StarlingX

Not possible to install a new Openstack certificate when "https_enabled=False"

Bug #1952360 reported by João Victor Portal
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
StarlingX
Fix Released
Low
João Victor Portal

Bug Description

Brief Description
-----------------
When trying to install a new Openstack certificate with "https_enabled=False", platform does not complete the certificate installation.

Severity
--------
Minor

Steps to Reproduce
------------------
Ensure your system has the property "https_enabled" set to False using "system show".
Try to install a Openstack certificate in the system: "system certificate-install -m openstack myCertAndKey.pem"

Expected Behavior
------------------
System should be able to install the certificate that will be used later when https_enabled is finally set to True.

Actual Behavior
----------------
System does not install the certificate. If the Openstack application is present, when "https_enabled" is set to True, Openstack reapply will try to use a certificate, but it will fail as it doesn't exist.

Reproducibility
---------------
Reproducible

System Configuration
--------------------
AIO-SX

Branch/Pull Time/Commit
-----------------------
N/A

Last Pass
---------
N/A

Timestamp/Logs
--------------
N/A

Test Activity
-------------
Developer Testing

Workaround
----------
Set https_enabled=True before installing the certificate, although it won't avoid the Openstack reapply from failing.

João Victor Portal (jvictorp)
Changed in starlingx:
assignee: nobody → João Victor Portal (jvictorp)
status: New → In Progress
Ghada Khalil (gkhalil)
tags: added: stx.distro.openstack stx.security
Changed in starlingx:
importance: Undecided → Low
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to config (master)

Reviewed: https://review.opendev.org/c/starlingx/config/+/819381
Committed: https://opendev.org/starlingx/config/commit/adc0556df919f98ab83e6b1ecfd53831d10bf2f8
Submitter: "Zuul (22348)"
Branch: master

commit adc0556df919f98ab83e6b1ecfd53831d10bf2f8
Author: Joao Victor Portal <email address hidden>
Date: Thu Nov 25 19:04:26 2021 -0300

    Allow certificate install when HTTPS is false

    The removal of this limitation is needed to enable HTTPS on Openstack
    without errors when it's already present in the system (avoid app
    reapply errors).

    The limitation was also removed for other certificates besides
    "openstack" and "openstack_ca" because there is no reason to keep this
    limitation.

    The following tests were executed on AIO-SX created from StarlingX dev
    ISO containing the changes in this commit. The installation of
    certificates is done through "system certificate-install" command.

    Test Plan:

    PASS: Successfully install "openstack", "openstack_ca", "ssl_ca",
    "docker_registry" and "ssl" certificates while system attribute
    "https_enabled" is "False", then set "https_enabled" to "True" with no
    errors.
    PASS: Set "https_enabled" to "True" with no errors and then
    successfully install "openstack", "openstack_ca", "ssl_ca",
    "docker_registry" and "ssl" certificates.

    Closes-Bug: 1952360
    Signed-off-by: Joao Victor Portal <email address hidden>
    Change-Id: I9c56e6efa49a981dcc9aacb45e18a231f0747074

Changed in starlingx:
status: In Progress → Fix Released
Ghada Khalil (gkhalil)
tags: added: stx.6.0
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.