tripleo

[Train] [CentOS7] Undercloud jobs puppet task ertmonger_certificate[haproxy-external-cert] fails with Unrecognized parameter or wrong value type

Bug #1915242 reported by yatin on 2021-02-10

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	tripleo	Fix Released	Critical	Unassigned	tripleo xena-3

Bug Description

puppet apply fails with below:-
Feb 09 12:59:06 undercloud.localdomain puppet-user[47289]: Error: /Stage[main]/Tripleo::Profile::Base::Certmonger_user/Tripleo::Certmonger::Haproxy[haproxy-external]/Certmonger_certificate[haproxy-external-cert]: Failed to call refresh: Execution of '/usr/bin/getcert resubmit -i haproxy-external-cert -f /etc/pki/tls/certs/haproxy/overcloud-haproxy-external.crt -c local -N CN=192.168.24.2 -A 192.168.24.2 -U id-kp-clientAuth -U id-kp-serverAuth -C /usr/bin/certmonger-haproxy-refresh.sh reload external -g 2048 -w' returned 1: Unrecognized parameter or wrong value type.
Feb 09 12:59:06 undercloud.localdomain puppet-user[47289]: Error: /Stage[main]/Tripleo::Profile::Base::Certmonger_user/Tripleo::Certmonger::Haproxy[haproxy-external]/Certmonger_certificate[haproxy-external-cert]: Execution of '/usr/bin/getcert resubmit -i haproxy-external-cert -f /etc/pki/tls/certs/haproxy/overcloud-haproxy-external.crt -c local -N CN=192.168.24.2 -A 192.168.24.2 -U id-kp-clientAuth -U id-kp-serverAuth -C /usr/bin/certmonger-haproxy-refresh.sh reload external -g 2048 -w' returned 1: Unrecognized parameter or wrong value type.
Feb 09 12:59:06 undercloud.localdomain crontab[47920]: (root) LIST (root)
Feb 09 12:59:06 undercloud.localdomain puppet-user[47289]: Notice: /Stage[main]/Tripleo::Certmonger::Ca::Crl/Cron[tripleo-refresh-crl-file]: Dependency Certmonger_certificate[haproxy-external-cert] has failures: true

Example logs:-
https://logserver.rdoproject.org/openstack-periodic-integration-stable3-centos7/opendev.org/openstack/tripleo-ci/master/periodic-tripleo-ci-centos-7-ovb-3ctlr_1comp-featureset001-train/c45bb2e/logs/undercloud/var/log/extra/journal.txt.gz
https://logserver.rdoproject.org/openstack-periodic-integration-stable3-centos7/opendev.org/openstack/tripleo-ci/master/periodic-tripleo-ci-centos-7-undercloud-containers-train/765239c/logs/undercloud/home/zuul/undercloud_install.log.txt.gz

pipeline:- https://review.rdoproject.org/zuul/builds?pipeline=openstack-periodic-integration-stable3-centos7

Tags:

yatin (yatinkarel) on 2021-02-10

Changed in tripleo:
status:	New → Triaged
importance:	Undecided → Critical

Revision history for this message

yatin (yatinkarel) wrote on 2021-02-10:

https://github.com/saltedsignal/puppet-certmonger/commit/511d5eb93780504200f415d0c49a868c30602033 likely caused the issue and uncovered an i issue caused by https://github.com/saltedsignal/puppet-certmonger/pull/27/commits/bb54dd693241f2fe13ac0f07dc098c961dc0d917 which passed key_size to both request and resubmit calls, should only have to be passed to request call.

Although puppet-certmonger is pinned in RDO to 2.6.0 somehow 2.7.0 commits picked up, need to find why and revert to 2.6.0, and get puppet-certmonger fixed by passing key_size only to request calls.

Revision history for this message

yatin (yatinkarel) wrote on 2021-02-10:

https://review.rdoproject.org/r/31932 will fix pinning issue.

Revision history for this message

yatin (yatinkarel) wrote on 2021-02-10:

Sent PR to puppet-certmonger:- https://github.com/saltedsignal/puppet-certmonger/pull/35

Revision history for this message

yatin (yatinkarel) wrote on 2021-02-12:

Jobs are green now with puppet-certmonger-2.6.0. https://review.rdoproject.org/zuul/build/2ac052d56f8345c4a9dbf5ae9c69d5c1

https://github.com/saltedsignal/puppet-certmonger/pull/35 is merged and puppet-certmonger-2.7.1 released, if needed train/ussuri/victoria can be updated to it.

Marios Andreou (marios-b) on 2021-03-17

Changed in tripleo:
milestone:	wallaby-3 → wallaby-rc1

Marios Andreou (marios-b) on 2021-05-06

Changed in tripleo:
milestone:	wallaby-rc1 → xena-1

Marios Andreou (marios-b) on 2021-06-22

Changed in tripleo:
milestone:	xena-1 → xena-2

Marios Andreou (marios-b) on 2021-07-21

Changed in tripleo:
milestone:	xena-2 → xena-3

Revision history for this message

Ronelle Landy (rlandy) wrote on 2021-10-20:

closing this out

Changed in tripleo:
status:	Triaged → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.