tripleo

  1. Bug #1850647
  2. Comment #2

Comment 2 for bug 1850647

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to tripleo-heat-templates (stable/stein)

Reviewed: https://review.opendev.org/691886
Committed: https://git.openstack.org/cgit/openstack/tripleo-heat-templates/commit/?id=5eb01c517ff02c7a80c45de44aa47b2aaada2a80
Submitter: Zuul
Branch: stable/stein

commit 5eb01c517ff02c7a80c45de44aa47b2aaada2a80
Author: Ade Lee <email address hidden>
Date: Fri Oct 18 15:06:02 2019 -0400

    Restart certmnonger after registering system with IPA

    If certmonger is not restarted when the server is registered with
    IPA, then it may define the IPA CA as unreachable. This results
    in CA certs not being stored when cert requests are made with a -F
    option. Eventually, certmonger refreshes itself, but this can
    take up to 8 hours.

    We see this sometimes when doing brownfield deploys. The ca cert
    fails to be created for some requests, resulting in containers
    being unable to load.

    We fix this by simply restarting certmonger after enrollment, and
    avoiding the whole confused state.

    Closes-Bug: 1850647
    Change-Id: Id968a2d5170af1485417e41318e0187d79cd4aae
    (cherry picked from commit bf0bc85ef42bd8d8b3540b1388d64c60e43a8907)