Support for os_cacert is missing in ovb
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
tripleo |
Triaged
|
High
|
Unassigned |
Bug Description
https:/
Here is the credentials snippets of clouds.yaml
```
cacert: /etc/pki/
identity_
region_name: regionOne
volume_
```
We are using ovb-manage role to create OVB stacks and stack creation is failing with following error: [1]
```
stack_status: CREATE_FAILED
2022-08-01 21:29:49.292901 | primary | stack_status_
2022-08-01 21:29:49.292908 | primary | 0 of 1 received'
```
After looking at bmc logs [2]
```
[ 57.011793] cloud-init[1223]: with open("/
[ 57.012380] cloud-init[1223]: data=json.
[ 57.012874] cloud-init[1223]: clouds={"clouds": {"host_cloud": data}}
[ 57.013457] cloud-init[1223]: print(yaml.
[ 57.050439] cloud-init[1223]: + rm -f /tmp/bmc-cloud-data
[ 57.051624] cloud-init[1223]: + export OS_CLOUD=host_cloud
[ 57.052190] cloud-init[1223]: + OS_CLOUD=host_cloud
[ 57.053014] cloud-init[1223]: ++ command -v python3
[ 57.053521] cloud-init[1223]: ++ command -v python2
[ 57.054169] cloud-init[1223]: + /usr/bin/python2
[ 57.522295] cloud-init[1223]: Fetching private network
[ 57.523405] cloud-init[1223]: Traceback (most recent call last):
[ 57.523967] cloud-init[1223]: File "<stdin>", line 12, in <module>
[ 57.524545] cloud-init[1223]: File "/usr/lib/
[ 57.525784] cloud-init[1223]: instance.
[ 57.526572] cloud-init[1223]: File "/usr/lib/
[ 57.527461] cloud-init[1223]: **version_kwargs
[ 57.527910] cloud-init[1223]: File "/usr/lib/
[ 57.529439] cloud-init[1223]: network_endpoint = network_
[ 57.530124] cloud-init[1223]: File "/usr/lib/
[ 57.531169] cloud-init[1223]: return self.session.
[ 57.531921] cloud-init[1223]: File "/usr/lib/
[ 57.533438] cloud-init[1223]: return auth.get_
[ 57.534087] cloud-init[1223]: File "/usr/lib/
[ 57.535502] cloud-init[1223]: allow_version_
[ 57.536172] cloud-init[1223]: File "/usr/lib/
[ 57.537078] cloud-init[1223]: service_catalog = self.get_
[ 57.537742] cloud-init[1223]: File "/usr/lib/
[ 57.538594] cloud-init[1223]: self.auth_ref = self.get_
[ 57.539190] cloud-init[1223]: File "/usr/lib/
[ 57.540413] cloud-init[1223]: self._plugin = self._do_
[ 57.541075] cloud-init[1223]: File "/usr/lib/
[ 57.542007] cloud-init[1223]: authenticated=
[ 57.542486] cloud-init[1223]: File "/usr/lib/
[ 57.543363] cloud-init[1223]: authenticated=
[ 57.543888] cloud-init[1223]: File "/usr/lib/
[ 57.545789] cloud-init[1223]: disc = Discover(session, url, authenticated=
[ 57.546525] cloud-init[1223]: File "/usr/lib/
[ 57.547359] cloud-init[1223]: authenticated=
[ 57.547865] cloud-init[1223]: File "/usr/lib/
[ 57.548722] cloud-init[1223]: resp = session.get(url, headers=headers, authenticated=
[ 57.549451] cloud-init[1223]: File "/usr/lib/
[ 57.550252] cloud-init[1223]: return self.request(url, 'GET', **kwargs)
[ 57.550823] cloud-init[1223]: File "/usr/lib/
[ 57.551633] cloud-init[1223]: resp = send(**kwargs)
[ 57.552117] cloud-init[1223]: File "/usr/lib/
[ 57.552946] cloud-init[1223]: resp = self.session.
[ 57.553581] cloud-init[1223]: File "/usr/lib/
[ 57.554926] cloud-init[1223]: resp = self.send(prep, **send_kwargs)
[ 57.555557] cloud-init[1223]: File "/usr/lib/
[ 57.556337] cloud-init[1223]: r = adapter.
[ 57.556925] cloud-init[1223]: File "/usr/lib/
[ 57.568242] cloud-init[1223]: self.cert_
[ 57.568962] cloud-init[1223]: File "/usr/lib/
[ 57.569829] cloud-init[1223]: "invalid path: {}".format(
[ 57.570398] cloud-init[1223]: IOError: Could not find a suitable TLS CA certificate bundle, invalid path: /etc/pki/
```
After looking at the code:
https:/
```
conn = openstack.
print('Fetching private network')
items = conn.network.
```
It seems that ovb repo lacks the support of os_cacert that's why it is failing.
By following the steve suggestion nodepool. crt:/etc/ pki/ca- trust/source/ anchors/ ibm-bm2- nodepool. crt --run-command update-ca-trust
I used the above suggestion
```
virt-customize -a bmc-template --upload ibm-bm2-
openstack --os-cloud ibm-bm2-nodepool image create --disk-format qcow2 --container-format bare --shared --progress --file bmc-template bmc-template-ibm tripleo- ci-centos- 9-ovb-3ctlr_ 1comp-featurese t001-master- ibm tripleo- ci-centos- 9-ovb-3ctlr_ 1comp-featurese t001-master ovb-centos- 9-primary- ibm manage_ stack_mode: 'create' login_enabled: false t_verbosity: -vv private_ network: true ovb-test template_ name: bmc-template-ibm settings:
ibm- bm2-nodepool:
public_ ip_net: hostonly
undercloud _flavor: nodepool
baremetal_ flavor: m1.large
bmc_ flavor: m1.small
extra_ node_flavor: m1.small
enable_ config_ drive: true
radvd_ flavor: m1.small
dhcp_ relay_flavor: m1.small
enable_ baremetal_ config_ drive: true
baremetal_ image: CentOS- Stream- GenericCloud- 9-20211216
baremetal_ image_name: CentOS- Stream- GenericCloud- 9-20211216 tripleo- ci-centos- 9-ovb-3ctlr_ 1comp-featurese t001-master- ibm tripleo- ci-centos- 9-ovb-3ctlr_ 1comp-featurese t001-master- ibm https:/ /review. rdoproject. org/zuul/ build/48c42e98d 96546b3970a335e 2ee6f23e : SUCCESS in 1h 54m 33s it passed.
```
and
in the latest run
```
- job:
name: periodic-
parent: periodic-
nodeset: tripleo-
attempts: 1
vars:
ovb_
registry_
quickstar
create_
key_name: chandankumar-
cloud_name: ibm-bm2-nodepool
bmc_
cloud_
- project:
check:
jobs:
- periodic-
```
and
periodic-