1891821 – "Integrate With Identity Service" guide provides incorrect recommendations in "Configure for high availability" section

Bug 1891821 - "Integrate With Identity Service" guide provides incorrect recommendations in "Configure for high availability" section

Summary: "Integrate With Identity Service" guide provides incorrect recommendations in...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat OpenStack
Classification:	Red Hat
Component:	openstack-tripleo-heat-templates
Sub Component:
Version:	16.1 (Train)
Hardware:	All
OS:	All
Priority:	medium
Severity:	medium
Target Milestone:	zstream
Target Release:	16.1 (Train on RHEL 8.2)
Assignee:	Grzegorz Grasza
QA Contact:	Joe H. Rahme
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2020-10-27 13:09 UTC by Alex Stupnikov
Modified:	2021-12-09 20:17 UTC (History)
CC List:	7 users (show)
Fixed In Version:	openstack-tripleo-heat-templates-11.3.2-1.20210423193228.29a02c1
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2021-12-09 20:17:24 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Launchpad	1923048	None	None	None	2021-04-08 12:40:24 UTC
OpenStack gerrit	785404	None	MERGED	Mount /etc/openldap inside the keystone container	2021-04-21 07:08:31 UTC
OpenStack gerrit	786897	None	MERGED	Mount /etc/openldap inside the keystone container	2021-04-25 15:17:38 UTC
Red Hat Issue Tracker	OSP-154	None	None	None	2021-11-18 11:28:57 UTC
Red Hat Product Errata	RHBA-2021:3762	None	None	None	2021-12-09 20:17:49 UTC

Description Alex Stupnikov 2020-10-27 13:09:50 UTC

Description of problem:

"Integrate With Identity Service" guide tells users to "Set the network timeout in /etc/openldap/ldap.conf" [1]. It was proper recommendation for RHOSP 10, but keystone is running in containers since RHOSP 12.

As a result, customers need to adjust settings inside keystone container, but there is no folder related to /etc/openldap in /var/lib/config-data/puppet-generated/keystone/etc/

Affected releases: all active RHOSP releases.

I am not sure if this is a pure documentation bug or a combination of keystone container issue and documentation problem, so setting openstack-keystone as affected component.


[1]
https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/8/html/integrate_with_identity_service/sec-active-directory#AD-HA
2. Set the network timeout in /etc/openldap/ldap.conf:
NETWORK_TIMEOUT 2

Comment 6 Harry Rybacki 2021-03-08 15:46:24 UTC

Setting CONDNACK capacity for now.

Comment 27 errata-xmlrpc 2021-12-09 20:17:24 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Red Hat OpenStack Platform 16.1.7 (Train) bug fix and enhancement advisory), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2021:3762

Note You need to log in before you can comment on or make changes to this bug.