Description of problem: TLS-E enabled OpenStack deployments with STF are failing due to insufficient permissions for the user 'qdrouterd' in the container 'metrics_qdr' to read OpenStack's SSL certificates. Although this does not fail the deployment, This blocks OpenStack from sending metrics to STF. Error log from "metrics_qdr" container: 2023-03-16 03:49:47.570217 +0000 SERVER (error) SSL CA configuration failed for connection [C1] to default-interconnect-5671-service-telemetry.apps.vlan617307.rdu2.scalelab.redhat.com:443 2023-03-16 03:49:47.570721 +0000 SERVER (error) [C1] Connection aborted due to internal setup error 2023-03-16 03:49:47.570755 +0000 SERVER (info) [C1] Connection to default-interconnect-5671-service-telemetry.apps.vlan617307.rdu2.scalelab.redhat.com:443 failed: amqp:connection:framing-error Expected AMQP protocol header: no protocol header found (connection aborted) Workaround: Temporarily using ansible-playbook we are adjusting permissions on the required certificate files on all overcloud nodes inorder for "metrics_qdr" to send metrics to STF. - name: fix STF hosts: overcloud_nodes gather_facts: false become: true tasks: - name: adjust permissions for /etc/pki/tls/certs/CA_sslProfile.pem inside metrics_qdr shell: | podman exec -it -u root metrics_qdr chmod 777 /etc/pki/tls/certs/CA_sslProfile.pem ignore_errors: true - name: run qrouterd shell: | podman exec -it metrics_qdr /usr/sbin/qdrouterd -c /etc/qpid-dispatch/qdrouterd.conf -d ignore_errors: true How reproducible: 100% Steps to reproduce: 1) Deploy Openstack(TLS-E) with STF. Actual results: openstack fails to send metrics to STF Expected results: Successful overcloud deployment with STF properly configured. Additional info: OpenStack puddle: RHOS-17.1-RHEL-9-20221130.n.1 STF version: 1.5
This bug is duplicated of https://bugzilla.redhat.com/show_bug.cgi?id=2129165 which has been fixed in the puppet-tripleo-14.2.3-1.20221208230857.572edbd.el9ost Closing this one. *** This bug has been marked as a duplicate of bug 2129165 ***