kolla

Ubuntu: ldaps connections failing from keystone after upgrade to zed

Series zed
Bug #2009484

Bug #2009484 reported by Dr. Jens Harbott on 2023-03-06

This bug affects 1 person

	Status	Importance	Assigned to
kolla	Fix Released	Medium	Rafal Lewandowski
Antelope	Fix Released	Medium	Rafal Lewandowski
Zed	Fix Released	Undecided	Rafal Lewandowski

Bug Description

After upgrading from yoga to zed, connections from keystone to a ldaps:// backend are failing with a certificate validation error. Investigation shows that the libldap-common package, which contains /etc/ldap/ldap.conf which in contains the relevant configuration

# TLS certificates (needed for GnuTLS)
TLS_CACERT /etc/ssl/certs/ca-certificates.crt

has been demoted from a depends: to a recommends: status for libldap in 22.04. The solution would be to explicitly install libldap-common into the keystone container.

Michal Nasiadka (mnasiadka) on 2023-03-28

Changed in kolla:
importance:	Undecided → Medium
status:	New → Triaged

Rafal Lewandowski (ravlew) on 2023-03-28

Changed in kolla:
assignee:	nobody → Rafal Lewandowski (ravlew)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2023-03-29: Fix proposed to kolla (master)

Fix proposed to branch: master
Review: https://review.opendev.org/c/openstack/kolla/+/878825

Changed in kolla:
status:	Triaged → In Progress

Revision history for this message

Dr. Jens Harbott (j-harbott) wrote on 2023-03-29:

Are you sure about the affected branches? From what I saw, this only affects 22.04, i.e. Zed and newer.

Bartosz Bezak (bbezak) on 2023-03-29

no longer affects:	kolla/yoga
no longer affects:	kolla/xena
no longer affects:	kolla/wallaby

Revision history for this message

Rafal Lewandowski (ravlew) wrote on 2023-03-29:

@j-harbott thanks for pointing that out

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2023-03-30: Fix merged to kolla (master)

Reviewed: https://review.opendev.org/c/openstack/kolla/+/878825
Committed: https://opendev.org/openstack/kolla/commit/2050aa35dbd074610adee5611194fde280cfea20
Submitter: "Zuul (22348)"
Branch: master

commit 2050aa35dbd074610adee5611194fde280cfea20
Author: Rafal Lewandowski <email address hidden>
Date: Wed Mar 29 11:44:58 2023 +0200

keystone: Fix for missing libldap-common package for debian

Closes-Bug: #2009484
Change-Id: I01578289e65010748bfaf6d6b81861764aa62368

Changed in kolla:
status:	In Progress → Fix Released

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2023-04-04: Fix proposed to kolla (stable/zed)

Fix proposed to branch: stable/zed
Review: https://review.opendev.org/c/openstack/kolla/+/879396

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2023-04-04: Fix merged to kolla (stable/zed)

Reviewed: https://review.opendev.org/c/openstack/kolla/+/879396
Committed: https://opendev.org/openstack/kolla/commit/b2296aa5c0ad7ed80a7795b262fa65a0c170cbb2
Submitter: "Zuul (22348)"
Branch: stable/zed

commit b2296aa5c0ad7ed80a7795b262fa65a0c170cbb2
Author: Rafal Lewandowski <email address hidden>
Date: Wed Mar 29 11:44:58 2023 +0200

keystone: Fix for missing libldap-common package for debian

    Closes-Bug: #2009484
    Change-Id: I01578289e65010748bfaf6d6b81861764aa62368
    (cherry picked from commit 2050aa35dbd074610adee5611194fde280cfea20)