Can't edit /etc/openldap/ldap.conf

Bug #1923048 reported by Grzegorz Grasza
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
tripleo
Undecided
Grzegorz Grasza

Bug Description

Description
===========
For configuring high availability for LDAP in keystone one needs to edit /etc/openldap/ldap.conf [1], however, since the control plane was containerised, the file was not mounted into the container and so the configuration not applied.

Steps to reproduce
==================
Edit /etc/openldap/ldap.conf on the system

Expected result
===============
The configuration is not applied

Actual result
=============
The configuration should be applied inside the keystone container.

Environment
===========
train

[1]
https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/8/html/integrate_with_identity_service/sec-active-directory#AD-HA
2. Set the network timeout in /etc/openldap/ldap.conf:
NETWORK_TIMEOUT 2

Revision history for this message
Grzegorz Grasza (xek) wrote :
Changed in tripleo:
assignee: nobody → Grzegorz Grasza (xek)
status: New → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to tripleo-heat-templates (stable/victoria)

Fix proposed to branch: stable/victoria
Review: https://review.opendev.org/c/openstack/tripleo-heat-templates/+/786795

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to tripleo-heat-templates (stable/ussuri)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to tripleo-heat-templates (stable/train)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to tripleo-heat-templates (stable/victoria)

Reviewed: https://review.opendev.org/c/openstack/tripleo-heat-templates/+/786795
Committed: https://opendev.org/openstack/tripleo-heat-templates/commit/ce9ae866699456ab3c69be6e34c419e537630d49
Submitter: "Zuul (22348)"
Branch: stable/victoria

commit ce9ae866699456ab3c69be6e34c419e537630d49
Author: Grzegorz Grasza <email address hidden>
Date: Thu Apr 8 14:34:57 2021 +0200

    Mount /etc/openldap inside the keystone container

    For configuring high availability for LDAP in keystone one
    needs to edit /etc/openldap/ldap.conf. This worked
    before control plane was containerised. Mounting the
    openldap configuration into the keystone container
    restores the previous behavior.

    Change-Id: Id0d73a8ab0ddf7bf9e2b76ea14ffc9acff3a0ad3
    Closes-Bug: #1923048
    Resolves: rhbz#1944466
    (cherry picked from commit 313e4484e2a219eec7affb5e1e5e61d41687c6fd)

tags: added: in-stable-victoria
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to tripleo-heat-templates (stable/train)

Reviewed: https://review.opendev.org/c/openstack/tripleo-heat-templates/+/786897
Committed: https://opendev.org/openstack/tripleo-heat-templates/commit/70f6c7804595a0d09e382b0da911792b967a7d34
Submitter: "Zuul (22348)"
Branch: stable/train

commit 70f6c7804595a0d09e382b0da911792b967a7d34
Author: Grzegorz Grasza <email address hidden>
Date: Thu Apr 8 14:34:57 2021 +0200

    Mount /etc/openldap inside the keystone container

    For configuring high availability for LDAP in keystone one
    needs to edit /etc/openldap/ldap.conf. This worked
    before control plane was containerised. Mounting the
    openldap configuration into the keystone container
    restores the previous behavior.

    Change-Id: Id0d73a8ab0ddf7bf9e2b76ea14ffc9acff3a0ad3
    Closes-Bug: #1923048
    Resolves: rhbz#1944466
    (cherry picked from commit 313e4484e2a219eec7affb5e1e5e61d41687c6fd)

tags: added: in-stable-train
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/tripleo-heat-templates 14.1.0

This issue was fixed in the openstack/tripleo-heat-templates 14.1.0 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/tripleo-heat-templates 13.3.0

This issue was fixed in the openstack/tripleo-heat-templates 13.3.0 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/tripleo-heat-templates 11.6.0

This issue was fixed in the openstack/tripleo-heat-templates 11.6.0 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to tripleo-heat-templates (stable/ussuri)

Reviewed: https://review.opendev.org/c/openstack/tripleo-heat-templates/+/786896
Committed: https://opendev.org/openstack/tripleo-heat-templates/commit/6342deafc386cd6956941f818eab7e8781899584
Submitter: "Zuul (22348)"
Branch: stable/ussuri

commit 6342deafc386cd6956941f818eab7e8781899584
Author: Grzegorz Grasza <email address hidden>
Date: Thu Apr 8 14:34:57 2021 +0200

    Mount /etc/openldap inside the keystone container

    For configuring high availability for LDAP in keystone one
    needs to edit /etc/openldap/ldap.conf. This worked
    before control plane was containerised. Mounting the
    openldap configuration into the keystone container
    restores the previous behavior.

    Change-Id: Id0d73a8ab0ddf7bf9e2b76ea14ffc9acff3a0ad3
    Closes-Bug: #1923048
    Resolves: rhbz#1944466
    (cherry picked from commit 313e4484e2a219eec7affb5e1e5e61d41687c6fd)

tags: added: in-stable-ussuri
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/tripleo-heat-templates 12.4.4

This issue was fixed in the openstack/tripleo-heat-templates 12.4.4 release.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers