Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1736267

Summary: OctaviaServerCertsKeyPassphrase must be length 32, but is length 25
Product: Red Hat OpenStack Reporter: Emblem Parade <emblemparade>
Component: openstack-octaviaAssignee: Assaf Muller <amuller>
Status: CLOSED DUPLICATE QA Contact: Bruna Bonguardo <bbonguar>
Severity: high Docs Contact:
Priority: unspecified    
Version: 15.0 (Stein)CC: cgoncalves, ihrachys, lpeer, majopela, scohen
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-08-01 16:51:24 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
mistral/engine.log none

Description Emblem Parade 2019-08-01 16:36:38 UTC 
Created attachment 1598148 [details]
mistral/engine.log

Description of problem:

TripleO installation of Octavia fails due to wrong length of auto-generated passphrase. Example output from mistral/engine.log:

Workflow failed due to message status. Status:FAILED Message:Error during stack update: ERROR: InvalidSchemaError: : resources.ControllerServiceChain<https://192.168.24.2:13808/v1/AUTH_de18e5682a5b474b849f55f1adf0a7fe/lab/common/services/controller-role.yaml>.resources.ServiceChain<nested_stack>.resources.116<https://192.168.24.2:13808/v1/AUTH_de18e5682a5b474b849f55f1adf0a7fe/lab/deployment/octavia/octavia-api-container-puppet.yaml>.resources.OctaviaWorker<https://192.168.24.2:13808/v1/AUTH_de18e5682a5b474b849f55f1adf0a7fe/lab/deployment/octavia/octavia-worker-container-puppet.yaml>.resources.OctaviaBase<https://192.168.24.2:13808/v1/AUTH_de18e5682a5b474b849f55f1adf0a7fe/lab/deployment/octavia/octavia-base.yaml>: : Parameter 'OctaviaServerCertsKeyPassphrase' is invalid: Invalid default QShEogyQFm8gdeul9pJ17vGEr (length (25) is out of range (min: 32, max: 32))

The workaround is to include an environment where you override OctaviaServerCertsKeyPassphrase with a 32 character value. Or, if OctaviaGenerateCerts is set to false (the default is true) and all values are set manually.

Version-Release number of selected component (if applicable):

RDO stein

How reproducible:

openstack overcloud deploy -e environments/services/octavia.yaml

Expected results:

OctaviaGenerateCerts should be fixed to generate a 32 character passphrase. Or, alternatively, the length limitation should be extended to include 25 in the Heat template.
Comment 1 Carlos Goncalves 2019-08-01 16:51:24 UTC 

*** This bug has been marked as a duplicate of bug 1723051 ***