containerized cinder pacemaker bundles are missing ssl CA certs
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
tripleo |
Fix Released
|
High
|
Steve Baker |
Bug Description
Pacemaker containerized cinder-volume[1] and cinder-backup[2] are missing the required CA cert mounts. This can cause failures in the tempest VolumeBackup tests failing when Overcloud is using SSL,
due to being unable to verify ssl certificate,
cause seems to be that openstack-
snippet of output from failing test tempest.
> Response - Headers: {'status': '200', u'content-length': '922', 'content-location': 'https:/
> u'x-compute-
> u'content-type': 'application/json', u'x-openstack-
> Body: {"backup": {"status": "error", "object_count": 0, "container": "volumebackups",
> "name": "tempest-
> "links": [{"href": "https:/
> {"href": "https:/
> "availability_
> "updated_at": "2018-01-
> "snapshot_id": null, "volume_id": "ca53f42d-
>
> "fail_reason": "(\"bad handshake: Error([('SSL routines', 'ssl3_get_
>
> "is_incremental": false, "id": "57af9d07-
It should be enough to add the 4 /etc/pki mounts as for other pcs managed containers like rabbitmq[3]
[1] http://
[2] http://
[3] http://
Fix proposed to branch: master /review. openstack. org/540693
Review: https:/