Description of problem: While running an OSP16.1 with TLS everywhere and Service Telemetry Framework, container metrics_qdr failed to start because /etc/ipa/ca.crt is referenced twice. Once in openstack-tripleo-heat-templates/deployment/containers-common.yaml part of the base volume list and also in openstack-tripleo-heat-templates/deployment/metrics/qdr-container-puppet.yaml Version-Release number of selected component (if applicable): openstack-tripleo-heat-templates-11.3.2-1.20210104205664.el8ost.2.noarch Applied the following patch and deployment was succesfull --- qdr-container-puppet.yaml 2021-03-11 16:25:41.000000000 +0100 +++ qdr-container-puppet.yaml.new 2021-04-07 19:27:09.612509023 +0200 @@ -349,12 +349,7 @@ - internal_tls_enabled - - /etc/pki/tls/certs/metrics_qdr.crt:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/metrics_qdr.crt:ro - /etc/pki/tls/private/metrics_qdr.key:/var/lib/kolla/config_files/src-tls/etc/pki/tls/private/metrics_qdr.key:ro - - list_join: - - ':' - - - {get_param: InternalTLSCAFile} - - {get_param: InternalTLSCAFile} - - 'ro' - - null + - [] environment: KOLLA_CONFIG_STRATEGY: COPY_ALWAYS host_prep_tasks:
This patch is also included in openstack-tripleo-heat-templates-11.5.1-2.20210603174813.0a60ff2.el8ost which will be in OSP 16.2
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Red Hat OpenStack Platform 16.1.7 (Train) bug fix and enhancement advisory), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2021:3762