API endpoint SSL does not match the VIP address API unusable
Bug #1758016 reported by
Miguel Angel Ajo
This bug affects 3 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
tripleo |
Expired
|
Wishlist
|
Unassigned |
Bug Description
After a simple deployment with:
bash ./quickstart.sh --teardown all --release master-tripleo-ci --nodes config/
Later in the undercloud I prepare the containers, and then do the deploy.
I end up in:
$ source overcloudrc
$ openstack server list --all
Certificate did not match expected hostname: 10.0.0.8. Certificate: {'subjectAltName': [('IP Address', '10.0.0.5')], 'subject': ((('commonName', u'10.0.0.5'),),)}
Failed to discover available identity versions when contacting https:/
Could not determine a suitable URL for the plugin
no longer affects: | tripleo-quickstart |
Changed in tripleo: | |
status: | New → Triaged |
importance: | Undecided → Medium |
milestone: | none → rocky-1 |
Changed in tripleo: | |
milestone: | rocky-1 → rocky-2 |
Changed in tripleo: | |
milestone: | rocky-2 → rocky-3 |
Changed in tripleo: | |
importance: | Medium → High |
Changed in tripleo: | |
milestone: | rocky-3 → rocky-rc1 |
Changed in tripleo: | |
milestone: | rocky-rc1 → stein-1 |
Changed in tripleo: | |
milestone: | stein-1 → stein-2 |
Changed in tripleo: | |
milestone: | stein-2 → stein-3 |
Changed in tripleo: | |
milestone: | stein-3 → stein-rc1 |
Changed in tripleo: | |
milestone: | stein-rc1 → train-1 |
Changed in tripleo: | |
milestone: | train-1 → train-2 |
Changed in tripleo: | |
milestone: | train-2 → train-3 |
Changed in tripleo: | |
milestone: | train-3 → ussuri-1 |
Changed in tripleo: | |
milestone: | ussuri-1 → ussuri-2 |
Changed in tripleo: | |
milestone: | ussuri-2 → ussuri-3 |
Changed in tripleo: | |
status: | Triaged → Incomplete |
Changed in tripleo: | |
milestone: | ussuri-3 → ussuri-rc3 |
Changed in tripleo: | |
milestone: | ussuri-rc3 → victoria-1 |
Changed in tripleo: | |
milestone: | victoria-1 → victoria-3 |
Changed in tripleo: | |
importance: | High → Wishlist |
Changed in tripleo: | |
milestone: | victoria-3 → wallaby-1 |
Changed in tripleo: | |
milestone: | wallaby-1 → wallaby-2 |
Changed in tripleo: | |
milestone: | wallaby-2 → wallaby-3 |
To post a comment you must log in.
(overcloud) [stack@undercloud ~]$ cat overcloud_ create_ ssl_cert. log overcloud- ca-privkey. pem -out /home/stack/ overcloud- cacert. pem -days 365 -subj '/C=US/ ST=NC/L= Raleigh/ O=Red Hat/OU= OOOQ/CN= overcloud' overcloud- cacert. pem /etc/pki/ ca-trust/ source/ anchors/ server- key.pem -out /home/stack/ server- req.pem -subj '/C=US/ ST=NC/L= Raleigh/ O=Red Hat/OU= OOOQ/CN= 10.0.0. 5' -reqexts subjectAltName -config /dev/fd/63 e]\nsubjectAltN ame=IP: 10.0.0. 5\n[req] req_extensions = v3_req\ ndistinguished_ name=req_ distinguished_ name\n[ req_distinguish ed_name] ' stack/server- key.pem' server- key.pem -out /home/stack/ server- key.pem overcloud- cacert. pem -CAkey /home/stack/ overcloud- ca-privkey. pem -set_serial 01 -out /home/stack/ server- cert.pem -extensions subjectAltName -extfile /dev/fd/63 e]\nsubjectAltN ame=IP: 10.0.0. 5\n[req] req_extensions = v3_req\ ndistinguished_ name=req_ distinguished_ name\n[ req_distinguish ed_name] ' /C=US/ST= NC/L=Raleigh/ O=Red Hat/OU= OOOQ/CN= 10.0.0. 5
2018-03-21 14:25:05 | + openssl genrsa 2048
2018-03-21 14:25:05 | + openssl req -new -x509 -key /home/stack/
2018-03-21 14:25:05 | + sudo cp /home/stack/
2018-03-21 14:25:05 | + sudo update-ca-trust extract
2018-03-21 14:25:06 | + openssl req -newkey rsa:2048 -days 365 -nodes -keyout /home/stack/
2018-03-21 14:25:06 | ++ printf '[subjectAltNam
2018-03-21 14:25:06 | Generating a 2048 bit RSA private key
2018-03-21 14:25:06 | ...........+++
2018-03-21 14:25:06 | ..............+++
2018-03-21 14:25:06 | writing new private key to '/home/
2018-03-21 14:25:06 | -----
2018-03-21 14:25:06 | + openssl rsa -in /home/stack/
2018-03-21 14:25:06 | writing RSA key
2018-03-21 14:25:06 | + openssl x509 -req -in server-req.pem -days 365 -CA /home/stack/
2018-03-21 14:25:06 | ++ printf '[subjectAltNam
2018-03-21 14:25:06 | Signature ok
2018-03-21 14:25:06 | subject=
2018-03-21 14:25:06 | Getting CA Private Key
The IP of the cert generation doesn't match the IP address of the VIP