certificate migration shows password problem on "Delete temporary .pem files"
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
StarlingX |
Fix Released
|
Low
|
Marcelo de Castro Loebens |
Bug Description
Brief Description
-----------------
certificate migration ansible shows password problem on "Delete temporary .pem files"
But certificated migrated successfully, meaning it seems not blocks functionality.
Severity
--------
Minor
Steps to Reproduce
------------------
In DC
- Create migration-
- Execute: ansible-playbook /usr/share/
Expected Behavior
------------------
No error.
Actual Behavior
----------------
ansible shows password problem on "Delete temporary .pem files"
Reproducibility
---------------
100%
System Configuration
-------
DC + SX sc.
Branch/Pull Time/Commit
-------
master.
Last Pass
---------
NA.
Timestamp/Logs
--------------
...
TASK [common/
Wednesday 08 November 2023 07:30:11 +0000 (0:00:13.435) 0:03:20.690 ****
ok: [localhost]
TASK [common/
Wednesday 08 November 2023 07:30:11 +0000 (0:00:00.019) 0:03:20.710 ****
failed: [localhost] (item=/
ansible_loop_var: file_item
file_item: /tmp/ca_
module_stderr: |-
sudo: a password is required
module_stdout: ''
msg: |-
MODULE FAILURE
See stdout/stderr for the exact error
rc: 1
failed: [localhost] (item=/
ansible_loop_var: file_item
file_item: /tmp/root_
module_stderr: |-
sudo: a password is required
module_stdout: ''
msg: |-
MODULE FAILURE
See stdout/stderr for the exact error
rc: 1
PLAY RECAP *******
localhost : ok=13 changed=9 unreachable=0 failed=1 skipped=8 rescued=0 ignored=0
subcloud3 : ok=58 changed=49 unreachable=0 failed=0 skipped=40 rescued=0 ignored=0
subcloud4 : ok=58 changed=49 unreachable=0 failed=0 skipped=40 rescued=0 ignored=0
subcloud5 : ok=58 changed=49 unreachable=0 failed=0 skipped=40 rescued=0 ignored=0
Test Activity
-------------
Dev test.
Workaround
----------
Pass 'localhost' in 'target_list' parameter.
Changed in starlingx: | |
assignee: | nobody → Marcelo de Castro Loebens (mdecastr) |
status: | New → In Progress |
Changed in starlingx: | |
importance: | Undecided → Low |
tags: | added: stx.9.0 stx.security |
Reviewed: https:/ /review. opendev. org/c/starlingx /ansible- playbooks/ +/900424 /opendev. org/starlingx/ ansible- playbooks/ commit/ 9b1197cc4cef9dc c85dd7eda639ad4 d7a5da0479
Committed: https:/
Submitter: "Zuul (22348)"
Branch: master
commit 9b1197cc4cef9dc c85dd7eda639ad4 d7a5da0479
Author: Marcelo Loebens <email address hidden>
Date: Wed Nov 8 11:13:10 2023 -0400
Fix privilege issue in platform certificates update
When 'localhost' isn't included in the target_list parameter of platform_ certificates. yml playbook, there is an error at the
update_
end of the execution caused by 'localhost' not being able to escalate
to handle the files used to install the CA certificates as trusted.
This commit includes code to acquire the required variables for
privilege escalation for 'localhost'.
Test Plan: platform_ certificates. yml list=all_ online_ subclouds' .
PASS: In DC w/ SX sc, executed update_
passing 'target_
PASS: In DC w/ SX sc, executed update_ platform_ certificates. yml list=locahost, all_online_ subclouds' .
passing 'target_
Closes-bug: 2047652
Change-Id: I9cc64a0e2e5c55 73ac34cb8e2488b b0b688475d9
Signed-off-by: Marcelo Loebens <email address hidden>