Description of problem: When doing a Brownfield TLS everywhere upgrade the overcloud deploy fails. Version-Release number of selected component (if applicable): Steps to Reproduce: 1. upgrade the undercloud to enable novajoin. undercloud.conf [DEFAULT] # BEGIN TLS EVERYWHERE SETTINGS --> enable_novajoin = True ipa_otp = 9Yx7dnbFEIvGPZ0X7MS4x02WDNaBL4G3JR8w3vsjB0p4 undercloud_hostname = undercloud-0.redhat.local undercloud_nameservers = 10.0.0.37 overcloud_domain_name = redhat.local # END TLS EVERYWHERE SETTINGS --> openstack undercloud install 2. upgrade the overcloud to enable tls everywhere openstack overcloud deploy \ --timeout 100 \ --templates /usr/share/openstack-tripleo-heat-templates \ --stack overcloud \ --libvirt-type kvm \ --ntp-server 10.0.0.37 \ -e /home/stack/virt/config_lvm.yaml \ -e /usr/share/openstack-tripleo-heat-templates/environments/network-isolation.yaml \ -e /home/stack/virt/network/network-environment.yaml \ -e /home/stack/virt/enable-tls.yaml \ -e /home/stack/virt/inject-trust-anchor.yaml \ -e /home/stack/virt/public_vip.yaml \ -e /home/stack/virt/cloud-names.yaml \ -e /home/stack/virt/hostnames.yml \ -e /home/stack/virt/nodes_data.yaml \ -e /home/stack/virt/docker-images.yaml \ -e /usr/share/openstack-tripleo-heat-templates/environments/ssl/tls-everywhere-endpoints-dns.yaml \ -e /usr/share/openstack-tripleo-heat-templates/environments/services/haproxy-public-tls-certmonger.yaml \ -e /usr/share/openstack-tripleo-heat-templates/environments/ssl/enable-internal-tls.yaml How reproducible: Actual results: The deployment fails because nodes failed to enroll in IPA Expected results: All nodes enroll in IPA during the overcloud upgrade. Additional info:
*** Bug 1740886 has been marked as a duplicate of this bug. ***