tripleo

TLS everywhere: Could not evaluate: The certificate wasn't found in the list.

Bug #1760118 reported by Artem Hrechanychenko
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
tripleo
Fix Released
High
Juan Antonio Osorio Robles
tripleo rocky-2

Bug Description

Description
===========
Cannot Deploy Overcloud with TLS everywhere

(undercloud) [stack@undercloud-0 ~]$ cat file |grep "Could not evaluate: The certificate"
            "Error: /Stage[main]/Tripleo::Certmonger::Mysql/Certmonger_certificate[mysql]: Could not evaluate: The certificate 'mysql' wasn't found in the list.",
            "Error: /Stage[main]/Tripleo::Certmonger::Rabbitmq/Certmonger_certificate[rabbitmq]: Could not evaluate: The certificate 'rabbitmq' wasn't found in the list.",
            "Error: /Stage[main]/Tripleo::Certmonger::Redis/Certmonger_certificate[redis]: Could not evaluate: The certificate 'redis' wasn't found in the list.",
            "Error: /Stage[main]/Tripleo::Certmonger::Neutron/Certmonger_certificate[neutron]: Could not evaluate: The certificate 'neutron' wasn't found in the list.",
            "Error: /Stage[main]/Tripleo::Profile::Base::Certmonger_user/Tripleo::Certmonger::Httpd[httpd-ctlplane]/Certmonger_certificate[httpd-ctlplane]: Could not evaluate: The certificate 'httpd-ctlplane' wasn't found in the list.",
            "Error: /Stage[main]/Tripleo::Profile::Base::Certmonger_user/Tripleo::Certmonger::Httpd[httpd-external]/Certmonger_certificate[httpd-external]: Could not evaluate: The certificate 'httpd-external' wasn't found in the list.",
            "Error: /Stage[main]/Tripleo::Profile::Base::Certmonger_user/Tripleo::Certmonger::Httpd[httpd-internal_api]/Certmonger_certificate[httpd-internal_api]: Could not evaluate: The certificate 'httpd-internal_api' wasn't found in the list.",
            "Error: /Stage[main]/Tripleo::Profile::Base::Certmonger_user/Tripleo::Certmonger::Httpd[httpd-management]/Certmonger_certificate[httpd-management]: Could not evaluate: The certificate 'httpd-management' wasn't found in the list.",
            "Error: /Stage[main]/Tripleo::Profile::Base::Certmonger_user/Tripleo::Certmonger::Httpd[httpd-storage]/Certmonger_certificate[httpd-storage]: Could not evaluate: The certificate 'httpd-storage' wasn't found in the list.",
            "Error: /Stage[main]/Tripleo::Profile::Base::Certmonger_user/Tripleo::Certmonger::Httpd[httpd-storage_mgmt]/Certmonger_certificate[httpd-storage_mgmt]: Could not evaluate: The certificate 'httpd-storage_mgmt' wasn't found in the list.",
            "Error: /Stage[main]/Tripleo::Profile::Base::Certmonger_user/Tripleo::Certmonger::Libvirt_vnc[libvirt-vnc-client-cert]/Certmonger_certificate[libvirt-vnc-client-cert]: Could not evaluate: The certificate 'libvirt-vnc-client-cert' wasn't found in the list.",
            "Error: /Stage[main]/Tripleo::Profile::Base::Certmonger_user/Tripleo::Certmonger::Haproxy[haproxy-ctlplane]/Certmonger_certificate[haproxy-ctlplane-cert]: Could not evaluate: The certificate 'haproxy-ctlplane-cert' wasn't found in the list.",
            "Error: /Stage[main]/Tripleo::Profile::Base::Certmonger_user/Tripleo::Certmonger::Haproxy[haproxy-external]/Certmonger_certificate[haproxy-external-cert]: Could not evaluate: The certificate 'haproxy-external-cert' wasn't found in the list.",
            "Error: /Stage[main]/Tripleo::Profile::Base::Certmonger_user/Tripleo::Certmonger::Haproxy[haproxy-internal_api]/Certmonger_certificate[haproxy-internal_api-cert]: Could not evaluate: The certificate 'haproxy-internal_api-cert' wasn't found in the list.",
            "Error: /Stage[main]/Tripleo::Profile::Base::Certmonger_user/Tripleo::Certmonger::Haproxy[haproxy-storage]/Certmonger_certificate[haproxy-storage-cert]: Could not evaluate: The certificate 'haproxy-storage-cert' wasn't found in the list.",
            "Error: /Stage[main]/Tripleo::Profile::Base::Certmonger_user/Tripleo::Certmonger::Haproxy[haproxy-storage_mgmt]/Certmonger_certificate[haproxy-storage_mgmt-cert]: Could not evaluate: The certificate 'haproxy-storage_mgmt-cert' wasn't found in the list.",

Revision history for this message
Artem Hrechanychenko (ahrechan) wrote :
Emilien Macchi (emilienm)
Changed in tripleo:
status: New → Triaged
importance: Undecided → High
milestone: none → rocky-1
Revision history for this message
Juan Antonio Osorio Robles (juan-osorio-robles) wrote :

Artem, is this still an issue? Thought it was fixed already.

Revision history for this message
Juan Antonio Osorio Robles (juan-osorio-robles) wrote :

Can you also give the whole output of the error?

openstack stack failures list --long overcloud

Alex Schultz (alex-schultz)
Changed in tripleo:
milestone: rocky-1 → rocky-2
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to instack-undercloud (master)

Fix proposed to branch: master
Review: https://review.openstack.org/564766

Changed in tripleo:
assignee: nobody → Juan Antonio Osorio Robles (juan-osorio-robles)
status: Triaged → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix proposed to tripleo-heat-templates (master)

Related fix proposed to branch: master
Review: https://review.openstack.org/564803

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix merged to tripleo-heat-templates (master)

Reviewed: https://review.openstack.org/564803
Committed: https://git.openstack.org/cgit/openstack/tripleo-heat-templates/commit/?id=52d4eb503dfe667f1393e1c8dd5aecfd9723f386
Submitter: Zuul
Branch: master

commit 52d4eb503dfe667f1393e1c8dd5aecfd9723f386
Author: Juan Antonio Osorio Robles <email address hidden>
Date: Fri Apr 27 18:15:05 2018 +0300

    Make novajoin vendordata timeout configurable

    It exposes the timeout as a parameter, sets the default to 30, and
    makes it configurable.

    Change-Id: If76475f359a020bf8eab55df7e3f5f674ea2e85d
    Related-Bug: #1760118

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to instack-undercloud (master)

Reviewed: https://review.openstack.org/564766
Committed: https://git.openstack.org/cgit/openstack/instack-undercloud/commit/?id=09f400f3deb6c93661c12ae8a7bd9fba3b464175
Submitter: Zuul
Branch: master

commit 09f400f3deb6c93661c12ae8a7bd9fba3b464175
Author: Juan Antonio Osorio Robles <email address hidden>
Date: Fri Apr 27 16:54:55 2018 +0300

    novajoin: Add higher default timeout for nova vendordata plugins

    The default timeout of 5s has proven to be quite tight and tends to
    fail. So We up the timeout to 30s instead.

    Change-Id: I5717bdaf7bda3c9146aa9d269d0296b74b0ede54
    Closes-Bug: #1760118

Changed in tripleo:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to instack-undercloud (stable/queens)

Fix proposed to branch: stable/queens
Review: https://review.openstack.org/565130

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to instack-undercloud (stable/pike)

Fix proposed to branch: stable/pike
Review: https://review.openstack.org/565139

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to instack-undercloud (stable/queens)

Reviewed: https://review.openstack.org/565130
Committed: https://git.openstack.org/cgit/openstack/instack-undercloud/commit/?id=ec31f34a56ad66b42b33835a56ac0132ef90fe4e
Submitter: Zuul
Branch: stable/queens

commit ec31f34a56ad66b42b33835a56ac0132ef90fe4e
Author: Juan Antonio Osorio Robles <email address hidden>
Date: Fri Apr 27 16:54:55 2018 +0300

    novajoin: Add higher default timeout for nova vendordata plugins

    The default timeout of 5s has proven to be quite tight and tends to
    fail. So We up the timeout to 30s instead.

    Change-Id: I5717bdaf7bda3c9146aa9d269d0296b74b0ede54
    Closes-Bug: #1760118
    (cherry picked from commit 09f400f3deb6c93661c12ae8a7bd9fba3b464175)

tags: added: in-stable-queens
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to instack-undercloud (stable/pike)

Reviewed: https://review.openstack.org/565139
Committed: https://git.openstack.org/cgit/openstack/instack-undercloud/commit/?id=3ecab4a93b8b298958fa3c49b5d9b1ca528e972a
Submitter: Zuul
Branch: stable/pike

commit 3ecab4a93b8b298958fa3c49b5d9b1ca528e972a
Author: Juan Antonio Osorio Robles <email address hidden>
Date: Fri Apr 27 16:54:55 2018 +0300

    novajoin: Add higher default timeout for nova vendordata plugins

    The default timeout of 5s has proven to be quite tight and tends to
    fail. So We up the timeout to 30s instead.

    Change-Id: I5717bdaf7bda3c9146aa9d269d0296b74b0ede54
    Closes-Bug: #1760118
    (cherry picked from commit 09f400f3deb6c93661c12ae8a7bd9fba3b464175)

tags: added: in-stable-pike
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/instack-undercloud 7.4.12

This issue was fixed in the openstack/instack-undercloud 7.4.12 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/instack-undercloud 8.4.2

This issue was fixed in the openstack/instack-undercloud 8.4.2 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/instack-undercloud 9.1.0

This issue was fixed in the openstack/instack-undercloud 9.1.0 release.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.