StarlingX

bootstrap replay omits changes to user provided etcd CA cert

Bug #1949209 reported by Michel Thebeau [WIND]
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
StarlingX
Fix Released
Low
João Victor Portal

Bug Description

Brief Description
-----------------
Following the split of etcd CA cert from kubernetes, a user provided etcd CA can be added to bootstrap localhost.yml overrides. But replay of the bootstrap playbook for this option is not working.

Severity
--------
Minor: System/Feature is usable with minor issue, workaround available

Steps to Reproduce
------------------
Bootstrap without user provided etcd CA cert in localhost.yml. After successful bootstrap, add the following (example) options to localhost.yml and then replay the bootstrap playbook:

etcd_root_ca_key: /home/sysadmin/my-root-ca-key.pem
etcd_root_ca_cert: /home/sysadmin/my-root-ca-cert.pem

Expected Behavior
------------------
When replaying ansible bootstrap a change of user provided etcd CA should be applied.

Actual Behavior
----------------
When replaying ansible bootstrap with a change to user provided CA cert, the bootstrap code omits the change if there is not also a change to other networking parameters.

Reproducibility
---------------
Reproducible, when replaying and bootstrap parameters do not include other network changes.

System Configuration
--------------------
Any

Branch/Pull Time/Commit
-----------------------
StarlingX master branch, Oct 26, 2021

Last Pass
---------
N/A

Timestamp/Logs
--------------
N/A

Test Activity
-------------
Feature test of user provided etcd CA cert

Workaround
----------
Re-install the iso to make changes to bootstrap when user provided etcd CA is to be used.

Michel Thebeau [WIND] (mthebeau)
Changed in starlingx:
assignee: nobody → Michel Thebeau [WIND] (mthebeau)
Revision history for this message
Ghada Khalil (gkhalil) wrote :

minor / low priority - issue related to https://storyboard.openstack.org/#!/story/2008833

Changed in starlingx:
importance: Undecided → Low
status: New → Triaged
tags: added: stx.config
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to ansible-playbooks (master)

Fix proposed to branch: master
Review: https://review.opendev.org/c/starlingx/ansible-playbooks/+/817643

Changed in starlingx:
status: Triaged → In Progress
João Victor Portal (jvictorp)
Changed in starlingx:
assignee: Michel Thebeau [WIND] (mthebeau) → João Victor Portal (jvictorp)
Ghada Khalil (gkhalil)
tags: added: stx.security
tags: added: stx.6.0
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to ansible-playbooks (master)

Reviewed: https://review.opendev.org/c/starlingx/ansible-playbooks/+/817643
Committed: https://opendev.org/starlingx/ansible-playbooks/commit/eb784fae2830fbe4fefbdf9c0d9c177ddfca3d0f
Submitter: "Zuul (22348)"
Branch: master

commit eb784fae2830fbe4fefbdf9c0d9c177ddfca3d0f
Author: Joao Victor Portal <email address hidden>
Date: Thu Nov 11 16:55:52 2021 -0300

    Reconfigure ETCD when root CA filenames change

    This change adds support to reconfigure, in a bootstrap replay, the ETCD
    when the root CA filenames change.

    Test Plan:

    PASS: Create an AIO-SX using a new ISO created with this change, run
    bootstrap successfully, then run it again with a different root CA files
    and check that the ETCD certs are correctly generated.

    Closes-Bug: 1949209
    Signed-off-by: Joao Victor Portal <email address hidden>
    Change-Id: Icc7152185e4c4d0440c8f05ffe7cf9dc78f3795b

Changed in starlingx:
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.