StarlingX

Unable to install server certificate PEM file in Docker registry mode

Bug #1838121 reported by Yosief Gebremariam
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
StarlingX
Fix Released
High
Jerry Sun

Bug Description

Brief Description
-----------------
Created a server certificate pem file, server-with-key_cw.pem, with OAM floating IP as common address.
Attempted to install the new server certificate pem file in docker registry mode, but failed with the following error:

WARNING: For security reasons, the original certificate,
containing the private key, will be removed,
once the private key is processed.
Certificate server-with-key_cw.pem not installed: Expecting value: line 1 column 1 (char 0)

Severity
--------
Major

Steps to Reproduce
------------------
- Install Multi-node system
- Create a server certificate PEM file with OAM floating IP as common address.
- Install the server certificate pem file, created in above step, in docker registry mode

Expected Behavior
------------------
- Server certificate installs

Actual Behavior
----------------
- The server certificate install fails

Reproducibility
---------------
Reproducible

System Configuration
--------------------
Multi-node system

Lab-name: WCP_92_98

Branch/Pull Time/Commit
-----------------------
stx master as of 20190725T013000Z

Last Pass
---------
2019-03-18 23:30:00 +0000

Timestamp/Logs
--------------

[sysadmin@controller-1 ~(keystone_admin)]$ system certificate-install -m docker_registry server-with-key_cw.pem
WARNING: For security reasons, the original certificate,
containing the private key, will be removed,
once the private key is processed.
Certificate server-with-key_cw.pem not installed: Expecting value: line 1 column 1 (char 0)

/var/log/sysinv.log

2019-07-26 20:36:05.676 219069 ERROR sysinv.openstack.common.rpc.common [req-bc32bd5f-e1e4-45e9-8760-785ba69c6814 admin admin] ['Traceback (most recent call last):\n', ' File "/usr/lib64/python2.7/site-packages/sysinv/openstack/common/rpc/amqp.py", line 438, in _process_data\n **args)\n', ' File "/usr/lib64/python2.7/site-packages/sysinv/openstack/common/rpc/dispatcher.py", line 172, in dispatch\n result = getattr(proxyobj, method)(ctxt, **kwargs)\n', ' File "/usr/lib64/python2.7/site-packages/sysinv/conductor/manager.py", line 9829, in config_certificate\n registry_full_address = self._get_registry_floating_address() + ":" + helm_common.REGISTRY_PORT\n', "AttributeError: 'module' object has no attribute 'REGISTRY_PORT'\n"]
2019-07-26 20:36:05.680 220204 INFO sysinv.api.controllers.v1.certificate [-] Exception occured e='module' object has no attribute 'REGISTRY_PORT'
Traceback (most recent call last):

  File "/usr/lib64/python2.7/site-packages/sysinv/openstack/common/rpc/amqp.py", line 438, in _process_data
    **args)

  File "/usr/lib64/python2.7/site-packages/sysinv/openstack/common/rpc/dispatcher.py", line 172, in dispatch
    result = getattr(proxyobj, method)(ctxt, **kwargs)

  File "/usr/lib64/python2.7/site-packages/sysinv/conductor/manager.py", line 9829, in config_certificate
    registry_full_address = self._get_registry_floating_address() + ":" + helm_common.REGISTRY_PORT

AttributeError: 'module' object has no attribute 'REGISTRY_PORT'
2019-07-26 20:36:14.226 13692 INFO sysinv.agent.manager [req-bc32bd5f-e1e4-45e9-8760-785ba69c6814 admin admin] Runtime manifest apply completed for classes [u'platform::dockerdistribution::runtime'].

Test Activity
-------------
 Regression Testing - Attempting to verify docker registry with new server certificate created for user admin.

Yosief Gebremariam (ygebrema)
summary: - Unable to install server certificate PEM file with Docker registry mode
+ Unable to install server certificate PEM file in Docker registry mode
Numan Waheed (nwaheed)
tags: added: stx.retestneeded
Revision history for this message
Ghada Khalil (gkhalil) wrote :

Marking as stx.2.0 release gating / high priority as this is a supported feature that appears to have been broken since the initial introduction of this capability.

Changed in starlingx:
status: New → Triaged
importance: Undecided → High
assignee: nobody → Jerry Sun (jerry-sun-u)
tags: added: stx.2.0 stx.containers stx.security
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to config (master)

Fix proposed to branch: master
Review: https://review.opendev.org/673575

Changed in starlingx:
status: Triaged → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to config (master)

Reviewed: https://review.opendev.org/673575
Committed: https://git.openstack.org/cgit/starlingx/config/commit/?id=c906d244ef8ce8bb87bb00b8211dbefad2dade68
Submitter: Zuul
Branch: master

commit c906d244ef8ce8bb87bb00b8211dbefad2dade68
Author: Jerry Sun <email address hidden>
Date: Tue Jul 30 12:12:54 2019 -0400

    Incorrect reference to Registry port

    Constant for Docker registry port was removed from helm common.
    This commit makes it use the constant from sysinv common instead.
    The path in /etc/docker/certs.d also needed to be changed to use
    registry.local instead of the management floating address.

    Closes-Bug: 1838121

    Change-Id: I18f51734a0738c753209102a9ff57635b31bf30f
    Signed-off-by: Jerry Sun <email address hidden>

Changed in starlingx:
status: In Progress → Fix Released
Ghada Khalil (gkhalil)
tags: added: stx.config
Revision history for this message
Anujeyan Manokeran (anujeyan) wrote :

Verified in load 2019-08-19 09:42:58 -0500 .

tags: removed: stx.retestneeded
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.