Bug 2081698 - glance_api_tls_proxy container fails to start on DCN's DistributedComputeHCI nodes with TLS-E
Summary: glance_api_tls_proxy container fails to start on DCN's DistributedComputeHCI ...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-tripleo-heat-templates
Version: 17.0 (Wallaby)
Hardware: x86_64
OS: Linux
high
high
Target Milestone: ---
: ---
Assignee: Alan Bishop
QA Contact: Joe H. Rahme
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2022-05-04 12:04 UTC by Marian Krcmarik
Modified: 2022-09-21 12:21 UTC (History)
6 users (show)

Fixed In Version: openstack-tripleo-heat-templates-14.3.1-0.20220607161058.ced328c.el9ost
Doc Type: No Doc Update
Doc Text:
Clone Of:
Environment:
Last Closed: 2022-09-21 12:21:27 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
OpenStack gerrit 841743 0 None stable/wallaby: MERGED tripleo-heat-templates: Add missing cert generation tasks to glance-api (Ia284f5687bcb2d969fbcf8e86bea8cdf3733a85c) 2022-06-13 19:40:11 UTC
OpenStack gerrit 841930 0 None stable/wallaby: MERGED tripleo-heat-templates: Stop generating certificate requests for disabled networks (I05ba5fb48c617a5bbedebb8b74c23bec9ab... 2022-06-13 19:40:16 UTC
Red Hat Issue Tracker OSP-15038 0 None None None 2022-05-04 12:11:08 UTC
Red Hat Product Errata RHEA-2022:6543 0 None None None 2022-09-21 12:21:52 UTC

Description Marian Krcmarik 2022-05-04 12:04:09 UTC 
Description of problem:
glance_api_tls_proxy container fails to start on DCN's DistributedComputeHCI nodes with TLS-E during the overcloud DCN's site deployment at the step 4.
The following error is being thrown:
2022-05-03 23:46:58.270537 |                                      |
WARNING | ERROR: Can't run container glance_api_tls_proxy
stderr: Error: statfs /etc/pki/tls/certs/httpd: no such file or directory
2022-05-03 23:46:58.272059 | 52540078-cf9a-e3f9-235a-0000000091c5 |
FATAL | Create containers managed by Podman for
/var/lib/tripleo-config/container-startup-config/step_4 |
dcn1-computehci1-0 | error={"changed": false, "msg": "Failed containers:
glance_api_tls_proxy"}

The directory - /etc/pki/tls/certs/http is not available on the DistributedComputeHCI nodes while It's present at the Controller nodes.

Version-Release number of selected component (if applicable):
ansible-tripleo-ipsec-11.0.1-0.20210910011424.b5559c8.el9ost.noarch
ansible-role-tripleo-modify-image-1.3.1-0.20220216001439.30d23d5.el9ost.noarch
ansible-tripleo-ipa-0.2.3-0.20220301190449.6b0ed82.el9ost.noarch
puppet-tripleo-14.2.3-0.20220407012437.87240e8.el9ost.noarch
python3-tripleo-common-15.4.1-0.20220328184445.0c754c6.el9ost.noarch
tripleo-ansible-3.3.1-0.20220407091528.0bc2994.el9ost.noarch
openstack-tripleo-validations-14.2.2-0.20220408101530.6614654.el9ost.noarch
openstack-tripleo-common-containers-15.4.1-0.20220328184445.0c754c6.el9ost.noarch
openstack-tripleo-common-15.4.1-0.20220328184445.0c754c6.el9ost.noarch
openstack-tripleo-heat-templates-14.3.1-0.20220404155604.75fd885.el9ost.noarch
python3-tripleoclient-16.4.1-0.20220407001042.0021766.el9ost.noarch

How reproducible:
Always

Steps to Reproduce:
1. Deploy DCN topology with ceph storage at the DCN site and TLS-E


Actual results:
glance_api_tls_proxy container fails to start 

Expected results:
glance_api_tls_proxy container starts

Additional info:
Comment 11 errata-xmlrpc 2022-09-21 12:21:27 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Release of components for Red Hat OpenStack Platform 17.0 (Wallaby)), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2022:6543
Note You need to log in before you can comment on or make changes to this bug.