StarlingX

  1. Bug #1990007
  2. Comment #2

Comment 2 for bug 1990007

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to ansible-playbooks (master)

Reviewed: https://review.opendev.org/c/starlingx/ansible-playbooks/+/858207
Committed: https://opendev.org/starlingx/ansible-playbooks/commit/71951ef4063226d9c1db702238bfc4fc0ed581f7
Submitter: "Zuul (22348)"
Branch: master

commit 71951ef4063226d9c1db702238bfc4fc0ed581f7
Author: Rei Oliveira <email address hidden>
Date: Fri Sep 16 14:58:08 2022 -0300

    Fix certificate ssl_ca cert install by dc-orch sync

    This commit fixes an issue where the subcloud's kubernetes root CA
    is installed as a ssl_ca in the subcloud. This is not needed and will
    result in an 'Cannot install certificate with same subject' error when
    dc-orch tries to synchronize it's kubernetes root CA as a ssl_ca
    certificate to the subcloud.

    Test Plan:

    PASS: Run dcmanager subcloud add and verify that no ssl_ca certificates
          with subject 'CN=starlingx' exists in 'system certificate-list'
    PASS: Bootstrap a standalone system and verify that a ssl_ca certificate
          with subject 'CN=starlingx' exists in 'system certificate-list'
    PASS: Manage a subcloud and verify that it's able to synchronize certs
          without the 'Cannot install certificate with same subject' error

    Partial-Bug: 1990007

    Signed-off-by: Rei Oliveira <email address hidden>
    Change-Id: Ia685a9a7db609de5d41e83ec4268d837da9d5010