Debian: DC subcloud deploy fail: system-openldap-local-certificate
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
StarlingX |
Fix Released
|
Medium
|
Andy |
Bug Description
Brief Description
-----------------
DC subclouds fail to deploy in latest load due to:
"failed to create certificate: {\"mode\
system-
Severity
--------
Critical: System/Feature is not usable due to the defect
Steps to Reproduce
------------------
Deploy subcloud using "dcmanager subcloud add"
Expected Behavior
------------------
subcloud successfully deployed.
Actual Behavior
----------------
subcloud unlock failed.
Reproducibility
---------------
100% reproducible
System Configuration
-------
DC system.
Branch/Pull Time/Commit
-------
STX master latest.
Last Pass
---------
Before "Replace nslcd with sssd" commits.
Timestamp/Logs
--------------
sysinv.log:
"failed to create certificate: {\"mode\
system-
Test Activity
-------------
Developer Testing
Workaround
----------
N/A
Changed in starlingx: | |
importance: | Undecided → Medium |
tags: | added: stx.8.0 stx.distcloud stx.security |
tags: | added: stx.debian |
This issue is introduced by the recent "replace nslcd with sssd" commits for https:/ /storyboard. openstack. org/#!/ story/2009834.
openldap certificate secret is not created by bootstrap on subcloud, but ldap sysinv plugin tries to retrieve the certificate from k8s, and the retrieval failed.