kolla-ansible

RabbitMQ precheck fails when kolla_externally_managed_cert

Bug #1999081 reported by Magnus Lööf
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
kolla-ansible
Fix Released
Medium
Magnus Lööf
Xena
Fix Released
Medium
Magnus Lööf
Yoga
Fix Released
Medium
Magnus Lööf
Zed
Fix Released
Medium
Magnus Lööf

Bug Description

When deploying using Xena kolla-ansible==13.6.0, the precheck of RabbitMQ fails when using `kolla_externally_managed_cert`.

Similar to #1940286

Tags: tls
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to kolla-ansible (master)

Fix proposed to branch: master
Review: https://review.opendev.org/c/openstack/kolla-ansible/+/866938

Changed in kolla-ansible:
status: New → In Progress
Magnus Lööf (magnus-loof)
Changed in kolla-ansible:
assignee: nobody → Magnus Lööf (magnus-loof)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to kolla-ansible (master)

Reviewed: https://review.opendev.org/c/openstack/kolla-ansible/+/866938
Committed: https://opendev.org/openstack/kolla-ansible/commit/fdacf9d1d9819f3d9ebe4c2bbdace11b502086a9
Submitter: "Zuul (22348)"
Branch: master

commit fdacf9d1d9819f3d9ebe4c2bbdace11b502086a9
Author: Magnus Lööf <email address hidden>
Date: Wed Dec 7 18:44:12 2022 +0100

    Fix faulty precheck for RabbitMQ

    When using externally managed certificates, according to [1],
    one should set `kolla_externally_managed_cert: yes` and ensure
    that the certificates are in the correct place.

    However, RabbitMQ precheck still expects the certificates to be
    available on the controller node. This is incorrect.

    Fix by not running the tasks in question when `kolla_externally_managed_cert: yes`

    [1] https://docs.openstack.org/kolla-ansible/latest/admin/tls.html

    Closes-Bug: 1999081
    Related-Bug: 1940286
    Signed-off-by: Magnus Lööf <email address hidden>
    Change-Id: I9f845a7bdf5055165e199ab1887ed3ccbfb9d808

Changed in kolla-ansible:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to kolla-ansible (stable/xena)

Fix proposed to branch: stable/xena
Review: https://review.opendev.org/c/openstack/kolla-ansible/+/881319

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to kolla-ansible (stable/zed)

Fix proposed to branch: stable/zed
Review: https://review.opendev.org/c/openstack/kolla-ansible/+/881320

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Change abandoned on kolla-ansible (stable/zed)

Change abandoned by "Magnus Lööf <email address hidden>" on branch: stable/zed
Review: https://review.opendev.org/c/openstack/kolla-ansible/+/881320
Reason: wrong branch

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to kolla-ansible (stable/yoga)

Fix proposed to branch: stable/yoga
Review: https://review.opendev.org/c/openstack/kolla-ansible/+/881321

Maksim Malchuk (mmalchuk)
Changed in kolla-ansible:
importance: Undecided → Medium
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to kolla-ansible (stable/zed)

Reviewed: https://review.opendev.org/c/openstack/kolla-ansible/+/881320
Committed: https://opendev.org/openstack/kolla-ansible/commit/5f01fa1d53919ca84e35d3021729f69779547e04
Submitter: "Zuul (22348)"
Branch: stable/zed

commit 5f01fa1d53919ca84e35d3021729f69779547e04
Author: Magnus Lööf <email address hidden>
Date: Wed Dec 7 18:44:12 2022 +0100

    Fix faulty precheck for RabbitMQ

    When using externally managed certificates, according to [1],
    one should set `kolla_externally_managed_cert: yes` and ensure
    that the certificates are in the correct place.

    However, RabbitMQ precheck still expects the certificates to be
    available on the controller node. This is incorrect.

    Fix by not running the tasks in question when `kolla_externally_managed_cert: yes`

    [1] https://docs.openstack.org/kolla-ansible/latest/admin/tls.html

    Closes-Bug: 1999081
    Related-Bug: 1940286
    Signed-off-by: Magnus Lööf <email address hidden>
    Change-Id: I9f845a7bdf5055165e199ab1887ed3ccbfb9d808
    (cherry picked from commit fdacf9d1d9819f3d9ebe4c2bbdace11b502086a9)

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to kolla-ansible (stable/yoga)

Reviewed: https://review.opendev.org/c/openstack/kolla-ansible/+/881321
Committed: https://opendev.org/openstack/kolla-ansible/commit/ca25ca18e92f6ce2720e83620feb9172e9eb7d1a
Submitter: "Zuul (22348)"
Branch: stable/yoga

commit ca25ca18e92f6ce2720e83620feb9172e9eb7d1a
Author: Magnus Lööf <email address hidden>
Date: Wed Dec 7 18:44:12 2022 +0100

    Fix faulty precheck for RabbitMQ

    When using externally managed certificates, according to [1],
    one should set `kolla_externally_managed_cert: yes` and ensure
    that the certificates are in the correct place.

    However, RabbitMQ precheck still expects the certificates to be
    available on the controller node. This is incorrect.

    Fix by not running the tasks in question when `kolla_externally_managed_cert: yes`

    [1] https://docs.openstack.org/kolla-ansible/latest/admin/tls.html

    Closes-Bug: 1999081
    Related-Bug: 1940286
    Signed-off-by: Magnus Lööf <email address hidden>
    Change-Id: I9f845a7bdf5055165e199ab1887ed3ccbfb9d808
    (cherry picked from commit fdacf9d1d9819f3d9ebe4c2bbdace11b502086a9)

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to kolla-ansible (stable/xena)

Reviewed: https://review.opendev.org/c/openstack/kolla-ansible/+/881319
Committed: https://opendev.org/openstack/kolla-ansible/commit/3252bbf61f437f7729c106594a33e7f7c06f2e8f
Submitter: "Zuul (22348)"
Branch: stable/xena

commit 3252bbf61f437f7729c106594a33e7f7c06f2e8f
Author: Magnus Lööf <email address hidden>
Date: Wed Dec 7 18:44:12 2022 +0100

    Fix faulty precheck for RabbitMQ

    When using externally managed certificates, according to [1],
    one should set `kolla_externally_managed_cert: yes` and ensure
    that the certificates are in the correct place.

    However, RabbitMQ precheck still expects the certificates to be
    available on the controller node. This is incorrect.

    Fix by not running the tasks in question when `kolla_externally_managed_cert: yes`

    [1] https://docs.openstack.org/kolla-ansible/latest/admin/tls.html

    Closes-Bug: 1999081
    Related-Bug: 1940286
    Signed-off-by: Magnus Lööf <email address hidden>
    Change-Id: I9f845a7bdf5055165e199ab1887ed3ccbfb9d808
    (cherry picked from commit fdacf9d1d9819f3d9ebe4c2bbdace11b502086a9)

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/kolla-ansible 16.0.0.0rc1

This issue was fixed in the openstack/kolla-ansible 16.0.0.0rc1 release candidate.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/kolla-ansible 14.9.0

This issue was fixed in the openstack/kolla-ansible 14.9.0 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/kolla-ansible 15.2.0

This issue was fixed in the openstack/kolla-ansible 15.2.0 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/kolla-ansible xena-eol

This issue was fixed in the openstack/kolla-ansible xena-eol release.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.