1906698 – [OSP16.1] Consider UseTLSTransportForNbd state from previous deployment

Bug 1906698 - [OSP16.1] Consider UseTLSTransportForNbd state from previous deployment

Summary: [OSP16.1] Consider UseTLSTransportForNbd state from previous deployment

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat OpenStack
Classification:	Red Hat
Component:	python-tripleoclient
Sub Component:
Version:	16.1 (Train)
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	high
Target Milestone:	z4
Target Release:	16.1 (Train on RHEL 8.2)
Assignee:	Martin Schuppert
QA Contact:	Pavan
Docs Contact:
URL:
Whiteboard:
Depends On:	1924106
Blocks:
TreeView+	depends on / blocked

Reported:	2020-12-11 07:53 UTC by Martin Schuppert
Modified:	2021-03-17 15:36 UTC (History)
CC List:	5 users (show)
Fixed In Version:	openstack-tripleo-heat-templates-11.3.2-1.20201114031848.el8ost python-tripleoclient-12.3.2-1.20201114043237.el8ost
Doc Type:	Bug Fix
Doc Text:	Before this update, live migration failed when upgrading a TLS everywhere environment with local ephemeral storage and `UseTLSTransportForNbd` set to "False". This occurred because the default value of the `UseTLSTransportForNbd` configuration had changed from "False" in RHOSP 13 to "True" in RHOSP 16.x, which resulted in the correct certifications not being included in the QEMU process containers. With this update, director checks the configuration of the previously deployed environment for `global_config_settings` and uses it to ensure that the `UseTLSTransportForNbd` state stays the same in the upgrade as on previous deployment. If `global_config_settings` exists in the configuration file, then director checks the configuration of the `use_tls_for_nbd` key. If `global_config_settings` does not exist, director evaluates the hieradata key `nova::compute::libvirt::qemu::nbd_tls`. Keeping the `UseTLSTransportForNbd` state the same in the upgraded deployment as on previous deployment ensures that live migration works.
Clone Of:
Environment:
Last Closed:	2021-03-17 15:36:09 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
OpenStack gerrit	760788	None	MERGED	[train/stein only] Add parameter to identify previous nbd-tls state	2021-02-08 21:57:08 UTC
OpenStack gerrit	760789	None	MERGED	[train/stein] Handle UseTLSTransportForNbd for previous created envs	2021-02-08 21:57:08 UTC
Red Hat Product Errata	RHBA-2021:0817	None	None	None	2021-03-17 15:36:38 UTC

Description Martin Schuppert 2020-12-11 07:53:08 UTC

This bug was initially created as a copy of Bug #1893113

I am copying this bug because: 

BZ1893113 is used to track to use certificate bind mounts instead of copy the certificates
using the kolla config merge functionality into the container dir structure. This allows
to enable/disable UseTLSTransportForNbd when containers consume the bind mounts as the
require certificates are there.

Description of problem:

In OSP16.1 the default of UseTLSTransportForNbd us True. This BZ is to consider the UseTLSTransportForNbd
from a previous deployment where UseTLSTransportForNbd might be false.

Version-Release number of selected component (if applicable):
Latest

Comment 16 errata-xmlrpc 2021-03-17 15:36:09 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Red Hat OpenStack Platform 16.1.4 director bug fix advisory), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2021:0817

Note You need to log in before you can comment on or make changes to this bug.