Memcached TLS certificate is created for fqdns, while the clients connect with IP addresses
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
tripleo |
Fix Released
|
High
|
Unassigned |
Bug Description
Description
===========
Memcached deploys just fine, but the generated config in memcache uses IPs for endpoints instead of FQDNs, so TLS connections to memcache cannot be verified by pymemcache.
Steps to reproduce
==================
Deploy with TLS-Everywhere and Memcached TLS enabled by including the env files:
* tripleo-
* tripleo-
Expected result
===============
Services are able to connect to Memcached
Actual result
=============
Some services using pymemcached fail validating the certificate
Environment
===========
This will need separate patches for the master branch and Train.
The latest release configures certificates in a new way, using requesting them from certmonger via ansible linux-system-roles
Changed in tripleo: | |
importance: | Undecided → High |
Fix proposed to branch: stable/train /review. opendev. org/c/openstack /tripleo- heat-templates/ +/792994
Review: https:/