StarlingX

Restore failing due to existing certificate

Bug #1987555 reported by Thiago Paiva Brito
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
StarlingX
Fix Released
Low
Thiago Paiva Brito

Bug Description

Brief Description
-----------------
When some problem happens and the restore playbook fails, besides doing the workaround described on [1], the playbook is also failing trying to re-add the ssl_ca certificate that is already on the system.

Severity
--------
Minor: System/Feature is usable with minor issue

Steps to Reproduce
------------------
Try to re-run the restore on a failure after [2]

Expected Behavior
------------------
Restore proceeds to the end

Actual Behavior
----------------
Restore fails at task [bootstrap/persist-config : Wait for certificate install]

Reproducibility
---------------
2/2

System Configuration
--------------------
AIO-SX, but will happen in other configurations

Branch/Pull Time/Commit
-----------------------
2022-08-22

Last Pass
---------
2022-08-10

Timestamp/Logs
--------------
TBD

Test Activity
-------------
Developer Testing

Workaround
----------
Delete the cert manually, do the workaround on [1] and retry restore

[1]https://bugs.launchpad.net/starlingx/+bug/1987536
[2]https://github.com/starlingx/ansible-playbooks/blob/dcf078ce8e8ed3661938e90374f0c7c96212334a/playbookconfig/src/playbooks/roles/bootstrap/persist-config/tasks/main.yml#L338

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to ansible-playbooks (master)

Fix proposed to branch: master
Review: https://review.opendev.org/c/starlingx/ansible-playbooks/+/854444

Changed in starlingx:
status: New → In Progress
Thiago Paiva Brito (outbrito)
Changed in starlingx:
assignee: nobody → Thiago Paiva Brito (outbrito)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to ansible-playbooks (master)

Reviewed: https://review.opendev.org/c/starlingx/ansible-playbooks/+/854444
Committed: https://opendev.org/starlingx/ansible-playbooks/commit/9900eb141b1cde09ee0181b667fc720056dfc3d1
Submitter: "Zuul (22348)"
Branch: master

commit 9900eb141b1cde09ee0181b667fc720056dfc3d1
Author: Thiago Brito <email address hidden>
Date: Wed Aug 24 14:52:16 2022 -0300

    Fix restore rerun failing due to existing cert

    The check for existing certificates was added on [1], but the use case
    for bootstrap during restore wasn't covered on tests. When re-running
    the restore, now we will also remove the previously existing
    certificates so they can be re-added without errors.

    [1] https://github.com/starlingx/ansible-playbooks/commit/6130e999d56b14e56c384f69bc079c78fdb1104c

    TEST PLAN
    PASS restore platform (Debian AIO-SX)
    PASS create new certificate, install, take backup, restore, interrupt
         play, remove .restore_in_progress flag and re-run restore; checked
         that extra certificate is listed on `system certificate-list`

    Closes-Bug: #1987555
    Signed-off-by: Thiago Brito <email address hidden>
    Change-Id: Ic217a5c88ea5c8602d8fc959796c0a687ebe76aa

Changed in starlingx:
status: In Progress → Fix Released
Ghada Khalil (gkhalil)
Changed in starlingx:
importance: Undecided → Low
tags: added: stx.8.0 stx.update
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.