tripleo

quickstart uses deprecated tls options

Bug #1795452 reported by Michele Baldessari on 2018-10-01

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	tripleo	Fix Released	High	Juan Antonio Osorio Robles	tripleo stein-1

Bug Description

In https://github.com/openstack/tripleo-quickstart-extras/blob/master/roles/overcloud-deploy/tasks/pre-deploy.yml#L151 we have the following snippet:
- name: set novajoin/TLS everywhere fact
  set_fact:
      tls_everywhere_args: >-
          -e {{ overcloud_templates_path }}/environments/services/haproxy-public-tls-certmonger.yaml
          -e {{ overcloud_templates_path }}/environments/enable-internal-tls.yaml
          -e {{ overcloud_templates_path }}/environments/tls-everywhere-endpoints-dns.yaml
  when:
    - enable_tls_everywhere|bool
    - release not in ['mitaka', 'liberty', 'newton']

The problem is that those are deprecated via I19bc422c22b9f60f781e696ce703b026dc317786 and do not contain all the right TLS settings to get a working overcloud

Tags:

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2018-10-01: Fix proposed to tripleo-quickstart-extras (master)

Fix proposed to branch: master
Review: https://review.openstack.org/606997

Changed in tripleo:
status:	Triaged → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2018-10-02: Change abandoned on tripleo-quickstart-extras (master)

Change abandoned by Michele Baldessari (<email address hidden>) on branch: master
Review: https://review.openstack.org/606997

Changed in tripleo:
assignee:	Michele Baldessari (michele) → Juan Antonio Osorio Robles (juan-osorio-robles)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2018-10-07: Fix merged to tripleo-quickstart-extras (master)

Reviewed: https://review.openstack.org/602171
Committed: https://git.openstack.org/cgit/openstack/tripleo-quickstart-extras/commit/?id=bf7a2e22df0ff6c21b6621a1e1cf6fffdca6f711
Submitter: Zuul
Branch: master

commit bf7a2e22df0ff6c21b6621a1e1cf6fffdca6f711
Author: Juan Antonio Osorio Robles <email address hidden>
Date: Wed Sep 12 15:22:48 2018 -0600

Use TLS environment files from environments/ssl/

This has been the preferred location for a while, so lets use it
instead.

Closes-Bug: #1795452
Change-Id: I1bfdb6d064f3b10b269dedafd36ca367139fe1df

Changed in tripleo:
status:	In Progress → Fix Released

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-05-14: Fix included in openstack/tripleo-quickstart-extras 2.1.1

This issue was fixed in the openstack/tripleo-quickstart-extras 2.1.1 release.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.