OpenStack-Ansible

Add defaults for horizon ssl certs into upgrade.sh

Bug #1488578 reported by Bjoern
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack-Ansible
Invalid
Low
Major Hayden
Kilo
Fix Released
Low
Major Hayden
OpenStack-Ansible 11.2.10

Bug Description

Due to https://bugs.launchpad.net/openstack-ansible/+bug/1477273 we have changed the default values.
To prevent a regeneration of certs during upgrade those old values are expected to be manually set inside the user_variables.
Please add the default values automatically, if not set, into the user_variables.yml prior to running the playbooks inside the upgrade.sh script :

horizon_ssl_cert: /etc/ssl/certs/apache.cert
horizon_ssl_key: /etc/ssl/private/apache.key
horizon_ssl_cert_path: /etc/ssl/certs

Tags: in-kilo
Kevin Carter (kevin-carter)
Changed in openstack-ansible:
status: New → Confirmed
importance: Undecided → Low
assignee: nobody → RPC Documentation (rpcdocs)
Revision history for this message
Jesse Pretorius (jesse-pretorius) wrote :

A deployer may set these variables prior to executing an upgrade if this is desired. The upgrade script should not make this deployer decision. If these variables are not set then new certs will be generated which, IMO, is not a bad thing for self-signed certs.

Revision history for this message
Kevin Carter (kevin-carter) wrote :

can we better document these variables such that its clearer that certs will be regenerated if these values are not automatically set during a juno > kilo upgrade?

Revision history for this message
Karin Levenstein (karin-levenstein) wrote :

I believe the fix needs to happen here:
https://github.com/rpcdocs/rpcdocs/blob/master/rpc-ops/src/docbkx/ch-upgrade.xml#L210

Human-readable version:
http://docs-internal.rackspace.com/rpc/api/v11/bk-rpc-releasenotes/content/upgrade-v10-v11-prereq.html

Revision history for this message
Bjoern (bjoern-t) wrote :

Yes correct. I also believe we have a different bug open to move the

nova-manage db null_instance_uuid_scan

command to the post install section, or removing it entirely ?

Revision history for this message
Robb Romans (rromans) wrote :

working on the doc fix

Major Hayden (rackerhacker)
Changed in openstack-ansible:
assignee: RPC Documentation (rpcdocs) → Major Hayden (rackerhacker)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to openstack-ansible (kilo)

Fix proposed to branch: kilo
Review: https://review.openstack.org/278512

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to openstack-ansible (kilo)

Reviewed: https://review.openstack.org/278512
Committed: https://git.openstack.org/cgit/openstack/openstack-ansible/commit/?id=0eb37d2aaee76b176f7c339991d35ae2ef08d9b9
Submitter: Jenkins
Branch: kilo

commit 0eb37d2aaee76b176f7c339991d35ae2ef08d9b9
Author: Major Hayden <email address hidden>
Date: Fri Feb 12 07:41:33 2016 -0600

    Docs: Horizon ssl config for Kilo

    Closes-bug: 1488578

    Change-Id: Ida3dc3a6d2b589e6c0ff9f268fda77c0b436113a

tags: added: in-kilo
Jesse Pretorius (jesse-pretorius)
Changed in openstack-ansible:
status: Confirmed → Invalid
Revision history for this message
Davanum Srinivas (DIMS) (dims-v) wrote : Fix included in openstack/openstack-ansible 11.2.14

This issue was fixed in the openstack/openstack-ansible 11.2.14 release.

Revision history for this message
Doug Hellmann (doug-hellmann) wrote : Fix included in openstack/openstack-ansible 11.2.15

This issue was fixed in the openstack/openstack-ansible 11.2.15 release.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.