Description of problem: DCN deployment with TLS-S and nodes of DistributedComputeScaleOut role fails on: message: 'Could not evaluate: Could not get certificate: Server at https://site-freeipa-0.redhat.local/ipa/xml denied our request, giving up: 3007 (RPC failed at server. ''fqdn'' is required).' source: "/Stage[main]/Tripleo::Profile::Base::Certmonger_user/Tripleo::Certmonger::Haproxy[haproxy-storage_mgmt]/Certmonger_certificate[haproxy-storage_mgmt-cert]" The role does not include storage mgmt network in role definition and thus such certificate should not be requested from IPA server. Version-Release number of selected component (if applicable): How reproducible: always Steps to Reproduce: 1. Deploy openstack with TLS-E and with nodes of DistributedComputeScaleOut role Additional info: - level: warning message: 'Could not get certificate: Execution of ''/usr/bin/getcert request -I haproxy-storage_mgmt-cert -f /etc/pki/tls/certs/haproxy/overcloud-haproxy-storage_mgmt.crt -c IPA -N CN= -K haproxy/ -D overcloud.storagemgmt.redhat.local -D -U id-kp-clientAuth -U id-kp-serverAuth -C /usr/bin/certmonger-haproxy-refresh.sh reload storage_mgmt -w -k /etc/pki/tls/private/haproxy/overcloud-haproxy-storage_mgmt.key'' returned 2: New signing request "haproxy-storage_mgmt-cert" added.' source: Puppet tags: - warning time: '2020-11-24T16:05:43.460165237+00:00' file: line: - level: debug message: 'Executing: ''/usr/bin/getcert list -i haproxy-storage_mgmt-cert''' source: Puppet tags: - debug time: '2020-11-24T16:05:43.460520119+00:00' file: line: - level: err message: 'Could not evaluate: Could not get certificate: Server at https://site-freeipa-0.redhat.local/ipa/xml denied our request, giving up: 3007 (RPC failed at server. ''fqdn'' is required).'
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Red Hat OpenStack Platform 16.1.4 director bug fix advisory), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2021:0817