kolla-ansible

TLS certificates not copied into masakari containers

Series ussuri
Bug #1888655

Bug #1888655 reported by Mark Goddard on 2020-07-23

This bug affects 1 person

	Status	Importance	Assigned to	Milestone
kolla-ansible	Fix Released	Medium	Mark Goddard	kolla-ansible 11.0.0 "victoria"
Ussuri	Fix Committed	Medium	Radosław Piliszek
Victoria	Fix Released	Medium	Mark Goddard	kolla-ansible 11.0.0 "victoria"

Bug Description

From Ussuri, if CA certificates are copied into /etc/kolla/certificates/ca/, these should be copied into all containers. This is not being done for masakari currently.

Additionally, we are not setting the [DEFAULT] nova_ca_certificates_file option in masakari.conf. This depends on masakari bug 1873736 being fixed to work.

Mark Goddard (mgoddard) on 2020-07-23

Changed in kolla-ansible:
importance:	Undecided → Medium

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2020-07-23: Fix proposed to kolla-ansible (master)

Fix proposed to branch: master
Review: https://review.opendev.org/742640

Changed in kolla-ansible:
assignee:	nobody → Mark Goddard (mgoddard)
status:	New → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2020-07-24: Fix merged to kolla-ansible (master)

Reviewed: https://review.opendev.org/742640
Committed: https://git.openstack.org/cgit/openstack/kolla-ansible/commit/?id=0b4c8a3c3d73f5eade2b61730e74e672573ee13b
Submitter: Zuul
Branch: master

commit 0b4c8a3c3d73f5eade2b61730e74e672573ee13b
Author: Mark Goddard <email address hidden>
Date: Fri Jul 17 14:20:22 2020 +0000

Masakari: copy TLS certificates into containers

    From Ussuri, if CA certificates are copied into
    /etc/kolla/certificates/ca/, these should be copied into all containers.
    This is not being done for masakari currently.

    Additionally, we are not setting the [DEFAULT] nova_ca_certificates_file
    option in masakari.conf. This depends on masakari bug 1873736 being
    fixed to work.

This change fixes these issues.

Change-Id: I9a3633f58e5eb734fa32edc03a3022a500761bbb
Closes-Bug: #1888655

Changed in kolla-ansible:
status:	In Progress → Fix Released

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2020-07-24: Fix proposed to kolla-ansible (stable/ussuri)

Fix proposed to branch: stable/ussuri
Review: https://review.opendev.org/742831

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2020-07-24: Fix proposed to kolla-ansible (stable/train)

Fix proposed to branch: stable/train
Review: https://review.opendev.org/742832

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2020-07-24: Change abandoned on kolla-ansible (stable/train)

Change abandoned by Radosław Piliszek (<email address hidden>) on branch: stable/train
Review: https://review.opendev.org/742832
Reason: oopsie, done too quick

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2020-07-24: Fix merged to kolla-ansible (stable/ussuri)

Reviewed: https://review.opendev.org/742831
Committed: https://git.openstack.org/cgit/openstack/kolla-ansible/commit/?id=26f6db900271fadf288a72548cd978291d303211
Submitter: Zuul
Branch: stable/ussuri

commit 26f6db900271fadf288a72548cd978291d303211
Author: Mark Goddard <email address hidden>
Date: Fri Jul 17 14:20:22 2020 +0000

Masakari: copy TLS certificates into containers

    From Ussuri, if CA certificates are copied into
    /etc/kolla/certificates/ca/, these should be copied into all containers.
    This is not being done for masakari currently.

    Additionally, we are not setting the [DEFAULT] nova_ca_certificates_file
    option in masakari.conf. This depends on masakari bug 1873736 being
    fixed to work.

This change fixes these issues.

    Change-Id: I9a3633f58e5eb734fa32edc03a3022a500761bbb
    Closes-Bug: #1888655
    (cherry picked from commit 0b4c8a3c3d73f5eade2b61730e74e672573ee13b)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2021-01-07: Fix included in openstack/kolla-ansible 10.2.0

This issue was fixed in the openstack/kolla-ansible 10.2.0 release.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.