service principal not created
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
tripleo |
Fix Released
|
Undecided
|
Grzegorz Grasza |
Bug Description
Description
===========
The service principal is not created due to VIP being set to false in network_data.yaml
Because of this it is not possible to deploy TLS Everywhere with management network.
Steps to reproduce
==================
Attempt to deploy an overcloud using TLS everywhere, certmonger-managed public TLS, and network isolation. Enable the management network on the Controller role.
Expected result
===============
Deployment succeeds.
Actual result
=============
Deploymennt failed with Ansilbe error during deployment from Puppet failure (on each controller node):
"<13>Nov 27 02:02:38 puppet-user: Notice: /Stage[
"<13>Nov 27 02:02:38 puppet-user: Warning: Could not get certificate: Execution of '/usr/bin/getcert request -I httpd-management -f /etc/pki/
"<13>Nov 27 02:02:38 puppet-user: Error: /Stage[
"<13>Nov 27 02:02:38 puppet-user: Notice: /Stage[
Environment
===========
OpenStack Stein
Changed in tripleo: | |
assignee: | nobody → Grzegorz Grasza (xek) |
status: | New → In Progress |
Reviewed: https:/ /review. opendev. org/696842 /git.openstack. org/cgit/ openstack/ tripleo- heat-templates/ commit/ ?id=a22c04c576c e6956d4ca526b60 b482501228f47e
Committed: https:/
Submitter: Zuul
Branch: master
commit a22c04c576ce695 6d4ca526b60b482 501228f47e
Author: Grzegorz Grasza <email address hidden>
Date: Mon Dec 2 10:47:29 2019 +0100
Skip both tenant and management networks when generating certs
Without this change we were unable to deploy TLS Everywhere with
management network. This is because the service principal is not
created due to VIP being set to false in network_data.yaml
Closes-Bug: #1861097 6eaa1752575349e 64329cada4a
Resolves: rhbz#1777605
Change-Id: I43fd5f67c1a0be