tripleo

Etcd user/group is missing in Internal TLS setup for DCN HCI computes

Bug #1887136 reported by Bogdan Dobrelya on 2020-07-10

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	tripleo	Invalid	Medium	Unassigned	tripleo wallaby-3

Bug Description

In TLS DCN HCI setup, when etcd is wanted as DLM for Cinder A/A to be ran on edge sites, there is an issue that puppet fails to configure certmonger:

Error: /Stage[main]/Tripleo::Certmonger::Etcd/File[/etc/pki/tls/certs/etcd.crt]/group: change from 'root' to 'etcd' failed: Could not find group etcd

This is because we do not configure etcd on HCI hosts, but puppet needs etcd user and group to complete the certificates creation. Those certificates will be used with etcd container later.

See original description

Tags:

Bogdan Dobrelya (bogdando) on 2020-07-10

Changed in tripleo:
importance:	Undecided → High
status:	New → Triaged
milestone:	none → victoria-1
tags:	added: edge train-backport-potential ussuri-backport-potential

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2020-07-10: Fix proposed to tripleo-heat-templates (master)

Fix proposed to branch: master
Review: https://review.opendev.org/740421

Changed in tripleo:
assignee:	nobody → Bogdan Dobrelya (bogdando)
status:	Triaged → In Progress

Bogdan Dobrelya (bogdando) on 2020-07-10

description:	updated
description:	updated

Revision history for this message

Alan Bishop (alan-bishop) wrote on 2020-07-10:

Can you point me to an example of this failure? I've never encountered it in my own tests.

Revision history for this message

Bogdan Dobrelya (bogdando) wrote on 2020-07-10:

removed train backport candidate since there is no plans (yet) to backport Cinder A/A with TLS & etcd as DLM into train

tags:

removed: train-backport-potential

Emilien Macchi (emilienm) on 2020-07-28

Changed in tripleo:
milestone:	victoria-1 → victoria-3

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2020-08-13: Change abandoned on tripleo-heat-templates (master)

Change abandoned by Bogdan Dobrelya (bogdando) (<email address hidden>) on branch: master
Review: https://review.opendev.org/740421

Marios Andreou (marios-b) on 2020-11-03

Changed in tripleo:
milestone:	victoria-3 → wallaby-1

Revision history for this message

Bogdan Dobrelya (bogdando) wrote on 2020-11-06:

unsure if this is still relevant

Changed in tripleo:
status:	In Progress → Incomplete
importance:	High → Medium
assignee:	Bogdan Dobrelya (bogdando) → nobody

Marios Andreou (marios-b) on 2020-12-08

Changed in tripleo:
milestone:	wallaby-1 → wallaby-2

Marios Andreou (marios-b) on 2021-01-29

Changed in tripleo:
milestone:	wallaby-2 → wallaby-3

Revision history for this message

Alan Bishop (alan-bishop) wrote on 2021-02-02:

@bogdando, no, I don't believe this is still relevant. A number of tweaks were required in multiple projects to get full containerized etcd to support TLS, and it's working now.

Bogdan Dobrelya (bogdando) on 2021-02-04

Changed in tripleo:
status:	Incomplete → Invalid

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.