Undercloud certificate generation caused loop when undercloud install was running at the first time.
Settings:
undercloud_hostname = tripleo-vm.cloud.local
undercloud_public_host = tripleo.cloud.local
generate_service_certificate = true
certificate_generation_ca = IPA
service_principal = <email address hidden>
Log:
Jun 27 22:06:07 tripleo-vm certmonger: Certificate in file "/etc/pki/tls/certs/undercloud-front.crt" issued by CA and saved.
Jun 27 22:06:08 tripleo-vm certmonger: Certificate in file "/etc/pki/tls/certs/undercloud-front.crt" issued by CA and saved.
Jun 27 22:06:08 tripleo-vm certmonger: Certificate in file "/etc/pki/tls/certs/undercloud-front.crt" issued by CA and saved.
Jun 27 22:06:09 tripleo-vm certmonger: Certificate in file "/etc/pki/tls/certs/undercloud-front.crt" issued by CA and saved.
Jun 27 22:06:09 tripleo-vm systemd: Unit haproxy.service cannot be reloaded because it is inactive.
Jun 27 22:06:12 tripleo-vm certmonger: Certificate in file "/etc/pki/tls/certs/undercloud-front.crt" issued by CA and saved.
Jun 27 22:06:12 tripleo-vm certmonger: Certificate in file "/etc/pki/tls/certs/undercloud-front.crt" issued by CA and saved.
Jun 27 22:06:12 tripleo-vm systemd: Unit haproxy.service cannot be reloaded because it is inactive.
Jun 27 22:06:12 tripleo-vm systemd: Unit haproxy.service cannot be reloaded because it is inactive.
Jun 27 22:06:13 tripleo-vm certmonger: Certificate in file "/etc/pki/tls/certs/undercloud-front.crt" issued by CA and saved.
Jun 27 22:06:13 tripleo-vm systemd: Unit haproxy.service cannot be reloaded because it is inactive.
Jun 27 22:06:14 tripleo-vm certmonger: Certificate in file "/etc/pki/tls/certs/undercloud-front.crt" issued by CA and saved.
Jun 27 22:06:14 tripleo-vm systemd: Unit haproxy.service cannot be reloaded because it is inactive.
Jun 27 22:06:15 tripleo-vm certmonger: Certificate in file "/etc/pki/tls/certs/undercloud-front.crt" issued by CA and saved.
Jun 27 22:06:15 tripleo-vm systemd: Unit haproxy.service cannot be reloaded because it is inactive.
Jun 27 22:06:15 tripleo-vm certmonger: Certificate in file "/etc/pki/tls/certs/undercloud-front.crt" issued by CA and saved.
Jun 27 22:06:16 tripleo-vm certmonger: Certificate in file "/etc/pki/tls/certs/undercloud-front.crt" issued by CA and saved.
Jun 27 22:06:16 tripleo-vm systemd: Unit haproxy.service cannot be reloaded because it is inactive.
Jun 27 22:06:16 tripleo-vm certmonger: Certificate in file "/etc/pki/tls/certs/undercloud-front.crt" issued by CA and saved.
Jun 27 22:06:17 tripleo-vm certmonger: Certificate in file "/etc/pki/tls/certs/undercloud-front.crt" issued by CA and saved.
Jun 27 22:06:18 tripleo-vm certmonger: Certificate in file "/etc/pki/tls/certs/undercloud-front.crt" issued by CA and saved.
Jun 27 22:06:18 tripleo-vm systemd: Unit haproxy.service cannot be reloaded because it is inactive.
Jun 27 22:06:18 tripleo-vm certmonger: Certificate in file "/etc/pki/tls/certs/undercloud-front.crt" issued by CA and saved.
Jun 27 22:06:21 tripleo-vm certmonger: Certificate in file "/etc/pki/tls/certs/undercloud-front.crt" issued by CA and saved.
Jun 27 22:06:22 tripleo-vm certmonger: Certificate in file "/etc/pki/tls/certs/undercloud-front.crt" issued by CA and saved.
As a workaround tracking was manually stopped.
Re-running undercloud install did not produce the same issue. Cert status was MONITORING as expected.
This may be related to https://bugs.launchpad.net/tripleo/+bug/1668775 update.
It seems it's already fixed in upstream.
https:/ /github. com/openstack/ instack- undercloud/ commit/ 3a67a6c8cb02982 5d307453f429873 c6486bf52f# diff-a431b982a3 ed9719db7bae980 a40f893