Renewing overcloud SSL certificate fails
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
tripleo |
Fix Released
|
High
|
Juan Antonio Osorio Robles |
Bug Description
Description of problem:
Renewing overcloud SSL certificate fails
How reproducible:
100%
Steps to Reproduce:
1. Deploy SSL enabled overcloud with pacemaker
2. Regenerate SSL certificate/key and update the undercloud system store
3. Deploy overcloud with updated certificate and key
Actual results:
Deployment finishes but certificate validation fails when calling keystone api:
SSL exception connecting to https:/
Expected results:
The keystone api succeeds as the undercloud certificate store has been updated with the new certificate.
Additional info:
After doing pcs resource restart haproxy on one of the controller the connection is successful so it seems we're missing a haproxy reload step when the certificate is updated.
Changed in tripleo: | |
milestone: | none → newton-rc3 |
importance: | Undecided → Critical |
importance: | Critical → High |
status: | New → Triaged |
Fix proposed to branch: master /review. openstack. org/381136
Review: https:/