tripleo

  1. Bug #1850647
  2. Comment #3

Comment 3 for bug 1850647

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to tripleo-heat-templates (stable/rocky)

Reviewed: https://review.opendev.org/691887
Committed: https://git.openstack.org/cgit/openstack/tripleo-heat-templates/commit/?id=ebf0a0bd8063f1529a858ec9da3dcf7c09111e19
Submitter: Zuul
Branch: stable/rocky

commit ebf0a0bd8063f1529a858ec9da3dcf7c09111e19
Author: Ade Lee <email address hidden>
Date: Fri Oct 18 15:06:02 2019 -0400

    Restart certmnonger after registering system with IPA

    If certmonger is not restarted when the server is registered with
    IPA, then it may define the IPA CA as unreachable. This results
    in CA certs not being stored when cert requests are made with a -F
    option. Eventually, certmonger refreshes itself, but this can
    take up to 8 hours.

    We see this sometimes when doing brownfield deploys. The ca cert
    fails to be created for some requests, resulting in containers
    being unable to load.

    We fix this by simply restarting certmonger after enrollment, and
    avoiding the whole confused state.

    Closes-Bug: 1850647
    Change-Id: Id968a2d5170af1485417e41318e0187d79cd4aae
    (cherry picked from commit bf0bc85ef42bd8d8b3540b1388d64c60e43a8907)