tripleo

t-h-t attempts to generate TLS certs for inactive networks

Bug #1748053 reported by Oliver Walsh on 2018-02-08

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	tripleo	Fix Released	High	Oliver Walsh	tripleo queens-rc1

Bug Description

THT is trying to generate certs for networks that do not exist on the controller role, e.g storage_nfs:

Feb 7 22:07:12 localhost puppet-user[15194]: (/Stage[main]/Tripleo::Profile::Base::Certmonger_user/Tripleo::Certmonger::Httpd[httpd-storage_nfs]/Certmonger_certificate[httpd-storage_nfs]/ensure) created
Feb 7 22:07:13 localhost certmonger: 2018-02-07 22:07:13 [15662] Server at https://ipa.tripleodomain.example.com/ipa/xml denied our request, giving up: 3007 (RPC failed at server. 'fqdn' is required).

Revision history for this message

Juan Antonio Osorio Robles (juan-osorio-robles) wrote on 2018-02-08:

is this an on-going thing? how do I reproduce it? does it make the deployment fail?

Revision history for this message

Juan Antonio Osorio Robles (juan-osorio-robles) wrote on 2018-02-08:

Seems this triggered the issue https://review.openstack.org/#/c/512239/

Revision history for this message

Oliver Walsh (owalsh) wrote on 2018-02-08:

Fix proposed to branch: master
Review: https://review.openstack.org/541922

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2018-02-08: Fix merged to tripleo-heat-templates (master)

Reviewed: https://review.openstack.org/541922
Committed: https://git.openstack.org/cgit/openstack/tripleo-heat-templates/commit/?id=fa66c327fc180acdf66b43629f0feb84d0e24b41
Submitter: Zuul
Branch: master

commit fa66c327fc180acdf66b43629f0feb84d0e24b41
Author: Oliver Walsh <email address hidden>
Date: Wed Feb 7 22:01:38 2018 +0000

Do not generate apache/haproxy certs for invalid networks

Certs were being generated for all networks in service net map.
This was failing as we do not generate hieradata for all of these networks.

Switching from yaql to jinga templating to match the logic that
generates the hieradata.

    Change-Id: Ic6c25aceb07ea3824a8fb23549bc5d1205e5cefc
    Closes-bug: 1748023
    Closes-Bug: 1748053

Changed in tripleo:
status:	In Progress → Fix Released

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2018-03-03: Fix included in openstack/tripleo-heat-templates 8.0.0.0rc1

This issue was fixed in the openstack/tripleo-heat-templates 8.0.0.0rc1 release candidate.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.