Juniper Openstack

R5.0-micro-services provision - controller fails to come up due to missing ssl certs..

Bug #1760051 reported by Ritam Gangopadhyay on 2018-03-30

This bug affects 1 person

	Status	Importance	Assigned to	Milestone
Juniper Openstack	Status tracked in Trunk
R5.0	Fix Committed	Critical	alexey-mr	Juniper Openstack r5.0.0
Trunk	Fix Committed	Critical	alexey-mr	Juniper Openstack r5.1.0

Bug Description

If we set XMPP_SSL_ENABLE to True the controller fails to come up because of missing certs.

[root@nodec28 ~]# grep -rn SSL contrail-ansible-deployer/config/instances.yaml -B14
85-
86-contrail_configuration:
87- CLOUD_ORCHESTRATOR: openstack
88- CONTROLLER_NODES: 192.168.100.11,192.168.100.13,192.168.100.17
89- CONFIG_NODES: 192.168.100.11,192.168.100.13,192.168.100.17
90- ANALYTICS_NODES: 192.168.100.11,192.168.100.13,192.168.100.17
91- CONTAINER_REGISTRY: 10.204.217.152:5000
92- REGISTRY_PRIVATE_INSECURE: True
93- CONTRAIL_VERSION: latest
94- RABBITMQ_NODE_PORT: 5673
95- KEYSTONE_AUTH_HOST: 192.168.100.20
96- KEYSTONE_AUTH_ADMIN_PASSWORD: c0ntrail123
97- KEYSTONE_AUTH_URL_VERSION: /v3
98- VROUTER_GATEWAY: 192.168.100.100
99: XMPP_SSL_ENABLE: True
[root@nodec28 ~]#

[root@nodec28 ~]# docker ps | grep control_1
d88a72dbed64 10.204.217.152:5000/contrail-controller-control-control:latest "/entrypoint.sh /u..." About an hour ago Restarting (139) 7 minutes ago control_control_1
[root@nodec28 ~]#

[root@nodec28 ~]# cat /var/log/contrail/contrail-control.log
2018-03-30 Fri 07:53:18:936.581 UTC nodec28 [Thread 139930841585792, Pid 1]: Error : No such file or directory, while using server cert file : /etc/contrail/ssl/certs/server.pem
2018-03-30 Fri 07:53:29:360.038 UTC nodec28 [Thread 140185640147072, Pid 1]: Error : No such file or directory, while using server cert file : /etc/contrail/ssl/certs/server.pem
2018-03-30 Fri 07:53:39:785.150 UTC nodec28 [Thread 139723978356864, Pid 1]: Error : No such file or directory, while using server cert file : /etc/contrail/ssl/certs/server.pem
2018-03-30 Fri 07:53:51:074.047 UTC nodec28 [Thread 140549417691264, Pid 1]: Error : No such file or directory, while using server cert file : /etc/contrail/ssl/certs/server.pem
2018-03-30 Fri 07:54:05:306.872 UTC nodec28 [Thread 140180391925888, Pid 1]: Error : No such file or directory, while using server cert file : /etc/contrail/ssl/certs/server.pem
2018-03-30 Fri 07:54:18:394.020 UTC nodec28 [Thread 139669490022528, Pid 1]: Error : No such file or directory, while using server cert file : /etc/contrail/ssl/certs/server.pem
2018-03-30 Fri 07:54:31:507.072 UTC nodec28 [Thread 140389735467136, Pid 1]: Error : No such file or directory, while using server cert file : /etc/contrail/ssl/certs/server.pem
2018-03-30 Fri 07:54:47:911.079 UTC nodec28 [Thread 139630360508544, Pid 1]: Error : No such file or directory, while using server cert file : /etc/contrail/ssl/certs/server.pem
2018-03-30 Fri 07:55:10:700.627 UTC nodec28 [Thread 140627535095936, Pid 1]: Error : No such file or directory, while using server cert file : /etc/contrail/ssl/certs/server.pem
2018-03-30 Fri 07:55:46:159.935 UTC nodec28 [Thread 140046478862464, Pid 1]: Error : No such file or directory, while using server cert file : /etc/contrail/ssl/certs/server.pem
2018-03-30 Fri 07:56:47:291.346 UTC nodec28 [Thread 139955558197376, Pid 1]: Error : No such file or directory, while using server cert file : /etc/contrail/ssl/certs/server.pem
2018-03-30 Fri 07:58:39:567.700 UTC nodec28 [Thread 139649598699648, Pid 1]: Error : No such file or directory, while using server cert file : /etc/contrail/ssl/certs/server.pem
2018-03-30 Fri 08:02:14:129.950 UTC nodec28 [Thread 140476402063488, Pid 1]: Error : No such file or directory, while using server cert file : /etc/contrail/ssl/certs/server.pem
2018-03-30 Fri 08:09:13:557.260 UTC nodec28 [Thread 139922473523328, Pid 1]: Error : No such file or directory, while using server cert file : /etc/contrail/ssl/certs/server.pem
2018-03-30 Fri 08:23:02:569.810 UTC nodec28 [Thread 140690350815360, Pid 1]: Error : No such file or directory, while using server cert file : /etc/contrail/ssl/certs/server.pem
2018-03-30 Fri 08:50:30:766.123 UTC nodec28 [Thread 140665538037888, Pid 1]: Error : No such file or directory, while using server cert file : /etc/contrail/ssl/certs/server.pem
[root@nodec28 ~]#

See original description

Tags:

Ritam Gangopadhyay (ritam) on 2018-03-30

tags:	added: xmpp removed: xm
description:	updated

Revision history for this message

Abhay Joshi (abhayj) wrote on 2018-04-02:

This requires new function implementation in ansible to generate and copy cert files on target nodes. Won't be doable for 5.0.0. We will look into it for a future release. For now setting target to 5.0.1.

Ritam Gangopadhyay (ritam) on 2018-04-03

tags:

added: releasenote

Revision history for this message

Abhay Joshi (abhayj) wrote on 2018-04-05:

Capturing the email chain:

From: Michael Henkel <email address hidden>
Date: Thursday, April 5, 2018 at 9:30 AM
To: Abhay Joshi <email address hidden>
Cc: Sudheendra Rao <email address hidden>, Rudra Rugge <email address hidden>, Jeba Paulaiyan <email address hidden>, Ritam Gangopadhyay <email address hidden>
Subject: Re: Provision MX connectivity

Hi All,

the ansible deployer is meant to be a day0 deployment tools, which means its sole mission is to bring Contrail into an operational state. Things like creating external connectivity are day1/2 operations as they can have a wide variety of different parameters (depending on things like backbone architectures) which we cannot all cover in a day0 deployment tool.
I try to keep the ansible deployer as clean as possible and not to add stuff which doesn’t belong there.
Regards,
Michael

Am 05.04.2018 um 18:23 schrieb Abhay Joshi <email address hidden>:
Hi Sudhee,

Regarding https://bugs.launchpad.net/juniperopenstack/+bug/1760051, in 4.1 the generation and population of certification was taken care of by SM. When Michael did ansible playbooks for 5.0 micro-services, ideally this should have been covered in there. Looks like it is not – so we have to look into it as a fresh item. Michael, do you think you will be able to add the tasks for this in ansible?

Thanks,

Abhay

From: Sudheendra Rao <email address hidden>
Date: Thursday, April 5, 2018 at 3:29 AM
To: Michael Henkel <email address hidden>, Abhay Joshi <email address hidden>
Cc: Rudra Rugge <email address hidden>, Jeba Paulaiyan <email address hidden>, Ritam Gangopadhyay <email address hidden>
Subject: Provision MX connectivity

Hi Michael/Abhay,

We need the bug https://bugs.launchpad.net/juniperopenstack/+bug/1759428 to be fixed for R5.0.
Without this we will not be able to run any of MX related TCs in sanity.
Michael has moved this to wishlist, but we really need this for sanity and regression for R5.0.
Can you please take this up?

Also SSL support for meta-data services is not there in R5.0 due to bug https://bugs.launchpad.net/juniperopenstack/+bug/1760051
Abhay has moved this out of R5.0, is it fine? This was supported feature in R4.1.

Thanks,
Sudhee.

Capturing the email chain:

From: Michael Henkel <mhenkel@juniper.net>
Date: Thursday, April 5, 2018 at 9:30 AM
To: Abhay Joshi <abhayj@juniper.net>
Cc: Sudheendra Rao <sudheendra@juniper.net>, Rudra Rugge <rrugge@juniper.net>, Jeba Paulaiyan <jebap@juniper.net>, Ritam Gangopadhyay <ritam@juniper.net>
Subject: Re: Provision MX connectivity

Hi All,

Am 05.04.2018 um 18:23 schrieb Abhay Joshi <abhayj@juniper.net>:
Hi Sudhee,
 
Regarding https://bugs.launchpad.net/juniperopenstack/+bug/1760051, in 4.1 the generation and population of certification was taken care of by SM. When Michael did ansible playbooks for 5.0 micro-services, ideally this should have been covered in there. Looks like it is not – so we have to look into it as a fresh item. Michael, do you think you will be able to add the tasks for this in ansible?
 
Thanks,
 
Abhay
 
From: Sudheendra Rao <sudheendra@juniper.net>
Date: Thursday, April 5, 2018 at 3:29 AM
To: Michael Henkel <mhenkel@juniper.net>, Abhay Joshi <abhayj@juniper.net>
Cc: Rudra Rugge <rrugge@juniper.net>, Jeba Paulaiyan <jebap@juniper.net>, Ritam Gangopadhyay <ritam@juniper.net>
Subject: Provision MX connectivity
 
Hi Michael/Abhay,
 
    We need the bug https://bugs.launchpad.net/juniperopenstack/+bug/1759428 to be fixed for R5.0.
Without this we will not be able to run any of MX related TCs in sanity.
Michael has moved this to wishlist, but we really need this for sanity and regression for R5.0.
Can you please take this up?
 
Also SSL support for meta-data services is not there in R5.0 due to bug https://bugs.launchpad.net/juniperopenstack/+bug/1760051
Abhay has moved this out of R5.0, is it fine? This was supported feature in R4.1.
 
Thanks,
Sudhee.

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2018-04-06: [Review update] master

Review in progress for https://review.opencontrail.org/41543
Submitter: Nitish Krishna Kaveri (<email address hidden>)

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2018-04-10:

Review in progress for https://review.opencontrail.org/41683
Submitter: Nitish Krishna Kaveri (<email address hidden>)

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2018-04-10:

#10

Review in progress for https://review.opencontrail.org/41543
Submitter: Nitish Krishna Kaveri (<email address hidden>)

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2018-04-10: A change has been merged

#12

Reviewed: https://review.opencontrail.org/41683
Committed: http://github.com/Juniper/contrail-container-builder/commit/3f12fbf05420cb6b2af6909df8dab0ea201f405d
Submitter: Zuul v3 CI (<email address hidden>)
Branch: master

commit 3f12fbf05420cb6b2af6909df8dab0ea201f405d
Author: nitishkrishna <email address hidden>
Date: Tue Apr 10 11:07:53 2018 -0700

Partial-Bug: #1760051 - Create SSL certs if any SSL flag is set

Today it is creating only for top level SSL enable. Needs to be done for subcategories like: XMPP, Introspect, etc

Change-Id: I5d30b217751f1c5156a6346e6ff71d09b9c54fa8

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2018-04-10: [Review update] R5.0

#13

Review in progress for https://review.opencontrail.org/41713
Submitter: Nitish Krishna Kaveri (<email address hidden>)

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2018-04-11: A change has been merged

#14

Reviewed: https://review.opencontrail.org/41713
Committed: http://github.com/Juniper/contrail-container-builder/commit/98a3321a475131a97e42585920d58f700bfe2301
Submitter: Zuul v3 CI (<email address hidden>)
Branch: R5.0

commit 98a3321a475131a97e42585920d58f700bfe2301
Author: nitishkrishna <email address hidden>
Date: Tue Apr 10 11:07:53 2018 -0700

Partial-Bug: #1760051 - Create SSL certs if any SSL flag is set

Today it is creating only for top level SSL enable. Needs to be done for subcategories like: XMPP, Introspect, etc

Change-Id: I5d30b217751f1c5156a6346e6ff71d09b9c54fa8
(cherry picked from commit 3f12fbf05420cb6b2af6909df8dab0ea201f405d)

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2018-04-11:

#15

Reviewed: https://review.opencontrail.org/41543
Committed: http://github.com/Juniper/contrail-ansible-deployer/commit/915b220a39ca3104b1f5871c65047c21d543ca9b
Submitter: Zuul v3 CI (<email address hidden>)
Branch: master

commit 915b220a39ca3104b1f5871c65047c21d543ca9b
Author: nitishkrishna <email address hidden>
Date: Mon Apr 9 11:32:17 2018 -0700

Closes-Bug: #1760051 - Loading of SSL certs per Server for Metadata SSL

As in SM, these certs are created for each server and Subject Alt Names are set based on IP/DNS
To enable SSL, please add to config/instances.yml:

contrail_configuration:
SSL_ENABLE: True

This will mount the certs created in node init container to the "default" paths specified here:
https://github.com/Juniper/contrail-container-builder/blob/master/containers/base/common.sh#L26

We will need to implement separately what to do if user created certs are supplied.
This ability is not there in container-builder today so I haven't implemented it.

Patch 2:
Changed to using node init container for cert creation
Patch 3:
Make mounting un-conditional
Patch 4:
Added dpdk vrouter file

Change-Id: I322b153e46c3a86119626f3ec8315a31aad2e4e5

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2018-04-11: [Review update] R5.0

#16

Review in progress for https://review.opencontrail.org/41753
Submitter: Nitish Krishna Kaveri (<email address hidden>)

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2018-04-11: A change has been merged

#18

Reviewed: https://review.opencontrail.org/41753
Committed: http://github.com/Juniper/contrail-ansible-deployer/commit/cd61114393eeac844c1bb4d514394377f8a21655
Submitter: Zuul v3 CI (<email address hidden>)
Branch: R5.0

commit cd61114393eeac844c1bb4d514394377f8a21655
Author: nitishkrishna <email address hidden>
Date: Mon Apr 9 11:32:17 2018 -0700

Closes-Bug: #1760051 - Loading of SSL certs per Server for Metadata SSL

As in SM, these certs are created for each server and Subject Alt Names are set based on IP/DNS
To enable SSL, please add to config/instances.yml:

contrail_configuration:
SSL_ENABLE: True

This will mount the certs created in node init container to the "default" paths specified here:
https://github.com/Juniper/contrail-container-builder/blob/master/containers/base/common.sh#L26

We will need to implement separately what to do if user created certs are supplied.
This ability is not there in container-builder today so I haven't implemented it.

Patch 2:
Changed to using node init container for cert creation
Patch 3:
Make mounting un-conditional
Patch 4:
Added dpdk vrouter file

Change-Id: I322b153e46c3a86119626f3ec8315a31aad2e4e5
(cherry picked from commit 915b220a39ca3104b1f5871c65047c21d543ca9b)

Revision history for this message

Ritam Gangopadhyay (ritam) wrote on 2018-04-12:

#19

Most of the services are stuck at initializing state and contail-control shwos the below logs due to ssl cert mismatch-

controller logs :-

2018-04-12 Thu 17:53:17:466.837 UTC nodec28 [Thread 139719482955904, Pid 1]: TCP [SYS_ERR]: TcpSessionMessageLog: Session 10.204.217.13:8083::10.204.217.13:50374 > SSL Handshake failed due to error: 336130315 category: asio.ssl message: wrong version number src/contrail-common/io/ssl_server.cc 92
2018-04-12 Thu 17:53:17:469.240 UTC nodec28 [Thread 139719482955904, Pid 1]: TCP [SYS_ERR]: TcpSessionMessageLog: Session 10.204.217.13:8083::10.204.217.13:50376 > SSL Handshake failed due to error: 335544539 category: asio.ssl message: short read src/contrail-common/io/ssl_server.cc 92
2018-04-12 Thu 18:01:25:004.149 UTC nodec28 [Thread 139719482955904, Pid 1]: TCP [SYS_ERR]: TcpSessionMessageLog: Session 10.204.217.13:8083::10.204.217.13:50792 > SSL Handshake failed due to error: 336130315 category: asio.ssl message: wrong version number src/contrail-common/io/ssl_server.cc 92
2018-04-12 Thu 18:01:25:006.506 UTC nodec28 [Thread 139719482955904, Pid 1]: TCP [SYS_ERR]: TcpSessionMessageLog: Session 10.204.217.13:8083::10.204.217.13:50794 > SSL Handshake failed due to error: 335544539 category: asio.ssl message: short read src/contrail-common/io/ssl_server.cc 92

Revision history for this message

Ritam Gangopadhyay (ritam) wrote on 2018-04-12:

#20

Setup in error state can be found by logging into nodec28 - 10.204.217.13
Full setup details are mentioned in the file /root/contrail-ansible-deployer/config/instances.yaml on nodec28.

Revision history for this message

Nitish Krishna Kaveri (nitishk) wrote on 2018-04-12:

#21

Moving the bug to Alexey Morlang. He wrote the internal TLS code where the problem seems to be.
The certs get copied/mounted to all the containers as expected with my check-in and there don't seem to be issues in that.

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2018-04-15: [Review update] master

#22

Review in progress for https://review.opencontrail.org/41928
Submitter: alexey-mr (<email address hidden>)

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2018-04-16: [Review update] R5.0

#23

Review in progress for https://review.opencontrail.org/41935
Submitter: alexey-mr (<email address hidden>)

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2018-04-16: [Review update] master

#24

Review in progress for https://review.opencontrail.org/41937
Submitter: alexey-mr (<email address hidden>)

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2018-04-16:

#27

Review in progress for https://review.opencontrail.org/41955
Submitter: alexey-mr (<email address hidden>)

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2018-04-16: [Review update] R5.0

#29

Review in progress for https://review.opencontrail.org/41956
Submitter: alexey-mr (<email address hidden>)

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2018-04-16: [Review update] master

#30

Review in progress for https://review.opencontrail.org/41962
Submitter: alexey-mr (<email address hidden>)

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2018-04-16: [Review update] R5.0

#31

Review in progress for https://review.opencontrail.org/41963
Submitter: alexey-mr (<email address hidden>)

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2018-04-16: A change has been merged

#32

Reviewed: https://review.opencontrail.org/41935
Committed: http://github.com/Juniper/contrail-container-builder/commit/afbcdb6efed4c9f1c81adb2c71eff32afb14592e
Submitter: Zuul v3 CI (<email address hidden>)
Branch: R5.0

commit afbcdb6efed4c9f1c81adb2c71eff32afb14592e
Author: alexey-mr <email address hidden>
Date: Sun Apr 15 23:37:07 2018 +0300

SSL related fixes.

- wait till cert files appear, because
node-init may not finished before a container starts
- provision vrouter with host ip taken from vhost0
- non empty default value for SERVER_CA_CERTFILE
- retries for detecting own IP in 3rd party containers,
in case of all-in-one there is a race with vhost0 initialization
(at this moment there is no own ip detected)

Change-Id: Id08030a70b859b660ef9843a37256b2326176963
Partial-Bug: #1760051

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2018-04-16:

#33

Reviewed: https://review.opencontrail.org/41928
Committed: http://github.com/Juniper/contrail-container-builder/commit/a5778548ee53d09aca5f42fe6aa8c7c5c3d93fae
Submitter: Zuul v3 CI (<email address hidden>)
Branch: master

commit a5778548ee53d09aca5f42fe6aa8c7c5c3d93fae
Author: alexey-mr <email address hidden>
Date: Sun Apr 15 23:37:07 2018 +0300

SSL related fixes.

Change-Id: Id08030a70b859b660ef9843a37256b2326176963
Partial-Bug: #1760051

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2018-04-16:

#34

Reviewed: https://review.opencontrail.org/41963
Committed: http://github.com/Juniper/contrail-container-builder/commit/46c3fac86ad1f163c7f0c8b0571b60349f16ff0a
Submitter: Zuul v3 CI (<email address hidden>)
Branch: R5.0

commit 46c3fac86ad1f163c7f0c8b0571b60349f16ff0a
Author: alexey-mr <email address hidden>
Date: Mon Apr 16 18:37:18 2018 +0300

Add ssl cert mount for contrail-status.

Change-Id: Ic7f13c805dff4c929c533500340691ac2b753cee
Depends-On: Id08030a70b859b660ef9843a37256b2326176963
Partial-Bug: #1760051

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2018-04-17:

#35

Reviewed: https://review.opencontrail.org/41962
Committed: http://github.com/Juniper/contrail-container-builder/commit/52acc1afde1c6440864083865d1539225fe6469a
Submitter: Zuul v3 CI (<email address hidden>)
Branch: master

commit 52acc1afde1c6440864083865d1539225fe6469a
Author: alexey-mr <email address hidden>
Date: Mon Apr 16 18:37:18 2018 +0300

Add ssl cert mount for contrail-status.

Change-Id: Ic7f13c805dff4c929c533500340691ac2b753cee
Depends-On: Id08030a70b859b660ef9843a37256b2326176963
Partial-Bug: #1760051

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2018-04-18: [Review update] master

#36

Review in progress for https://review.opencontrail.org/41937
Submitter: alexey-mr (<email address hidden>)

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2018-04-19: [Review update] R5.0

#42

Review in progress for https://review.opencontrail.org/41956
Submitter: alexey-mr (<email address hidden>)

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2018-04-19: [Review update] master

#43

Review in progress for https://review.opencontrail.org/42200
Submitter: alexey-mr (<email address hidden>)

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2018-04-19: [Review update] R5.0

#44

Review in progress for https://review.opencontrail.org/42201
Submitter: alexey-mr (<email address hidden>)

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2018-04-20:

#45

Review in progress for https://review.opencontrail.org/42201
Submitter: Andrey Pavlov (<email address hidden>)

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2018-04-20: [Review update] master

#46

Review in progress for https://review.opencontrail.org/42200
Submitter: Andrey Pavlov (<email address hidden>)

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2018-04-20:

#47

Review in progress for https://review.opencontrail.org/42239
Submitter: <email address hidden> (<email address hidden>)

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2018-04-20: [Review update] R5.0

#48

Review in progress for https://review.opencontrail.org/42241
Submitter: alexey-mr (<email address hidden>)

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2018-04-20: A change has been merged

#49

Reviewed: https://review.opencontrail.org/42201
Committed: http://github.com/Juniper/contrail-container-builder/commit/e3ffa7ce56416d0c0f45f32d29954e2971033126
Submitter: Zuul v3 CI (<email address hidden>)
Branch: R5.0

commit e3ffa7ce56416d0c0f45f32d29954e2971033126
Author: alexey-mr <email address hidden>
Date: Thu Apr 19 21:07:25 2018 +0300

Support K8S CA

Nodes certificates in case of K8S
are generated by using K8S PKI.

Change-Id: Iaebb449034624681291840a87d7ca22763d0c312
Partial-Bug: #1760051

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2018-04-20:

#50

Reviewed: https://review.opencontrail.org/42200
Committed: http://github.com/Juniper/contrail-container-builder/commit/1464781df965e6ad2e74ab6f272c0d5e6ae95050
Submitter: Zuul v3 CI (<email address hidden>)
Branch: master

commit 1464781df965e6ad2e74ab6f272c0d5e6ae95050
Author: alexey-mr <email address hidden>
Date: Thu Apr 19 21:07:25 2018 +0300

Support K8S CA

Nodes certificates in case of K8S
are generated by using K8S PKI.

Change-Id: Iaebb449034624681291840a87d7ca22763d0c312
Partial-Bug: #1760051

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2018-04-20: [Review update] master

#51

Review in progress for https://review.opencontrail.org/41937
Submitter: Andrey Pavlov (<email address hidden>)

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2018-04-20: A change has been merged

#52

Reviewed: https://review.opencontrail.org/42239
Committed: http://github.com/Juniper/contrail-helm-deployer/commit/c3c10bd95b5b5a0449712c7408d95b9ef5e5c5d5
Submitter: Zuul v3 CI (<email address hidden>)
Branch: master

commit c3c10bd95b5b5a0449712c7408d95b9ef5e5c5d5
Author: Madhukar Nayakbomman <email address hidden>
Date: Thu Apr 19 20:23:18 2018 -0700

Mounting ssl directory to pods

Change-Id: I3836eff0a0fc2b62f54113d7967a1cdc989a36ac
Partial-Bug: #1760051

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2018-04-20:

#53

Reviewed: https://review.opencontrail.org/42241
Committed: http://github.com/Juniper/contrail-helm-deployer/commit/320ddab347661fcf5f4979274581076b87fa8bd8
Submitter: Zuul v3 CI (<email address hidden>)
Branch: R5.0

commit 320ddab347661fcf5f4979274581076b87fa8bd8
Author: Madhukar Nayakbomman <email address hidden>
Date: Thu Apr 19 20:23:18 2018 -0700

Mounting ssl directory to pods

Change-Id: I3836eff0a0fc2b62f54113d7967a1cdc989a36ac
Partial-Bug: #1760051

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2018-04-21: [Review update] master

#54

Review in progress for https://review.opencontrail.org/41937
Submitter: alexey-mr (<email address hidden>)

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2018-04-21:

#57

Review in progress for https://review.opencontrail.org/42369
Submitter: alexey-mr (<email address hidden>)

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2018-04-21: [Review update] R5.0

#58

Review in progress for https://review.opencontrail.org/41956
Submitter: alexey-mr (<email address hidden>)

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2018-04-21:

#59

Review in progress for https://review.opencontrail.org/42370
Submitter: alexey-mr (<email address hidden>)

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2018-04-22: [Review update] master

#60

Review in progress for https://review.opencontrail.org/41937
Submitter: alexey-mr (<email address hidden>)

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2018-04-22: [Review update] R5.0

#61

Review in progress for https://review.opencontrail.org/41956
Submitter: alexey-mr (<email address hidden>)

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2018-04-22: A change has been merged

#62

Reviewed: https://review.opencontrail.org/42369
Committed: http://github.com/Juniper/contrail-container-builder/commit/84207abdd9f070bb0640a12f327f2d7c919e50c7
Submitter: Zuul v3 CI (<email address hidden>)
Branch: master

commit 84207abdd9f070bb0640a12f327f2d7c919e50c7
Author: alexey-mr <email address hidden>
Date: Sat Apr 21 23:43:29 2018 +0300

Use non-empty default for SERVER_CA_KEYFILE

Change-Id: I49763a5151c1dbefe6b511314d4bd3cf8eae24c9
Partial-Bug: #1760051

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2018-04-22: [Review update] master

#63

Review in progress for https://review.opencontrail.org/41937
Submitter: alexey-mr (<email address hidden>)

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2018-04-22: [Review update] R5.0

#64

Review in progress for https://review.opencontrail.org/41956
Submitter: alexey-mr (<email address hidden>)

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2018-04-22: [Review update] master

#65

Review in progress for https://review.opencontrail.org/41937
Submitter: alexey-mr (<email address hidden>)

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2018-04-22: [Review update] R5.0

#66

Review in progress for https://review.opencontrail.org/41956
Submitter: alexey-mr (<email address hidden>)

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2018-04-22: [Review update] master

#67

Review in progress for https://review.opencontrail.org/41937
Submitter: alexey-mr (<email address hidden>)

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2018-04-22: [Review update] R5.0

#68

Review in progress for https://review.opencontrail.org/41956
Submitter: alexey-mr (<email address hidden>)

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2018-04-22: A change has been merged

#69

Reviewed: https://review.opencontrail.org/42370
Committed: http://github.com/Juniper/contrail-container-builder/commit/54e35eaed80588eeb63e07c670a3ff9296ac02ac
Submitter: Zuul v3 CI (<email address hidden>)
Branch: R5.0

commit 54e35eaed80588eeb63e07c670a3ff9296ac02ac
Author: alexey-mr <email address hidden>
Date: Sat Apr 21 23:43:29 2018 +0300

Use non-empty default for SERVER_CA_KEYFILE

Change-Id: I49763a5151c1dbefe6b511314d4bd3cf8eae24c9
Partial-Bug: #1760051

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2018-04-23: [Review update] master

#70

Review in progress for https://review.opencontrail.org/41937
Submitter: alexey-mr (<email address hidden>)

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2018-04-23: [Review update] R5.0

#71

Review in progress for https://review.opencontrail.org/41956
Submitter: alexey-mr (<email address hidden>)

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2018-04-23: A change has been merged

#72

Reviewed: https://review.opencontrail.org/41937
Committed: http://github.com/Juniper/contrail-ansible-deployer/commit/a53c4725b64ca8ab8d84489c03ff81262a3603fa
Submitter: Zuul v3 CI (<email address hidden>)
Branch: master

commit a53c4725b64ca8ab8d84489c03ff81262a3603fa
Author: alexey-mr <email address hidden>
Date: Mon Apr 16 08:43:21 2018 +0300

Generate certs in ansible and copy them on nodes.

Contrail uses CERT_REQUIRES option that force
using valid CA. CA cant be generated on each host
independently.

Change-Id: I0e70333f56989056689c324ae5d49b9346a4c0e6
Partial-Bug: #1760051

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2018-04-23:

#73

Reviewed: https://review.opencontrail.org/41956
Committed: http://github.com/Juniper/contrail-ansible-deployer/commit/d23268da3a739c0baa7a0050d740978b824b2eba
Submitter: Zuul v3 CI (<email address hidden>)
Branch: R5.0

commit d23268da3a739c0baa7a0050d740978b824b2eba
Author: alexey-mr <email address hidden>
Date: Mon Apr 16 08:43:21 2018 +0300

Generate certs in ansible and copy them on nodes.

Contrail uses CERT_REQUIRES option that force
using valid CA. CA cant be generated on each host
independently.

Change-Id: I0e70333f56989056689c324ae5d49b9346a4c0e6
Partial-Bug: #1760051

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.