Re-creating root CA on vault causes Horizon services to not function correctly
Bug #1898032 reported by
Diko Parvanov
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Dashboard Charm |
Fix Released
|
High
|
Liam Young | ||
vault-charm |
Invalid
|
Undecided
|
Unassigned |
Bug Description
After a vault generate-root-ca action is performed and a new root CA is issued, all related openstack services certificates are renewed, however testing from some units to, for example, curl keystone API fails with 'SSL certificate problem: unable to get local issuer certificate'.
Either this information is not properly propagated by the relations or not properly handled by the related charms.
Manually fixing this by adding the new ca certificate, run-action get-root-ca on vault and then upload to /usr/loca/
summary: |
- Re-creating root CA on vault causes multiple services to not function + Re-creating root CA on vault causes Horizon services to not function correctly |
Changed in charm-openstack-dashboard: | |
status: | New → Incomplete |
Changed in vault-charm: | |
status: | New → Incomplete |
Changed in vault-charm: | |
status: | Incomplete → Invalid |
Changed in charm-openstack-dashboard: | |
status: | Incomplete → In Progress |
importance: | Undecided → High |
assignee: | nobody → Liam Young (gnuoy) |
Changed in charm-openstack-dashboard: | |
milestone: | none → 21.01 |
Changed in charm-openstack-dashboard: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
Subscribing field high due to the impact on operations as well as handovers and deployments which sometimes need to re-generate certificates.