Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 2258446

Summary: Certificate chain broken for the mistral client
Product: Red Hat OpenStack Reporter: Ladislav Jozsa <ljozsa>
Component: openstack-tripleo-heat-templatesAssignee: Lukas Bezdicka <lbezdick>
Status: CLOSED ERRATA QA Contact: Joe H. Rahme <jhakimra>
Severity: medium Docs Contact:
Priority: medium    
Version: 16.2 (Train)CC: faguiard, jbadiapa, mariel, mburns, mciecier
Target Milestone: asyncKeywords: Triaged
Target Release: 16.2 (Train on RHEL 8.4)   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: openstack-tripleo-heat-templates-11.6.1-2.20230808225219.el8ost Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2024-03-26 12:25:59 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Ladislav Jozsa 2024-01-15 11:24:47 UTC 
Description of problem:
Minor update from 16.2 z5 to 16.2 z6 failed on PSI stage with certificate verification error:

2023-11-13 14:07:20.091 953596 ERROR tripleoclient.v1.overcloud_external_update.ExternalUpdateRun urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='10.0.55.152', port=13989): Max retries exceeded with url: /v2/executions (Caused by SSLError(SSLError(1, '[SSL: CE
RTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:897)'),))

Version-Release number of selected component (if applicable):
openstack-tripleo-heat-templates-11.6.1-2.20230320130753.el8ost.noarch

How reproducible:
We encountered the problem during OSP 16.2.5 -> 16.2.6 upgrade on PSI stage.


Steps to Reproduce:
1. Run minor update (note the previous UC certificate likely expired as has been renewed by a certmonger)
2. Update fails with certificate verification error
3.

Actual results:
2023-11-13 14:07:20.091 953596 ERROR tripleoclient.v1.overcloud_external_update.ExternalUpdateRun urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='10.0.55.152', port=13989): Max retries exceeded with url: /v2/executions (Caused by SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:897)'),))

Expected results:
Minor update passes

Additional info:
The problem could be tricky to reproduce as it apparently affects only the mistral client

Proposed (and confirmed) fix https://review.opendev.org/c/openstack/tripleo-heat-templates/+/900634
Comment 11 errata-xmlrpc 2024-03-26 12:25:59 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Red Hat OpenStack Platform 16.2.6 bug fix and enhancement advisory), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2024:1519