Provisioning fails to find certs while bringing up nova with the following error:- 2018-04-24 10:25:12,661 p=1887 u=root | TASK [nova : Copy ssl certs for metadata if required] ********************************************************************************************************************************************** 2018-04-24 10:25:12,964 p=1887 u=root | An exception occurred during task execution. To see the full traceback, use -vvv. The error was: AnsibleFileNotFound: Could not find or access '/etc/contrail/ssl/nodei19.pem' 2018-04-24 10:25:12,964 p=1887 u=root | failed: [10.204.217.131] (item={u'src': u'/etc/contrail/ssl/nodei19.pem', u'dst': u'/etc/nova/ssl/certs/nova.pem'}) => {"changed": false, "item": {"dst": "/etc/nova/ssl/certs/nova.pem", "src": "/etc/contrail/ssl/nodei19.pem"}, "msg": "Could not find or access '/etc/contrail/ssl/nodei19.pem'"} 2018-04-24 10:25:12,965 p=1887 u=root | An exception occurred during task execution. To see the full traceback, use -vvv. The error was: AnsibleFileNotFound: Could not find or access '/etc/contrail/ssl/nodeg37.pem' 2018-04-24 10:25:12,965 p=1887 u=root | failed: [10.204.217.77] (item={u'src': u'/etc/contrail/ssl/nodeg37.pem', u'dst': u'/etc/nova/ssl/certs/nova.pem'}) => {"changed": false, "item": {"dst": "/etc/nova/ssl/certs/nova.pem", "src": "/etc/contrail/ssl/nodeg37.pem"}, "msg": "Could not find or access '/etc/contrail/ssl/nodeg37.pem'"} 2018-04-24 10:25:12,966 p=1887 u=root | An exception occurred during task execution. To see the full traceback, use -vvv. The error was: AnsibleFileNotFound: Could not find or access '/etc/contrail/ssl/ca-cert.pem' 2018-04-24 10:25:12,966 p=1887 u=root | failed: [10.204.217.131] (item={u'src': u'/etc/contrail/ssl/ca-cert.pem', u'dst': u'/etc/nova/ssl/certs/ca.pem'}) => {"changed": false, "item": {"dst": "/etc/nova/ssl/certs/ca.pem", "src": "/etc/contrail/ssl/ca-cert.pem"}, "msg": "Could not find or access '/etc/contrail/ssl/ca-cert.pem'"} 2018-04-24 10:25:12,967 p=1887 u=root | An exception occurred during task execution. To see the full traceback, use -vvv. The error was: AnsibleFileNotFound: Could not find or access '/etc/contrail/ssl/nodec33.pem' 2018-04-24 10:25:12,967 p=1887 u=root | failed: [10.204.217.168] (item={u'src': u'/etc/contrail/ssl/nodec33.pem', u'dst': u'/etc/nova/ssl/certs/nova.pem'}) => {"changed": false, "item": {"dst": "/etc/nova/ssl/certs/nova.pem", "src": "/etc/contrail/ssl/nodec33.pem"}, "msg": "Could not find or access '/etc/contrail/ssl/nodec33.pem'"} 2018-04-24 10:25:12,968 p=1887 u=root | An exception occurred during task execution. To see the full traceback, use -vvv. The error was: AnsibleFileNotFound: Could not find or access '/etc/contrail/ssl/nodei20.pem' 2018-04-24 10:25:12,968 p=1887 u=root | failed: [10.204.217.132] (item={u'src': u'/etc/contrail/ssl/nodei20.pem', u'dst': u'/etc/nova/ssl/certs/nova.pem'}) => {"changed": false, "item": {"dst": "/etc/nova/ssl/certs/nova.pem", "src": "/etc/contrail/ssl/nodei20.pem"}, "msg": "Could not find or access '/etc/contrail/ssl/nodei20.pem'"} 2018-04-24 10:25:12,978 p=1887 u=root | An exception occurred during task execution. To see the full traceback, use -vvv. The error was: AnsibleFileNotFound: Could not find or access '/etc/contrail/ssl/nodei17.pem' 2018-04-24 10:25:12,979 p=1887 u=root | failed: [10.204.217.129] (item={u'src': u'/etc/contrail/ssl/nodei17.pem', u'dst': u'/etc/nova/ssl/certs/nova.pem'}) => {"changed": false, "item": {"dst": "/etc/nova/ssl/certs/nova.pem", "src": "/etc/contrail/ssl/nodei17.pem"}, "msg": "Could not find or access '/etc/contrail/ssl/nodei17.pem'"} 2018-04-24 10:25:12,980 p=1887 u=root | An exception occurred during task execution. To see the full traceback, use -vvv. The error was: AnsibleFileNotFound: Could not find or access '/etc/contrail/ssl/nodei19-privkey.pem' ************************ ************************ ************************ ************************ In instances.yaml I have set the following parameters:- contrail_configuration: SSL_ENABLE: True METADATA_SSL_ENABLE: True kolla_config: kolla_globals: metadata_ssl_enable: "yes" local_ssl_directory: "/etc/contrail/ssl" ************************ ************************ ************************ On this I only see ca-cert and key copied under the ssl directory and cert.pem and priv key missing [root@nodec28 ~]# ls -la /etc/contrail/ssl/certs/ total 20 drwxr-xr-x 2 root root 4096 Apr 24 12:45 . drwxr-xr-x 4 root root 4096 Apr 24 09:10 .. -rw-r--r-- 1 root root 1948 Apr 24 09:10 ca-cert.pem [root@nodec28 ~]# ls -la /etc/contrail/ssl/private/ total 16 drwx------ 2 root root 4096 Apr 24 12:45 . drwxr-xr-x 4 root root 4096 Apr 24 09:10 .. -rw------- 1 root root 3243 Apr 24 09:10 ca-key.pem [root@nodec28 ~]# the cert and priv key are generated while contrail provisioning and not available to nova while kolla provisioning. ************************ ************************ ************************ Also tried with:- setting kolla_enable_tls_external: "yes" and generating the certs but was not able to solve the issue as this task keeps looking for the certs and fails.