Can't list the registry-image-list on the system after running the certificate migration playbook
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
StarlingX |
Fix Released
|
Medium
|
Reinildes Oliveira |
Bug Description
Brief Description
-------
"system registry-
Severity
-------
Major
Steps to Reproduce
-------
1)create the following inventory file:
all:
vars:
ica_cert: base64...
ica_key: base64...
children:
target_group:
vars:
dns_domain: starlingx
duration: 2160h # 90d
subject_C: Canada
subject_ST: Ontario
subject_L: Ottawa
subject_O: pvtest
subject_OU: engineering
subject_CN: pvtest.com
# SSH password to connect to all subclouds
# Sudo password
2)run the playbook on the system
ansible-playbook /usr/share/
3)After playbook run is successful, try the following, system is complaining about the RootCA to be installed that signed the ICA
[sysadmin@
Registry certificate signed by an unknown CA. Install a trusted CA with 'system certificate-install -m ssl_ca'
[sysadmin@
Expected Behavior
-------
system registry-image-list should list the images fine
Actual Behavior
-------
system registry-image-list is failing to list the images
Reproducibility
-------
<Reproducible/
100%
System Configuration
-------
DC6 ipv6
BUILD_DATE=
Last Pass
-------
Test Activity
-------
Feature testing
Workaround
-------
manually install the CA that signed the ICA solves the issue
Changed in starlingx: | |
assignee: | nobody → Reinildes Oliveira (rjosemat) |
Changed in starlingx: | |
status: | New → In Progress |
tags: | added: stx.7.0 stx.security |
Changed in starlingx: | |
importance: | Undecided → Medium |
screening: stx.7.0 / medium - issue related to a new certificate migration playbook introduced in stx.7.0