kolla-ansible

octavia train does not work due to the certificates configuration change

Bug #1862133 reported by Noboru Iwamatsu on 2020-02-06

This bug affects 5 people

	Status	Importance	Assigned to	Milestone
kolla-ansible	Fix Released	High	Dincer Celik	kolla-ansible 10.0.0 "ussuri"
Train	Fix Released	High	Mark Goddard	kolla-ansible 9.1.0 "Train"
Ussuri	Fix Released	High	Dincer Celik	kolla-ansible 10.0.0 "ussuri"

Bug Description

Since Train, octavia certificate configuration has been changed. The new configuration requires 4 pem files, but kolla-ansible only deploy 3 pem files with prior certs configuration.

Octavia Certificate Configuration guide:
https://docs.openstack.org/octavia/latest/admin/guides/certificates.html
Octavia certificates generation scripts in train release:
https://github.com/openstack/octavia/tree/stable/train/bin

Noboru Iwamatsu (rockpine) on 2020-02-06

Changed in kolla-ansible:
assignee:	nobody → Noboru Iwamatsu (rockpine)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2020-02-06: Fix proposed to kolla-ansible (master)

Fix proposed to branch: master
Review: https://review.opendev.org/706203

Changed in kolla-ansible:
status:	New → In Progress

Mark Goddard (mgoddard) on 2020-02-07

Changed in kolla-ansible:
importance:	Undecided → High

Revision history for this message

Nick Jones (yankcrime) wrote on 2020-03-07:

Proposed fix worked for me with the Train release.

OpenStack Infra (hudson-openstack) on 2020-04-28

Changed in kolla-ansible:
assignee:	Noboru Iwamatsu (rockpine) → Mark Goddard (mgoddard)

OpenStack Infra (hudson-openstack) on 2020-04-29

Changed in kolla-ansible:
assignee:	Mark Goddard (mgoddard) → Dincer Celik (osmanlicilegi)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2020-04-29: Fix merged to kolla-ansible (master)

Reviewed: https://review.opendev.org/706203
Committed: https://git.openstack.org/cgit/openstack/kolla-ansible/commit/?id=e84c968ed21764fd8859d369c2aa50bd10ef0937
Submitter: Zuul
Branch: master

commit e84c968ed21764fd8859d369c2aa50bd10ef0937
Author: Noboru Iwamatsu <email address hidden>
Date: Thu Feb 6 18:26:21 2020 +0900

Adapt to Octavia Certificate Configuration Guide.

    This patch updates the octavia controller deployment to use the
    latest octavia certificate configuration guide [1]. The dual CA changes
    were introduced in Train.

[1] https://docs.openstack.org/octavia/latest/admin/guides/certificates.html

Change-Id: If89ec0d631568db70690f1a69d00115c59abe678
Closes-Bug: #1862133

Changed in kolla-ansible:
status:	In Progress → Fix Released

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2020-04-29: Fix proposed to kolla-ansible (stable/train)

Fix proposed to branch: stable/train
Review: https://review.opendev.org/724330

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2020-05-01: Fix merged to kolla-ansible (stable/train)

Reviewed: https://review.opendev.org/724330
Committed: https://git.openstack.org/cgit/openstack/kolla-ansible/commit/?id=92dcaa5d820a411dcd5b5cc8ae3e62580680d860
Submitter: Zuul
Branch: stable/train

commit 92dcaa5d820a411dcd5b5cc8ae3e62580680d860
Author: Noboru Iwamatsu <email address hidden>
Date: Thu Feb 6 18:26:21 2020 +0900

Adapt to Octavia Certificate Configuration Guide.

    This patch updates the octavia controller deployment to use the
    latest octavia certificate configuration guide [1]. The dual CA changes
    were introduced in Train.

[1] https://docs.openstack.org/octavia/latest/admin/guides/certificates.html

    Change-Id: If89ec0d631568db70690f1a69d00115c59abe678
    Closes-Bug: #1862133
    (cherry picked from commit e84c968ed21764fd8859d369c2aa50bd10ef0937)

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.