Bug 1700403
| Summary: | Failed obtaining certificate on director / freeipa installation launchpad#1816465 | |||
|---|---|---|---|---|
| Product: | Red Hat OpenStack | Reporter: | Eduard Barrera <ebarrera> | |
| Component: | openstack-tripleo-heat-templates | Assignee: | Harry Rybacki <hrybacki> | |
| Status: | CLOSED ERRATA | QA Contact: | Pavan <pkesavar> | |
| Severity: | medium | Docs Contact: | ||
| Priority: | urgent | |||
| Version: | 15.0 (Stein) | CC: | aschultz, dbecker, emacchi, hrybacki, mburns, morazi, rmascena, sclewis | |
| Target Milestone: | rc | Keywords: | Triaged | |
| Target Release: | 15.0 (Stein) | |||
| Hardware: | Unspecified | |||
| OS: | Unspecified | |||
| Whiteboard: | ||||
| Fixed In Version: | openstack-tripleo-heat-templates-10.5.1-0.20190606110437.b9992d9.el8ost | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | ||
| Clone Of: | ||||
| : | 1718284 (view as bug list) | Environment: | ||
| Last Closed: | 2019-09-21 11:21:11 UTC | Type: | Bug | |
| Regression: | --- | Mount Type: | --- | |
| Documentation: | --- | CRM: | ||
| Verified Versions: | Category: | --- | ||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
| Cloudforms Team: | --- | Target Upstream Version: | ||
| Embargoed: | ||||
| Bug Depends On: | ||||
| Bug Blocks: | 1718284, 1718286 | |||
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHEA-2019:2811 |
Description of problem: Customer trying to do a Director TLS installation is having this issue: $ openstack stack failures list --long overcloud | grep -A2 -B2 Error status: CREATE_FAILED status_reason: | Error: resources[1]: Deployment to server failed: deploy_status_code : Deployment exited with non-zero status code: 2 deploy_stdout: | -- "Warning: tag is a metaparam; this value will inherit to all contained resources in the tripleo::firewall::rule definition", "Warning: Could not get certificate: Execution of '/usr/bin/getcert request -I neutron -f /etc/pki/tls/certs/neutron.crt -c IPA -N CN=overcloud8ua-ctrl-1.internalapi.5a4s9.englab.juniper.net -K neutron/overcloud8ua-ctrl-1.internalapi.5a4s9.englab.juniper.net -D overcloud8ua-ctrl-1.internalapi.5a4s9.englab.juniper.net -C \"/usr/bin/certmonger-neutron-dhcpd-refresh.sh\" -w -k /etc/pki/tls/private/neutron.key' returned 2: New signing request \"neutron\" added.", "Error: /Stage[main]/Tripleo::Certmonger::Neutron/Certmonger_certificate[neutron]: Could not evaluate: Could not get certificate: Server at https://freeipa.5a4s9.englab.juniper.net/ipa/xml denied our request, giving up: 2100 (RPC failed at server. Insufficient access: Insufficient 'add' privilege to add the entry 'krbprincipalname=neutron/overcloud8ua-ctrl-1.internalapi.5a4s9.englab.juniper.net.JUNIPER.NET,cn=services,cn=accounts,dc=5a4s9,dc=englab,dc=juniper,dc=net'.).", "Warning: /Stage[main]/Tripleo::Certmonger::Neutron/File[/etc/pki/tls/certs/neutron.crt]: Skipping because of failed dependencies", "Warning: /Stage[main]/Tripleo::Certmonger::Neutron/File[/etc/pki/tls/private/neutron.key]: Skipping because of failed dependencies", It seems this upstream bug: https://bugs.launchpad.net/tripleo/+bug/1816465 Version-Release number of selected component (if applicable): OSP13 How reproducible: Always Steps to Reproduce: 1. Deploy with TLS everywhere 2. 3. Actual results: mentioner error Expected results: deployment success Additional info: