Bug 1947116 - [RHOSP16.1] /etc/ipa/ca.crt: duplicate mount destination when deploying metrics_qdr container with TLS everywhere
Summary: [RHOSP16.1] /etc/ipa/ca.crt: duplicate mount destination when deploying metri...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-tripleo-heat-templates
Version: 16.1 (Train)
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: z7
: 16.1 (Train on RHEL 8.2)
Assignee: Chris Sibbitt
QA Contact: Leonid Natapov
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2021-04-07 17:50 UTC by Stephane Vigan
Modified: 2021-12-09 20:19 UTC (History)
8 users (show)

Fixed In Version: openstack-tripleo-heat-templates-11.3.2-1.20210607133307.29a02c1.el8ost
Doc Type: No Doc Update
Doc Text:
Clone Of:
Environment:
Last Closed: 2021-12-09 20:18:39 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
OpenStack gerrit 786700 0 None NEW Removing duplicate mount point in metrics_qdr 2021-04-16 18:28:28 UTC
Red Hat Issue Tracker OSP-2995 0 None None None 2021-11-18 11:36:24 UTC
Red Hat Product Errata RHBA-2021:3762 0 None None None 2021-12-09 20:19:00 UTC

Description Stephane Vigan 2021-04-07 17:50:16 UTC 
Description of problem:

While running an OSP16.1 with TLS everywhere and Service Telemetry Framework, container metrics_qdr failed to start because /etc/ipa/ca.crt is referenced twice.
Once in openstack-tripleo-heat-templates/deployment/containers-common.yaml part of the base volume list 
and also in openstack-tripleo-heat-templates/deployment/metrics/qdr-container-puppet.yaml


Version-Release number of selected component (if applicable):

openstack-tripleo-heat-templates-11.3.2-1.20210104205664.el8ost.2.noarch

Applied the following patch and deployment was succesfull

--- qdr-container-puppet.yaml   2021-03-11 16:25:41.000000000 +0100
+++ qdr-container-puppet.yaml.new       2021-04-07 19:27:09.612509023 +0200
@@ -349,12 +349,7 @@
                   - internal_tls_enabled
                   - - /etc/pki/tls/certs/metrics_qdr.crt:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/metrics_qdr.crt:ro
                     - /etc/pki/tls/private/metrics_qdr.key:/var/lib/kolla/config_files/src-tls/etc/pki/tls/private/metrics_qdr.key:ro
-                    - list_join:
-                      - ':'
-                      - - {get_param: InternalTLSCAFile}
-                        - {get_param: InternalTLSCAFile}
-                        - 'ro'
-                  - null
+                  - []
             environment:
               KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
       host_prep_tasks:
Comment 4 Chris Sibbitt 2021-06-07 19:56:31 UTC 
This patch is also included in openstack-tripleo-heat-templates-11.5.1-2.20210603174813.0a60ff2.el8ost which will be in OSP 16.2
Comment 24 errata-xmlrpc 2021-12-09 20:18:39 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Red Hat OpenStack Platform 16.1.7 (Train) bug fix and enhancement advisory), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2021:3762
Note You need to log in before you can comment on or make changes to this bug.