2258446 – Certificate chain broken for the mistral client

Bug 2258446 - Certificate chain broken for the mistral client

Summary: Certificate chain broken for the mistral client

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat OpenStack
Classification:	Red Hat
Component:	openstack-tripleo-heat-templates
Sub Component:
Version:	16.2 (Train)
Hardware:	x86_64
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	async
Target Release:	16.2 (Train on RHEL 8.4)
Assignee:	Lukas Bezdicka
QA Contact:	Joe H. Rahme
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2024-01-15 11:24 UTC by Ladislav Jozsa
Modified:	2024-03-26 12:26 UTC (History)
CC List:	5 users (show)
Fixed In Version:	openstack-tripleo-heat-templates-11.6.1-2.20230808225219.el8ost
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2024-03-26 12:25:59 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Issue Tracker	OSP-31181	0	None	None	None	2024-01-15 11:27:19 UTC
Red Hat Product Errata	RHBA-2024:1519	0	None	None	None	2024-03-26 12:26:01 UTC

Description Ladislav Jozsa 2024-01-15 11:24:47 UTC

Description of problem:
Minor update from 16.2 z5 to 16.2 z6 failed on PSI stage with certificate verification error:

2023-11-13 14:07:20.091 953596 ERROR tripleoclient.v1.overcloud_external_update.ExternalUpdateRun urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='10.0.55.152', port=13989): Max retries exceeded with url: /v2/executions (Caused by SSLError(SSLError(1, '[SSL: CE
RTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:897)'),))

Version-Release number of selected component (if applicable):
openstack-tripleo-heat-templates-11.6.1-2.20230320130753.el8ost.noarch

How reproducible:
We encountered the problem during OSP 16.2.5 -> 16.2.6 upgrade on PSI stage.


Steps to Reproduce:
1. Run minor update (note the previous UC certificate likely expired as has been renewed by a certmonger)
2. Update fails with certificate verification error
3.

Actual results:
2023-11-13 14:07:20.091 953596 ERROR tripleoclient.v1.overcloud_external_update.ExternalUpdateRun urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='10.0.55.152', port=13989): Max retries exceeded with url: /v2/executions (Caused by SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:897)'),))

Expected results:
Minor update passes

Additional info:
The problem could be tricky to reproduce as it apparently affects only the mistral client

Proposed (and confirmed) fix https://review.opendev.org/c/openstack/tripleo-heat-templates/+/900634

Comment 11 errata-xmlrpc 2024-03-26 12:25:59 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Red Hat OpenStack Platform 16.2.6 bug fix and enhancement advisory), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2024:1519

Note You need to log in before you can comment on or make changes to this bug.