadb" Request ID 'rabbitmq': post-save command: "systemctl restart rabbitmq-server" Request ID 'redis': post-save command: Request ID 'neutron': post-save command: "true" Request ID 'novnc-proxy': post-save command: "systemctl restart openstack-nova-novncproxy" Request ID 'httpd-ctlplane': post-save command: "systemctl reload httpd" Request ID 'httpd-external': post-save command: "systemctl reload httpd" Request ID 'httpd-internal_api': post-save command: "systemctl reload httpd" Request ID 'httpd-management': post-save command: "systemctl reload httpd" Request ID 'httpd-storage': post-save command: "systemctl reload httpd" Request ID 'httpd-storage_mgmt': post-save command: "systemctl reload httpd" Request ID 'libvirt-vnc-client-cert': post-save command: "systemctl reload libvirtd" Request ID 'haproxy-ctlplane-cert': post-save command: "cat /etc/pki/tls/certs/haproxy/overcloud-haproxy-ctlplane.crt /etc/pki/tls/private/haproxy/overcloud-haproxy-ctlplane.key > /etc/pki/tls/certs/haproxy/overcloud-haproxy-ctlplane.pem && if systemctl -q is-active haproxy; then systemctl reload haproxy; else true; fi" Request ID 'haproxy-internal_api-cert': post-save command: "cat /etc/pki/tls/certs/haproxy/overcloud-haproxy-internal_api.crt /etc/pki/tls/private/haproxy/overcloud-haproxy-internal_api.key > /etc/pki/tls/certs/haproxy/overcloud-haproxy-internal_api.pem && if systemctl -q is-active haproxy; then systemctl reload haproxy; else true; fi" Request ID 'haproxy-storage-cert': post-save command: "cat /etc/pki/tls/certs/haproxy/overcloud-haproxy-storage.crt /etc/pki/tls/private/haproxy/overcloud-haproxy-storage.key > /etc/pki/tls/certs/haproxy/overcloud-haproxy-storage.pem && if systemctl -q is-active haproxy; then systemctl reload haproxy; else true; fi" Request ID 'haproxy-storage_mgmt-cert': post-save command: "cat /etc/pki/tls/certs/haproxy/overcloud-haproxy-storage_mgmt.crt /etc/pki/tls/private/haproxy/overcloud-haproxy-storage_mgmt.key > /etc/pki/tls/certs/haproxy/overcloud-haproxy-storage_mgmt.pem && if systemctl -q is-active haproxy; then systemctl reload haproxy; else true; fi" Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. Install OSP13 using template /environments/ssl/tls-everywhere-endpoints-dns.yaml 2. Connect to the one of the controllers 3. Run sudo getcert list Actual results: Post-save commands will reload systemctl service Expected results: Post-save commands will restart docker container (i.e haproxy-bundle-docker-0) Additional info:
I see some commits related here: https://github.com/openstack/puppet-tripleo/commit/bd9846062c22be898d8720d1ee4ffbb65808fc8f is there any plan to include it in any errata?
*** This bug has been marked as a duplicate of bug 1595876 ***