Description of problem: Currently DCN with TLS-e (novajoin) does not support TLS between Cinder A/A (at the edge) and the DLM (etcd). With the introduction of triple-ipa as an alternative of novajoin it is possible to enable TLS on that flow. This RFE is to track the testing of DCN + TLS-e Tripleo-ipa + Cinder at the edge and ensure cinder to etcd flow is indeed encrypted. Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info:
The tls-e deployment needs to include these additional settings (substitute $THT with the path to your tripleo heat templates). resource_registry: OS::TripleO::Services::IpaClient: $THT/deployment/ipa/ipaservices-baremetal-ansible.yaml parameter_defaults: EnableEtcdInternalTLS: true
There were couple of new bugs filed, one of them not that severe and the other one very severe if glance is being deployed on the EDGE site. 1. https://bugzilla.redhat.com/show_bug.cgi?id=1869001 2. https://bugzilla.redhat.com/show_bug.cgi?id=1869001 The second one prevents successful deployment with glance deployed at the Edge site.
I think for number 2 you mean bug #1873329.
According to our records, this should be resolved by openstack-tripleo-heat-templates-11.3.2-0.20200616081539.396affd.el8ost. This build is available now.
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 1000 days