Bug 1769338
| Summary: | Failure deploying overcloud with internal TLS :: Error: /etc/ipa/ca.crt: duplicate mount destination | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Red Hat OpenStack | Reporter: | Harald Jensås <hjensas> | ||||
| Component: | openstack-tripleo-heat-templates | Assignee: | RHOS Maint <rhos-maint> | ||||
| Status: | CLOSED ERRATA | QA Contact: | Jeremy Agee <jagee> | ||||
| Severity: | high | Docs Contact: | |||||
| Priority: | high | ||||||
| Version: | 15.0 (Stein) | CC: | acanan, jhajyahy, mburns, rhos-maint, rmascena | ||||
| Target Milestone: | zstream | Keywords: | Triaged, ZStream | ||||
| Target Release: | 15.0 (Stein) | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | openstack-tripleo-heat-templates-10.6.2-0.20191202200455.41d9f8a.el8ost | Doc Type: | If docs needed, set a value | ||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2020-03-05 12:00:28 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
Deployed OC with tls-everywhere If this bug requires doc text for errata release, please set the 'Doc Type' and provide draft text according to the template in the 'Doc Text' field. The documentation team will review, edit, and approve the text. If this bug does not require doc text, please set the 'requires_doc_text' flag to '-'. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:0643 The needinfo request[s] on this closed bug have been removed as they have been unresolved for 1000 days |
Created attachment 1633260 [details] templates - environment files used for the deployment. Description of problem: Failure deploying overcloud with internal TLS :: Error: /etc/ipa/ca.crt: duplicate mount destination Version-Release number of selected component (if applicable): openstack-tripleo-heat-templates-10.6.2-0.20190923210442.7db107a.el8ost.noarch python3-tripleoclient-11.5.1-0.20190829110437.9b9b5aa.el8ost.noarch python3-novajoin-1.1.2-0.20190912190429.b971c78.el8ost.noarch How reproducible: Steps to Reproduce: 1. Install undercloud with undercloud.conf: ------------------------------------------------- [DEFAULT] local_ip = 172.16.0.1/24 local_interface = eth0 undercloud_public_host = 172.16.0.10 undercloud_admin_host = 172.16.0.11 clean_nodes = true container_images_file = /home/stack/undercloud-templates/containers-prepare-parameter.yaml undercloud_ntp_servers = 10.11.173.1 docker_insecure_registries = brew-pulp-docker01.web.prod.ext.phx2.redhat.com:8888 enable_novajoin = true ipa_otp = 6CmShVifI5mEh6vI9wR1KGRljaGGgTHVF2e1RxptmKe6 undercloud_hostname = undercloud.redhat.local overcloud_domain_name = redhat.local undercloud_nameservers = 192.168.1.20 [ctlplane-subnet] local_subnet = ctlplane-subnet masquerade = true cidr = 172.16.0.0/24 gateway = 172.16.0.1 inspection_iprange = 172.16.0.150,172.16.0.180 dhcp_start = 172.16.0.20 dhcp_end = 172.16.0.120 ------------------------------------------------- 2. Deploy command: #!/bin/bash exec openstack overcloud deploy --templates \ -n /home/stack/templates/network_data.yaml \ -e /usr/share/openstack-tripleo-heat-templates/environments/ssl/enable-internal-tls.yaml \ -e /usr/share/openstack-tripleo-heat-templates/environments/ssl/tls-everywhere-endpoints-dns.yaml \ -e /usr/share/openstack-tripleo-heat-templates/environments/services/haproxy-public-tls-certmonger.yaml \ -e /usr/share/openstack-tripleo-heat-templates/environments/ceph-ansible/ceph-ansible.yaml \ -e /usr/share/openstack-tripleo-heat-templates/environments/network-isolation.yaml \ -e /usr/share/openstack-tripleo-heat-templates/environments/network-environment.yaml \ -e /home/stack/undercloud-templates/containers-prepare-parameter.yaml \ -e /home/stack/templates/environment/overcloud-config.yaml \ -e /home/stack/templates/environment/network-config.yaml \ -e /home/stack/templates/environment/ceph-config.yaml \ -e /home/stack/templates/environment/fixed-ips.yaml \ -e /home/stack/templates/environment/hostnames.yaml \ -e /home/stack/templates/custom-domain.yaml Actual results: "Error running ['podman', 'run', '--name', 'haproxy_init_bundle', '--label', 'config_id=tripleo_step2', '--label', 'container_name=haproxy_init_bundle', '--label', 'managed_by=paunch', '--label', 'config_data={\"command\": [\"/con tainer_puppet_apply.sh\", \"2\", \"file,file_line,concat,augeas,pacemaker::resource::bundle,pacemaker::property,pacemaker::resource::ip,pacemaker::resource::ocf,pacemaker::constraint::order,pacemaker::constraint::colocation\", \"include : :tripleo::profile::base::pacemaker; include ::tripleo::profile::pacemaker::haproxy_bundle\", \"\"], \"detach\": false, \"environment\": [\"TRIPLEO_DEPLOY_IDENTIFIER=1573035068\"], \"image\": \"172.16.0.1:8787/rhosp15-rhel8/openstack-hapro xy:15.0-76\", \"ipc\": \"host\", \"net\": \"host\", \"privileged\": true, \"start_order\": 3, \"user\": \"root\", \"volumes\": [\"/etc/hosts:/etc/hosts:ro\", \"/etc/localtime:/etc/localtime:ro\", \"/etc/pki/ca-trust/extracted:/etc/pki/ca- trust/extracted:ro\", \"/etc/pki/ca-trust/source/anchors:/etc/pki/ca-trust/source/anchors:ro\", \"/etc/pki/tls/certs/ca-bundle.crt:/etc/pki/tls/certs/ca-bundle.crt:ro\", \"/etc/pki/tls/certs/ca-bundle.trust.crt:/etc/pki/tls/certs/ca-bundl e.trust.crt:ro\", \"/etc/pki/tls/cert.pem:/etc/pki/tls/cert.pem:ro\", \"/dev/log:/dev/log\", \"/etc/ipa/ca.crt:/etc/ipa/ca.crt:ro\", \"/var/lib/container-config-scripts/container_puppet_apply.sh:/container_puppet_apply.sh:ro\", \"/etc/pup pet:/tmp/puppet-etc:ro\", \"/usr/share/openstack-puppet/modules:/usr/share/openstack-puppet/modules:ro\", \"/etc/pki/tls/private/overcloud_endpoint.pem:/etc/pki/tls/private/overcloud_endpoint.pem:ro\", \"/etc/ipa/ca.crt:/etc/ipa/ca.crt:ro \", \"/etc/pki/tls/private/haproxy:/etc/pki/tls/private/haproxy:ro\", \"/etc/pki/tls/certs/haproxy:/etc/pki/tls/certs/haproxy:ro\"]}', '--conmon-pidfile=/var/run/haproxy_init_bundle.pid', '--log-driver', 'k8s-file', '--log-opt', 'path=/va r/log/containers/stdouts/haproxy_init_bundle.log', '--env=TRIPLEO_DEPLOY_IDENTIFIER=1573035068', '--net=host', '--ipc=host', '--privileged=true', '--user=root', '--volume=/etc/hosts:/etc/hosts:ro', '--volume=/etc/localtime:/etc/localtime$ ro', '--volume=/etc/pki/ca-trust/extracted:/etc/pki/ca-trust/extracted:ro', '--volume=/etc/pki/ca-trust/source/anchors:/etc/pki/ca-trust/source/anchors:ro', '--volume=/etc/pki/tls/certs/ca-bundle.crt:/etc/pki/tls/certs/ca-bundle.crt:ro', '--volume=/etc/pki/tls/certs/ca-bundle.trust.crt:/etc/pki/tls/certs/ca-bundle.trust.crt:ro', '--volume=/etc/pki/tls/cert.pem:/etc/pki/tls/cert.pem:ro', '--volume=/dev/log:/dev/log', '--volume=/etc/ipa/ca.crt:/etc/ipa/ca.crt:ro', '--volume =/var/lib/container-config-scripts/container_puppet_apply.sh:/container_puppet_apply.sh:ro', '--volume=/etc/puppet:/tmp/puppet-etc:ro', '--volume=/usr/share/openstack-puppet/modules:/usr/share/openstack-puppet/modules:ro', '--volume=/etc/ pki/tls/private/overcloud_endpoint.pem:/etc/pki/tls/private/overcloud_endpoint.pem:ro', '--volume=/etc/ipa/ca.crt:/etc/ipa/ca.crt:ro', '--volume=/etc/pki/tls/private/haproxy:/etc/pki/tls/private/haproxy:ro', '--volume=/etc/pki/tls/certs/h aproxy:/etc/pki/tls/certs/haproxy:ro', '172.16.0.1:8787/rhosp15-rhel8/openstack-haproxy:15.0-76', '/container_puppet_apply.sh', '2', 'file,file_line,concat,augeas,pacemaker::resource::bundle,pacemaker::property,pacemaker::resource::ip,pac emaker::resource::ocf,pacemaker::constraint::order,pacemaker::constraint::colocation', 'include ::tripleo::profile::base::pacemaker; include ::tripleo::profile::pacemaker::haproxy_bundle', '']. [125]", "stdout: ", "stderr: Error: /etc/ipa/ca.crt: duplicate mount destination", "stdout: f478351e8c5afc984b1dc057380dfa7f460fc52bebd738aab5ab94d0d523efda", "Created symlink /etc/systemd/system/multi-user.target.wants/tripleo_redis_tls_proxy.service → /etc/systemd/system/tripleo_redis_tls_proxy.service." Expected results: The overcloud should deploy. Additional info: