tripleo

Enabling SSL on overcloud endpoints fails on containerized overcloud

Bug #1759797 reported by Juan Antonio Osorio Robles
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
tripleo
Fix Released
High
Juan Antonio Osorio Robles
tripleo rocky-1

Bug Description

Updating a non-TLS overcloud to one that uses TLS doesn't work. This is due to pacemaker not updating the bind-mounts for the container.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to tripleo-heat-templates (master)

Fix proposed to branch: master
Review: https://review.openstack.org/557653

Changed in tripleo:
assignee: nobody → Juan Antonio Osorio Robles (juan-osorio-robles)
status: New → In Progress
Emilien Macchi (emilienm)
Changed in tripleo:
importance: Undecided → High
milestone: none → rocky-1
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to tripleo-heat-templates (master)

Reviewed: https://review.openstack.org/557653
Committed: https://git.openstack.org/cgit/openstack/tripleo-heat-templates/commit/?id=8b85faf7e66a49977f7fd18512e1534488ca4f07
Submitter: Zuul
Branch: master

commit 8b85faf7e66a49977f7fd18512e1534488ca4f07
Author: Juan Antonio Osorio Robles <email address hidden>
Date: Thu Mar 29 08:52:59 2018 +0000

    Mount the public TLS certificate for HAProxy on up(date|grade) on pacemaker

    As part of the minor update workflow and the update workflow, this changes
    the pacemaker haproxy bundle resource to add the needed mount for public
    TLS to work.

    This also handles the reloading of the container to fetch any new certificates
    and if needed, it will restart the pacemaker resource (for upgrades), since
    we would need pacemaker to re-create the resource.

    Change-Id: I850f4de17e7f7e3b46deb27119227ef76658dcb5
    Closes-Bug: #1759797

Changed in tripleo:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to tripleo-heat-templates (stable/queens)

Fix proposed to branch: stable/queens
Review: https://review.openstack.org/560322

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to tripleo-heat-templates (stable/queens)

Reviewed: https://review.openstack.org/560322
Committed: https://git.openstack.org/cgit/openstack/tripleo-heat-templates/commit/?id=9e7417b267fb6db2b974b07ffac3904d6e8164d6
Submitter: Zuul
Branch: stable/queens

commit 9e7417b267fb6db2b974b07ffac3904d6e8164d6
Author: Juan Antonio Osorio Robles <email address hidden>
Date: Thu Mar 29 08:52:59 2018 +0000

    Mount the public TLS certificate for HAProxy on up(date|grade) on pacemaker

    As part of the minor update workflow and the update workflow, this changes
    the pacemaker haproxy bundle resource to add the needed mount for public
    TLS to work.

    This also handles the reloading of the container to fetch any new certificates
    and if needed, it will restart the pacemaker resource (for upgrades), since
    we would need pacemaker to re-create the resource.

    Change-Id: I850f4de17e7f7e3b46deb27119227ef76658dcb5
    Closes-Bug: #1759797
    (cherry picked from commit 8b85faf7e66a49977f7fd18512e1534488ca4f07)

tags: added: in-stable-queens
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/tripleo-heat-templates 9.0.0.0b2

This issue was fixed in the openstack/tripleo-heat-templates 9.0.0.0b2 development milestone.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/tripleo-heat-templates 8.0.2

This issue was fixed in the openstack/tripleo-heat-templates 8.0.2 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to tripleo-heat-templates (stable/pike)

Fix proposed to branch: stable/pike
Review: https://review.openstack.org/617701

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to tripleo-heat-templates (stable/pike)

Reviewed: https://review.openstack.org/617701
Committed: https://git.openstack.org/cgit/openstack/tripleo-heat-templates/commit/?id=5b7fd457885fec89d0fd731b9e42034868565c96
Submitter: Zuul
Branch: stable/pike

commit 5b7fd457885fec89d0fd731b9e42034868565c96
Author: Juan Antonio Osorio Robles <email address hidden>
Date: Thu Mar 29 08:52:59 2018 +0000

    Mount the public TLS certificate for HAProxy on up(date|grade) on pacemaker

    As part of the minor update workflow and the update workflow, this changes
    the pacemaker haproxy bundle resource to add the needed mount for public
    TLS to work.

    This also handles the reloading of the container to fetch any new certificates
    and if needed, it will restart the pacemaker resource (for upgrades), since
    we would need pacemaker to re-create the resource.

    Change-Id: I850f4de17e7f7e3b46deb27119227ef76658dcb5
    Closes-Bug: #1759797
    (cherry picked from commit 8b85faf7e66a49977f7fd18512e1534488ca4f07)

tags: added: in-stable-pike
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/tripleo-heat-templates 7.0.18

This issue was fixed in the openstack/tripleo-heat-templates 7.0.18 release.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.