[Train] [CentOS7] Undercloud jobs puppet task ertmonger_certificate[haproxy-external-cert] fails with Unrecognized parameter or wrong value type

Bug #1915242 reported by yatin
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
tripleo
Fix Released
Critical
Unassigned

Bug Description

puppet apply fails with below:-
Feb 09 12:59:06 undercloud.localdomain puppet-user[47289]: Error: /Stage[main]/Tripleo::Profile::Base::Certmonger_user/Tripleo::Certmonger::Haproxy[haproxy-external]/Certmonger_certificate[haproxy-external-cert]: Failed to call refresh: Execution of '/usr/bin/getcert resubmit -i haproxy-external-cert -f /etc/pki/tls/certs/haproxy/overcloud-haproxy-external.crt -c local -N CN=192.168.24.2 -A 192.168.24.2 -U id-kp-clientAuth -U id-kp-serverAuth -C /usr/bin/certmonger-haproxy-refresh.sh reload external -g 2048 -w' returned 1: Unrecognized parameter or wrong value type.
Feb 09 12:59:06 undercloud.localdomain puppet-user[47289]: Error: /Stage[main]/Tripleo::Profile::Base::Certmonger_user/Tripleo::Certmonger::Haproxy[haproxy-external]/Certmonger_certificate[haproxy-external-cert]: Execution of '/usr/bin/getcert resubmit -i haproxy-external-cert -f /etc/pki/tls/certs/haproxy/overcloud-haproxy-external.crt -c local -N CN=192.168.24.2 -A 192.168.24.2 -U id-kp-clientAuth -U id-kp-serverAuth -C /usr/bin/certmonger-haproxy-refresh.sh reload external -g 2048 -w' returned 1: Unrecognized parameter or wrong value type.
Feb 09 12:59:06 undercloud.localdomain crontab[47920]: (root) LIST (root)
Feb 09 12:59:06 undercloud.localdomain puppet-user[47289]: Notice: /Stage[main]/Tripleo::Certmonger::Ca::Crl/Cron[tripleo-refresh-crl-file]: Dependency Certmonger_certificate[haproxy-external-cert] has failures: true

Example logs:-
https://logserver.rdoproject.org/openstack-periodic-integration-stable3-centos7/opendev.org/openstack/tripleo-ci/master/periodic-tripleo-ci-centos-7-ovb-3ctlr_1comp-featureset001-train/c45bb2e/logs/undercloud/var/log/extra/journal.txt.gz
https://logserver.rdoproject.org/openstack-periodic-integration-stable3-centos7/opendev.org/openstack/tripleo-ci/master/periodic-tripleo-ci-centos-7-undercloud-containers-train/765239c/logs/undercloud/home/zuul/undercloud_install.log.txt.gz

pipeline:- https://review.rdoproject.org/zuul/builds?pipeline=openstack-periodic-integration-stable3-centos7

yatin (yatinkarel)
Changed in tripleo:
status: New → Triaged
importance: Undecided → Critical
Revision history for this message
yatin (yatinkarel) wrote :

https://github.com/saltedsignal/puppet-certmonger/commit/511d5eb93780504200f415d0c49a868c30602033 likely caused the issue and uncovered an i issue caused by https://github.com/saltedsignal/puppet-certmonger/pull/27/commits/bb54dd693241f2fe13ac0f07dc098c961dc0d917 which passed key_size to both request and resubmit calls, should only have to be passed to request call.

Although puppet-certmonger is pinned in RDO to 2.6.0 somehow 2.7.0 commits picked up, need to find why and revert to 2.6.0, and get puppet-certmonger fixed by passing key_size only to request calls.

Revision history for this message
yatin (yatinkarel) wrote :
Revision history for this message
yatin (yatinkarel) wrote :
Revision history for this message
yatin (yatinkarel) wrote :

Jobs are green now with puppet-certmonger-2.6.0. https://review.rdoproject.org/zuul/build/2ac052d56f8345c4a9dbf5ae9c69d5c1

https://github.com/saltedsignal/puppet-certmonger/pull/35 is merged and puppet-certmonger-2.7.1 released, if needed train/ussuri/victoria can be updated to it.

Changed in tripleo:
milestone: wallaby-3 → wallaby-rc1
Changed in tripleo:
milestone: wallaby-rc1 → xena-1
Changed in tripleo:
milestone: xena-1 → xena-2
Changed in tripleo:
milestone: xena-2 → xena-3
Revision history for this message
Ronelle Landy (rlandy) wrote :

closing this out

Changed in tripleo:
status: Triaged → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.