Compute node deployment fails in OVB all TLS job

Bug #1816465 reported by Sagi (Sergey) Shnaidman on 2019-02-18
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Juan Antonio Osorio Robles

Bug Description

when running OVB all TLS job (featureset039) compute node deployment fails:

Warning: Could not get certificate: Execution of '/usr/bin/getcert request -I neutron -f /etc/pki/tls/certs/neutron.crt -c IPA -N -K neutron/ -D -C /usr/bin/ -w -k /etc/pki/tls/private/neutron.key' returned 2: New signing request \"neutron\" added.",
        "Error: /Stage[main]/Tripleo::Certmonger::Neutron/Certmonger_certificate[neutron]: Could not evaluate: Could not get certificate: Server at denied our request, giving up: 2100 (RPC failed at server. Insufficient access: Insufficient 'add' privilege to add the entry 'krbprincipalname<email address hidden>,cn=services,cn=accounts,dc=ooo,dc=test'.).",

Fix proposed to branch: master

Changed in tripleo:
status: Triaged → In Progress

Submitter: Zuul
Branch: master

commit 44245d19dd2ac8ebb8b0c0096c4c318381424add
Author: Juan Antonio Osorio Robles <email address hidden>
Date: Mon Feb 18 18:35:46 2019 +0200

    Only request neutron certificate from neutron dhcp service

    The certificate request for the "neutron" certificate was set in the
    neutron base template. This had the secondary effect of causing every
    node that has a neutron service to try to request the certificate.

    This fixes that issue by moving those bits to where the certificate is
    actually used (which is only by the dhcp agent).

    Change-Id: I10ade8a4b5ec30872210c633d35273309ae20377
    Closes-Bug: #1816465

Changed in tripleo:
status: In Progress → Fix Released

This issue was fixed in the openstack/tripleo-heat-templates 10.4.0 release.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers