Openstack certificate fails to install if Platform certificate is installed in tpm_mode
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
StarlingX |
Fix Released
|
Medium
|
Teresa Ho |
Bug Description
Openstack certificate fails to install if Platform certificate is installed in tpm_mode
Brief Description
-----------------
Openstack certificate fails to install if Platform certificate is installed in tpm_mode
Severity
--------
Provide the severity of the defect.
Minor: System/Feature is usable with aworkaround
Steps to Reproduce
------------------
Write down the steps to reproduce the issue
1) Move the system to HTTPS
2) Install the platform cert in tpm_mode
3) Go through the procedure to install openstack ssl
3.1 attempt to install the openstack certificate
* Fails with:
[sysadmin@
WARNING: For security reasons, the original certificate,
containing the private key, will be removed,
once the private key is processed.
Certificate server-with-key.pem not installed: No openstack certificates have been added, platform SSL certificate is not installed.
[sysadmin@
+------
| uuid | certtype | expiry_date |
+------
| 779ce724-
| ec2c3a43-
Expected Behavior
------------------
openstack certificate should install successfully
Actual Behavior
----------------
openstack certificate install is rejected due to:
Reproducibility
---------------
100% (3 of 3)
System Configuration
-------
DIO-DX IPv4
Branch/Pull Time/Commit
-------
Wind River Lab: dell-r430-1-2
Load:
BUILD_DATE=
Last Pass
---------
not know
Timestamp/Logs
--------------
2020-08-09_20-23-00
Test Activity
-------------
Security testing
Workaround
----------
1) Move the system to HTTPS
2) Install the platform cert into the filesystem (so no TPM)
3) Go through the procedure to install openstack ssl
4)* Reinstall the platform cert in tpm_mode
stx.5.0 / medium priority - appears to be a gap w/ tpm_mode, but likely not a common use-case