[Triple0 - Wallaby] Overcloud deployment getting failed with SSL
Lokendra Rathour
lokendrarathour at gmail.com
Wed Jul 27 16:55:34 UTC 2022
Hi Team,
I tried again with DNS enabled, but the error remains the same.
tone_resources : Create identity public endpoint | undercloud |
0:24:59.456181 | 2.31s
2022-07-27 15:20:48.735838 | 5254006e-bbd1-cd20-647c-00000000736c |
TASK | Create identity internal endpoint
2022-07-27 15:20:51.227000 | 5254006e-bbd1-cd20-647c-00000000736c |
FATAL | Create identity internal endpoint | undercloud | error={"changed":
false, "extra_data": {"data": null, "details": "The request you have made
requires authentication.", "response":
"{\"error\":{\"code\":401,\"message\":\"The request you have made requires
authentication.\",\"title\":\"Unauthorized\"}}\n"}, "msg": "Failed to list
services: Client Error for url: https://overcloud-publ
ic.myhsc.com:13000/v3/services, The request you have made requires
authentication."}
Checking further in the keystone logs in container:
2022-07-27 19:35:37.447 33 WARNING keystone.server.flask.application
[req-bb4621d8-73ad-4bad-831f-5c2370e92e71 - - - - -] Authorization failed.
The request you have made requires authentication. from
fd00:fd00:fd00:9900::29: keystone.exception.Unauthorized: The request you
have made requires authentication.
2022-07-27 19:35:37.998 26 WARNING py.warnings
[req-54d44e3a-5e34-4e40-b2dc-e8213353ea05 ab5e9670632544f8a8c7e1b3ac175bcd
e4185872cadb442aa9a59980b3227941 - default default]
/usr/lib/python3.6/site-packages/oslo_policy/policy.py:1065: UserWarning:
Policy identity:list_projects failed scope check. The token used to make
the request was project scoped but the policy requires ['system', 'domain']
scope. This behavior may change in the future where using the intended
scope is required
I am kind of blocked now, any lead would let me understand the problem more
and maybe it can solve the issue.
Best Regards,
Lokendra
On Mon, Jul 25, 2022 at 3:12 PM Lokendra Rathour <lokendrarathour at gmail.com>
wrote:
> Hi Brendan,
> Apologies for this delay, i had to redo the setup to reach this point,
> and also this time just to eliminate my Doubt i removed SSL for overcloud.
> Now I am only using DNS Server. In this case also I am getting the same
> error.
>
> | 0:13:20.198877 | 1.86s
> 2022-07-25 14:37:29.657118 | 525400a7-0932-2ed1-d313-000000007193 |
> TASK | Create identity internal endpoint
> 2022-07-25 14:37:31.995131 | 525400a7-0932-2ed1-d313-000000007193 |
> FATAL | Create identity internal endpoint | undercloud | error={"changed":
> false, "extra_data": {"data": null, "details": "The request you have made
> requires authentication.", "response":
> "{\"error\":{\"code\":401,\"message\":\"The request you have made requires
> authentication.\",\"title\":\"Unauthorized\"}}\n"}, "msg": "Failed to list
> services: Client Error for url: http://[fd00:fd00:fd00:9900::a0]:5000/v3/services,
> The request you have made requires authentication."}
>
>
> To answer your question please note:
>
> "OS_CLOUD=overcloud openstack endpoint list"
>
> [root at GGNLABPM4 ~]# ssh stack at 10.0.1.29
> stack at 10.0.1.29's password:
> Activate the web console with: systemctl enable --now cockpit.socket
>
> Last login: Mon Jul 25 14:38:44 2022 from 10.0.1.4
> [stack at undercloud ~]$ OS_CLOUD=overcloud openstack endpoint list
>
> +----------------------------------+-----------+--------------+--------------+---------+-----------+---------------------------------------+
> | ID | Region | Service Name | Service
> Type | Enabled | Interface | URL |
>
> +----------------------------------+-----------+--------------+--------------+---------+-----------+---------------------------------------+
> | 1ecd328b5ea1426bb411d157b8339dd2 | regionOne | keystone | identity
> | True | public | http://[fd00:fd00:fd00:9900::a0]:5000 |
> | 518cfa0f2ece43b684710006c9fa5b25 | regionOne | keystone | identity
> | True | admin | http://30.30.30.181:35357 |
> | 8cda413052c24718b073578bb497f483 | regionOne | keystone | identity
> | True | internal | http://[fd00:fd00:fd00:2000::a0]:5000 |
>
> +----------------------------------+-----------+--------------+--------------+---------+-----------+---------------------------------------+
> [stack at undercloud ~]$
>
>
> it is giving us only keystone endpoints.
>
> Also note that I am trying to deploy the end to end setup with FQDN only.
> and in this case as well I am facing the same issue as old.
>
> thanks once again for your inputs.
>
> -Lokendra
>
>
>
> On Wed, Jul 20, 2022 at 3:07 PM Brendan Shephard <bshephar at redhat.com>
> wrote:
>
>> Hey,
>>
>> I think it's weird that you got a response at all when you run the
>> openstack endpoint list, since you said haproxy isn't running. So there
>> should be nothing serving that endpoint.
>>
>> I noticed you have the stackrc file sourced. Try it again without that
>> file sourced, so:
>> $ su - stack
>> $ OS_CLOUD=overcloud openstack endpoint list
>>
>> I would suspect that nothing should be responding. It could be the
>> stackrc file causing issues with some of the environment variables. If the
>> above command doesn't return anything, then my suggestion would be to
>> re-run the deployment like this:
>>
>> $ su - stack
>> $ export OS_CLOUD=undercloud
>> # Then run your deployment script again
>> $ bash overcloud_deploy.sh
>>
>> The OS_CLOUD variable tells the openstackclient to lookup the details
>> about that cloud from your clouds.yaml file. Which will be located in
>> /home/stack/.config/openstack/clouds.yaml.
>>
>> This method is preferable to the sourcing of RC files.
>>
>> Reference:
>>
>> https://docs.openstack.org/openstacksdk/latest/user/guides/connect_from_config.html
>>
>> Regarding the HAProxy warnings. I don't think they should be fatal.
>> afaik, HAProxy should still be starting. If it's not, there might be
>> another error that you will need to look for in the log files under
>> /var/log/containers/haproxy/
>>
>> I wasn't able to reproduce that warning by following the documentation
>> for enabling TLS though. So it seems like an odd error to be getting.
>>
>> Brendan Shephard
>>
>> Software Engineer
>>
>> Red Hat APAC <https://www.redhat.com>
>>
>> 193 N Quay
>>
>> Brisbane City QLD 4000
>> @RedHat <https://twitter.com/redhat> Red Hat
>> <https://www.linkedin.com/company/red-hat> Red Hat
>> <https://www.facebook.com/RedHatInc>
>> <https://red.ht/sig>
>> <https://redhat.com/summit>
>>
>>
>> On Wed, Jul 20, 2022 at 7:02 PM Lokendra Rathour <
>> lokendrarathour at gmail.com> wrote:
>>
>>> Hi Brendan / Team,
>>> Any lead for the issue raised?
>>>
>>> -Lokendra
>>>
>>>
>>>
>>> On Tue, Jul 19, 2022 at 11:46 AM Lokendra Rathour <
>>> lokendrarathour at gmail.com> wrote:
>>>
>>>> Hi Brendan,,
>>>> Thanks for the inputs.
>>>> when i run the command as you suggested I get this:
>>>>
>>>> (undercloud) [stack at undercloud ~]$ OS_CLOUD=overcloud openstack
>>>> endpoint list
>>>>
>>>> +----------------------------------+-----------+--------------+--------------+---------+-----------+----------------------------------------+
>>>> | ID | Region | Service Name | Service
>>>> Type | Enabled | Interface | URL |
>>>>
>>>> +----------------------------------+-----------+--------------+--------------+---------+-----------+----------------------------------------+
>>>> | 1bfe43c9cf174bd8a01a3a681538766a | regionOne | keystone |
>>>> identity | True | internal | http://[fd00:fd00:fd00:2000::326]:5000
>>>> |
>>>> | 707e92fc11df4a74bceb5e48f2561357 | regionOne | keystone |
>>>> identity | True | admin | http://30.30.30.173:35357
>>>> |
>>>> | fab4e66170c8402f899c5f43fd4c39fe | regionOne | keystone |
>>>> identity | True | public | https://overcloud-hsc.com:13000
>>>> |
>>>>
>>>> +----------------------------------+-----------+--------------+--------------+---------+-----------+----------------------------------------+
>>>> (undercloud) [stack at undercloud ~]$
>>>>
>>>>
>>>> On the other note that i notices was as below:
>>>>
>>>> - HAproxy container is not running.
>>>> - [root at overcloud-controller-2 stdouts]# podman ps -a | grep
>>>> haproxy
>>>> e91dbde042db
>>>> undercloud.ctlplane.localdomain:8787/tripleowallaby/openstack-haproxy:current-tripleo
>>>> 24 hours ago Exited (1) Less than a
>>>> second ago container-puppet-haproxy\
>>>> - Checking logs:
>>>> - 2022-07-19T08:47:00.496212294+05:30 stderr F + ARGS=
>>>> 2022-07-19T08:47:00.496300242+05:30 stderr F + [[ ! -n '' ]]
>>>> 2022-07-19T08:47:00.496323705+05:30 stderr F + .
>>>> kolla_extend_start
>>>> 2022-07-19T08:47:00.496578173+05:30 stderr F + echo 'Running
>>>> command: '\''bash -c $* -- eval if [ -f /usr/sbin/haproxy-systemd-wrapper
>>>> ]; then exec /usr/sbin/haproxy-systemd-wrapper -f /etc/haproxy/haproxy.cfg;
>>>> else exec /usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -Ws; fi'\'''
>>>> 2022-07-19T08:47:00.496605469+05:30 stdout F Running command:
>>>> 'bash -c $* -- eval if [ -f /usr/sbin/haproxy-systemd-wrapper ]; then exec
>>>> /usr/sbin/haproxy-systemd-wrapper -f /etc/haproxy/haproxy.cfg; else exec
>>>> /usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -Ws; fi'
>>>> 2022-07-19T08:47:00.496895618+05:30 stderr F + exec bash -c '$*'
>>>> -- eval if '[' -f /usr/sbin/haproxy-systemd-wrapper '];' then exec
>>>> /usr/sbin/haproxy-systemd-wrapper -f '/etc/haproxy/haproxy.cfg;' else exec
>>>> /usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg '-Ws;' fi
>>>> 2022-07-19T08:47:00.513182490+05:30 stderr F [WARNING]
>>>> 199/084700 (7) : parsing [/etc/haproxy/haproxy.cfg:28] : 'bind
>>>> fd00:fd00:fd00:9900::81:13776' :
>>>> 2022-07-19T08:47:00.513182490+05:30 stderr F unable to load
>>>> default 1024 bits DH parameter for certificate
>>>> '/etc/pki/tls/private/overcloud_endpoint.pem'.
>>>> 2022-07-19T08:47:00.513182490+05:30 stderr F , SSL library
>>>> will use an automatically generated DH parameter.
>>>> automatically2022-07-19T08:47:00.513967576+05:30 stderr F
>>>> [WARNING] 199/084700 (7) : parsing [/etc/haproxy/haproxy.cfg:45] : 'bind
>>>> fd00:fd00:fd00:9900::81:13292' :
>>>> 2022-07-19T08:47:00.513967576+05:30 stderr F unable to load
>>>> default 1024 bits DH parameter for certificate
>>>> '/etc/pki/tls/private/overcloud_endpoint.pem'.
>>>> 2022-07-19T08:47:00.513967576+05:30 stderr F , SSL library
>>>> will use an automatically generated DH parameter.
>>>> 2022-07-19T08:47:00.514736662+05:30 stderr F [WARNING]
>>>> 199/084700 (7) : parsing [/etc/haproxy/haproxy.cfg:69] : 'bind
>>>> fd00:fd00:fd00:9900::81:13004' :
>>>> 2022-07-19T08:47:00.514736662+05:30 stderr F unable to load
>>>> default 1024 bits DH parameter for certificate
>>>> '/etc/pki/tls/private/overcloud_endpoint.pem'.
>>>> 2022-07-19T08:47:00.514736662+05:30 stderr F , SSL library
>>>> will use an automatically generated DH parameter.
>>>> 2022-07-19T08:47:00.515461787+05:30 stderr F [WARNING]
>>>> 199/084700 (7) : parsing [/etc/haproxy/haproxy.cfg:89] : 'bind
>>>> fd00:fd00:fd00:9900::81:13005' :
>>>> 2022-07-19T08:47:00.515461787+05:30 stderr F unable to load
>>>> default 1024 bits DH parameter for certificate
>>>> '/etc/pki/tls/private/overcloud_endpoint.pem'.
>>>> 2022-07-19T08:47:00.515461787+05:30 stderr F , SSL library
>>>> will use an automatically generated DH parameter.
>>>> 2022-07-19T08:47:00.516167406+05:30 stderr F [WARNING]
>>>> 199/084700 (7) : parsing [/etc/haproxy/haproxy.cfg:108] : 'bind
>>>> fd00:fd00:fd00:2000::326:443' :
>>>> - 2022-07-19T08:47:00.517937930+05:30 stderr F , SSL library
>>>> will use an automatically generated DH parameter.
>>>> 2022-07-19T08:47:00.518534123+05:30 stderr F [WARNING]
>>>> 199/084700 (7) : parsing [/etc/haproxy/haproxy.cfg:172] : 'bind
>>>> fd00:fd00:fd00:9900::81:13000' :
>>>> 2022-07-19T08:47:00.518534123+05:30 stderr F unable to load
>>>> default 1024 bits DH parameter for certificate
>>>> '/etc/pki/tls/private/overcloud_endpoint.pem'.
>>>> 2022-07-19T08:47:00.518534123+05:30 stderr F , SSL library
>>>> will use an automatically generated DH parameter.
>>>> 2022-07-19T08:47:00.519127743+05:30 stderr F [WARNING]
>>>> 199/084700 (7) : parsing [/etc/haproxy/haproxy.cfg:201] : 'bind
>>>> fd00:fd00:fd00:9900::81:13696' :
>>>> 2022-07-19T08:47:00.519127743+05:30 stderr F unable to load
>>>> default 1024 bits DH parameter for certificate
>>>> '/etc/pki/tls/private/overcloud_endpoint.pem'.
>>>> 2022-07-19T08:47:00.519127743+05:30 stderr F , SSL library
>>>> will use an automatically generated DH parameter.
>>>> 2022-07-19T08:47:00.519734281+05:30 stderr F [WARNING]
>>>> 199/084700 (7) : parsing [/etc/haproxy/haproxy.cfg:233] : 'bind
>>>> fd00:fd00:fd00:9900::81:13080' :
>>>> 2022-07-19T08:47:00.519734281+05:30 stderr F unable to load
>>>> default 1024 bits DH parameter for certificate
>>>> '/etc/pki/tls/private/overcloud_endpoint.pem'.
>>>> 2022-07-19T08:47:00.519734281+05:30 stderr F , SSL library
>>>> will use an automatically generated DH parameter.
>>>> 2022-07-19T08:47:00.520285158+05:30 stderr F [WARNING]
>>>> 199/084700 (7) : parsing [/etc/haproxy/haproxy.cfg:250] : 'bind
>>>> fd00:fd00:fd00:9900::81:13774' :
>>>> 2022-07-19T08:47:00.520285158+05:30 stderr F unable to load
>>>> default 1024 bits DH parameter for certificate
>>>> '/etc/pki/tls/private/overcloud_endpoint.pem'.
>>>> 2022-07-19T08:47:00.520285158+05:30 stderr F , SSL library
>>>> will use an automatically generated DH parameter.
>>>> 2022-07-19T08:47:00.520830405+05:30 stderr F [WARNING]
>>>> 199/084700 (7) : parsing [/etc/haproxy/haproxy.cfg:266] : 'bind
>>>> fd00:fd00:fd00:9900::81:13778' :
>>>> 2022-07-19T08:47:00.520830405+05:30 stderr F unable to load
>>>> default 1024 bits DH parameter for certificate
>>>> '/etc/pki/tls/private/overcloud_endpoint.pem'.
>>>> 2022-07-19T08:47:00.520830405+05:30 stderr F , SSL library
>>>> will use an automatically generated DH parameter.
>>>> 2022-07-19T08:47:00.521517271+05:30 stderr F [WARNING]
>>>> 199/084700 (7) : parsing [/etc/haproxy/haproxy.cfg:281] : 'bind
>>>> fd00:fd00:fd00:9900::81:13808' :
>>>> 2022-07-19T08:47:00.521517271+05:30 stderr F unable to load
>>>> default 1024 bits DH parameter for certificate
>>>> '/etc/pki/tls/private/overcloud_endpoint.pem'.
>>>> 2022-07-19T08:47:00.521517271+05:30 stderr F , SSL library
>>>> will use an automatically generated DH parameter.
>>>> 2022-07-19T08:47:00.524065508+05:30 stderr F [WARNING]
>>>> 199/084700 (7) : Setting tune.ssl.default-dh-param to 1024 by default, if
>>>> your workload permits it you should set it to at least 2048. Please set a
>>>> value >= 1024 to make this warning disappear.
>>>> - pcs status also show that proxy is down for the controller
>>>> with VIP:
>>>> - Failed Resource Actions:
>>>> * haproxy-bundle-podman-2_start_0 on overcloud-controller-2
>>>> 'error' (1): call=139, status='complete', exitreason='podman failed to
>>>> launch container (rc: 1)', last-rc-change='Mon Jul 18 15:14:34 2022',
>>>> queued=0ms, exec=1222ms
>>>> * haproxy-bundle-podman-1_start_0 on overcloud-controller-1
>>>> 'error' (1): call=191, status='complete', exitreason='podman failed to
>>>> launch container (rc: 1)', last-rc-change='Mon Jul 18 23:54:17 2022',
>>>> queued=0ms, exec=1171ms
>>>> * haproxy-bundle-podman-2_start_0 on overcloud-controller-1
>>>> 'error' (1): call=193, status='complete', exitreason='podman failed to
>>>> launch container (rc: 1)', last-rc-change='Mon Jul 18 23:54:20 2022',
>>>> queued=0ms, exec=1256ms
>>>>
>>>> do let me know in case we need anything more around it.
>>>> thanks once again for the support.
>>>> -Lokendra
>>>>
>>>> On Tue, Jul 19, 2022 at 11:07 AM Brendan Shephard <bshephar at redhat.com>
>>>> wrote:
>>>>
>>>>> Hey,
>>>>>
>>>>> Doesn't look like there is anything wrong with the certificate there.
>>>>> You would be getting a TLS error if that was the problem.
>>>>>
>>>>> What does your clouds.yaml file look like now? What happens if you run
>>>>> this command from the Undercloud node:
>>>>> $ OS_CLOUD=overcloud openstack endpoint list
>>>>>
>>>>> Do you get the same error?
>>>>>
>>>>> Brendan Shephard
>>>>>
>>>>> Software Engineer
>>>>>
>>>>> Red Hat APAC <https://www.redhat.com>
>>>>>
>>>>> 193 N Quay
>>>>>
>>>>> Brisbane City QLD 4000
>>>>> @RedHat <https://twitter.com/redhat> Red Hat
>>>>> <https://www.linkedin.com/company/red-hat> Red Hat
>>>>> <https://www.facebook.com/RedHatInc>
>>>>> <https://red.ht/sig>
>>>>> <https://redhat.com/summit>
>>>>>
>>>>>
>>>>> On Tue, Jul 19, 2022 at 1:28 PM Lokendra Rathour <
>>>>> lokendrarathour at gmail.com> wrote:
>>>>>
>>>>>> Hi Swogat and Vikarna,
>>>>>> We have tried adding the DNS entry for the overcloud domain. we are
>>>>>> getting the same error:
>>>>>>
>>>>>> 022-07-19 00:09:41.491498 | 525400ae-089b-c832-8e34-00000000704f |
>>>>>> TIMING | tripleo_keystone_resources : Create identity public endpoint |
>>>>>> undercloud | 0:11:18.785769 | 2.16s
>>>>>> 2022-07-19 00:09:41.507319 | 525400ae-089b-c832-8e34-000000007050 |
>>>>>> TASK | Create identity internal endpoint
>>>>>> 2022-07-19 00:09:43.778910 | 525400ae-089b-c832-8e34-000000007050 |
>>>>>> FATAL | Create identity internal endpoint | undercloud |
>>>>>> error={"changed": false, "extra_data": {"data": null, "details": "The
>>>>>> request you have made requires authentication.", "response":
>>>>>> "{\"error\":{\"code\":401,\"message\":\"The request you have made requires
>>>>>> authentication.\",\"title\":\"Unauthorized\"}}\n"}, "msg": "Failed to list
>>>>>> services: Client Error for url:
>>>>>> https://overcloud-hsc.com:13000/v3/services, The request you have
>>>>>> made requires authentication."}
>>>>>> 2022-07-19 00:09:43.780306 | 525400ae-089b-c832-8e34-000000007050 |
>>>>>> TIMING | tripleo_keystone_resources : Create identity internal endpoint |
>>>>>> undercloud | 0:11:21.074605 | 2.
>>>>>>
>>>>>>
>>>>>> Certificate configs:
>>>>>>
>>>>>> [stack at undercloud oc-domain-name]$ cat server.csr.cnf
>>>>>> [req]
>>>>>> default_bits = 2048
>>>>>> prompt = no
>>>>>> default_md = sha256
>>>>>> distinguished_name = dn
>>>>>> [dn]
>>>>>> C=IN
>>>>>> ST=UTTAR PRADESH
>>>>>> L=NOIDA
>>>>>> O=HSC
>>>>>> OU=HSC
>>>>>> emailAddress=demo at demo.com
>>>>>> CN=overcloud-hsc.com
>>>>>> [stack at undercloud oc-domain-name]$ cat v3.ext
>>>>>> authorityKeyIdentifier=keyid,issuer
>>>>>> basicConstraints=CA:FALSE
>>>>>> keyUsage = digitalSignature, nonRepudiation, keyEncipherment,
>>>>>> dataEncipherment
>>>>>> subjectAltName = @alt_names
>>>>>> [alt_names]
>>>>>> DNS.1=overcloud-hsc.com
>>>>>> [stack at undercloud oc-domain-name]$
>>>>>>
>>>>>> the difference we see from others is that we are using self-signed
>>>>>> certificates.
>>>>>>
>>>>>> please let me know in case we need to check something else. Somehow
>>>>>> this issue remains stuck.
>>>>>>
>>>>>>
>>>>>> On Fri, Jul 15, 2022 at 2:17 AM Swogat Pradhan <
>>>>>> swogatpradhan22 at gmail.com> wrote:
>>>>>>
>>>>>>> I was facing a similar kind of issue.
>>>>>>> https://bugzilla.redhat.com/show_bug.cgi?id=2089442
>>>>>>> Here is the solution that helped me fix it.
>>>>>>> Also make sure the cn that you will use is reachable from undercloud
>>>>>>> (maybe) script should take care of it.
>>>>>>>
>>>>>>> Also please follow Mr. Tathe's mail to add the cn first.
>>>>>>>
>>>>>>> With regards
>>>>>>> Swogat Pradhan
>>>>>>>
>>>>>>> On Thu, Jul 14, 2022 at 8:49 AM Vikarna Tathe <
>>>>>>> vikarnatathe at gmail.com> wrote:
>>>>>>>
>>>>>>>> Hi Lokendra,
>>>>>>>>
>>>>>>>> The CN field is missing. Can you add that and generate the
>>>>>>>> certificate again.
>>>>>>>>
>>>>>>>> CN=ipaddress
>>>>>>>>
>>>>>>>> Also add dns.1=ipaddress under alt_names for precaution.
>>>>>>>>
>>>>>>>> Vikarna
>>>>>>>>
>>>>>>>> On Wed, 13 Jul, 2022, 23:02 Lokendra Rathour, <
>>>>>>>> lokendrarathour at gmail.com> wrote:
>>>>>>>>
>>>>>>>>> HI Vikarna,
>>>>>>>>> Thanks for the inputs.
>>>>>>>>> I am note able to access any tabs in GUI.
>>>>>>>>> [image: image.png]
>>>>>>>>>
>>>>>>>>> to re-state, we are failing at the time of deployment at step4 :
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> PLAY [External deployment step 4]
>>>>>>>>> **********************************************
>>>>>>>>> 2022-07-13 21:35:22.505148 | 525400ae-089b-870a-fab6-0000000000d7
>>>>>>>>> | TASK | External deployment step 4
>>>>>>>>> 2022-07-13 21:35:22.534899 | 525400ae-089b-870a-fab6-0000000000d7
>>>>>>>>> | OK | External deployment step 4 | undercloud -> localhost |
>>>>>>>>> result={
>>>>>>>>> "changed": false,
>>>>>>>>> "msg": "Use --start-at-task 'External deployment step 4' to
>>>>>>>>> resume from this task"
>>>>>>>>> }
>>>>>>>>> [WARNING]: ('undercloud -> localhost',
>>>>>>>>> '525400ae-089b-870a-fab6-0000000000d7')
>>>>>>>>> missing from stats
>>>>>>>>> 2022-07-13 21:35:22.591268 | 525400ae-089b-870a-fab6-0000000000d8
>>>>>>>>> | TIMING | include_tasks | undercloud | 0:11:21.683453 | 0.04s
>>>>>>>>> 2022-07-13 21:35:22.605901 | f29c4b58-75a5-4993-97b8-3921a49d79d7
>>>>>>>>> | INCLUDED |
>>>>>>>>> /home/stack/overcloud-deploy/overcloud/config-download/overcloud/external_deploy_steps_tasks_step4.yaml
>>>>>>>>> | undercloud
>>>>>>>>> 2022-07-13 21:35:22.627112 | 525400ae-089b-870a-fab6-000000007239
>>>>>>>>> | TASK | Clean up legacy Cinder keystone catalog entries
>>>>>>>>> 2022-07-13 21:35:25.110635 | 525400ae-089b-870a-fab6-000000007239
>>>>>>>>> | OK | Clean up legacy Cinder keystone catalog entries | undercloud
>>>>>>>>> | item={'service_name': 'cinderv2', 'service_type': 'volumev2'}
>>>>>>>>> 2022-07-13 21:35:25.112368 | 525400ae-089b-870a-fab6-000000007239
>>>>>>>>> | TIMING | Clean up legacy Cinder keystone catalog entries | undercloud
>>>>>>>>> | 0:11:24.204562 | 2.48s
>>>>>>>>> 2022-07-13 21:35:27.029270 | 525400ae-089b-870a-fab6-000000007239
>>>>>>>>> | OK | Clean up legacy Cinder keystone catalog entries | undercloud
>>>>>>>>> | item={'service_name': 'cinderv3', 'service_type': 'volume'}
>>>>>>>>> 2022-07-13 21:35:27.030383 | 525400ae-089b-870a-fab6-000000007239
>>>>>>>>> | TIMING | Clean up legacy Cinder keystone catalog entries | undercloud
>>>>>>>>> | 0:11:26.122584 | 4.40s
>>>>>>>>> 2022-07-13 21:35:27.032091 | 525400ae-089b-870a-fab6-000000007239
>>>>>>>>> | TIMING | Clean up legacy Cinder keystone catalog entries | undercloud
>>>>>>>>> | 0:11:26.124296 | 4.40s
>>>>>>>>> 2022-07-13 21:35:27.047913 | 525400ae-089b-870a-fab6-00000000723c
>>>>>>>>> | TASK | Manage Keystone resources for OpenStack services
>>>>>>>>> 2022-07-13 21:35:27.077672 | 525400ae-089b-870a-fab6-00000000723c
>>>>>>>>> | TIMING | Manage Keystone resources for OpenStack services |
>>>>>>>>> undercloud | 0:11:26.169842 | 0.03s
>>>>>>>>> 2022-07-13 21:35:27.120270 | 525400ae-089b-870a-fab6-00000000726b
>>>>>>>>> | TASK | Gather variables for each operating system
>>>>>>>>> 2022-07-13 21:35:27.161225 | 525400ae-089b-870a-fab6-00000000726b
>>>>>>>>> | TIMING | tripleo_keystone_resources : Gather variables for each
>>>>>>>>> operating system | undercloud | 0:11:26.253383 | 0.04s
>>>>>>>>> 2022-07-13 21:35:27.177798 | 525400ae-089b-870a-fab6-00000000726c
>>>>>>>>> | TASK | Create Keystone Admin resources
>>>>>>>>> 2022-07-13 21:35:27.207430 | 525400ae-089b-870a-fab6-00000000726c
>>>>>>>>> | TIMING | tripleo_keystone_resources : Create Keystone Admin resources
>>>>>>>>> | undercloud | 0:11:26.299608 | 0.03s
>>>>>>>>> 2022-07-13 21:35:27.230985 | 46e05e2d-2e9c-467b-ac4f-c5f0bc7286b3
>>>>>>>>> | INCLUDED |
>>>>>>>>> /usr/share/ansible/roles/tripleo_keystone_resources/tasks/admin.yml |
>>>>>>>>> undercloud
>>>>>>>>> 2022-07-13 21:35:27.256076 | 525400ae-089b-870a-fab6-0000000072ad
>>>>>>>>> | TASK | Create default domain
>>>>>>>>> 2022-07-13 21:35:29.343399 | 525400ae-089b-870a-fab6-0000000072ad
>>>>>>>>> | OK | Create default domain | undercloud
>>>>>>>>> 2022-07-13 21:35:29.345172 | 525400ae-089b-870a-fab6-0000000072ad
>>>>>>>>> | TIMING | tripleo_keystone_resources : Create default domain |
>>>>>>>>> undercloud | 0:11:28.437360 | 2.09s
>>>>>>>>> 2022-07-13 21:35:29.361643 | 525400ae-089b-870a-fab6-0000000072ae
>>>>>>>>> | TASK | Create admin and service projects
>>>>>>>>> 2022-07-13 21:35:29.391295 | 525400ae-089b-870a-fab6-0000000072ae
>>>>>>>>> | TIMING | tripleo_keystone_resources : Create admin and service
>>>>>>>>> projects | undercloud | 0:11:28.483468 | 0.03s
>>>>>>>>> 2022-07-13 21:35:29.402539 | af7a4a76-4998-4679-ac6f-58acc0867554
>>>>>>>>> | INCLUDED |
>>>>>>>>> /usr/share/ansible/roles/tripleo_keystone_resources/tasks/projects.yml |
>>>>>>>>> undercloud
>>>>>>>>> 2022-07-13 21:35:29.428918 | 525400ae-089b-870a-fab6-000000007304
>>>>>>>>> | TASK | Async creation of Keystone project
>>>>>>>>> 2022-07-13 21:35:30.144295 | 525400ae-089b-870a-fab6-000000007304
>>>>>>>>> | CHANGED | Async creation of Keystone project | undercloud | item=admin
>>>>>>>>> 2022-07-13 21:35:30.145884 | 525400ae-089b-870a-fab6-000000007304
>>>>>>>>> | TIMING | tripleo_keystone_resources : Async creation of Keystone
>>>>>>>>> project | undercloud | 0:11:29.238078 | 0.72s
>>>>>>>>> 2022-07-13 21:35:30.493458 | 525400ae-089b-870a-fab6-000000007304
>>>>>>>>> | CHANGED | Async creation of Keystone project | undercloud |
>>>>>>>>> item=service
>>>>>>>>> 2022-07-13 21:35:30.494386 | 525400ae-089b-870a-fab6-000000007304
>>>>>>>>> | TIMING | tripleo_keystone_resources : Async creation of Keystone
>>>>>>>>> project | undercloud | 0:11:29.586587 | 1.06s
>>>>>>>>> 2022-07-13 21:35:30.495729 | 525400ae-089b-870a-fab6-000000007304
>>>>>>>>> | TIMING | tripleo_keystone_resources : Async creation of Keystone
>>>>>>>>> project | undercloud | 0:11:29.587916 | 1.07s
>>>>>>>>> 2022-07-13 21:35:30.511748 | 525400ae-089b-870a-fab6-000000007306
>>>>>>>>> | TASK | Check Keystone project status
>>>>>>>>> 2022-07-13 21:35:30.908189 | 525400ae-089b-870a-fab6-000000007306
>>>>>>>>> | WAITING | Check Keystone project status | undercloud | 30 retries left
>>>>>>>>> 2022-07-13 21:35:36.166541 | 525400ae-089b-870a-fab6-000000007306
>>>>>>>>> | OK | Check Keystone project status | undercloud | item=admin
>>>>>>>>> 2022-07-13 21:35:36.168506 | 525400ae-089b-870a-fab6-000000007306
>>>>>>>>> | TIMING | tripleo_keystone_resources : Check Keystone project status |
>>>>>>>>> undercloud | 0:11:35.260666 | 5.66s
>>>>>>>>> 2022-07-13 21:35:36.400914 | 525400ae-089b-870a-fab6-000000007306
>>>>>>>>> | OK | Check Keystone project status | undercloud | item=service
>>>>>>>>> 2022-07-13 21:35:36.402534 | 525400ae-089b-870a-fab6-000000007306
>>>>>>>>> | TIMING | tripleo_keystone_resources : Check Keystone project status |
>>>>>>>>> undercloud | 0:11:35.494729 | 5.89s
>>>>>>>>> 2022-07-13 21:35:36.406576 | 525400ae-089b-870a-fab6-000000007306
>>>>>>>>> | TIMING | tripleo_keystone_resources : Check Keystone project status |
>>>>>>>>> undercloud | 0:11:35.498771 | 5.89s
>>>>>>>>> 2022-07-13 21:35:36.427719 | 525400ae-089b-870a-fab6-0000000072af
>>>>>>>>> | TASK | Create admin role
>>>>>>>>> 2022-07-13 21:35:38.632266 | 525400ae-089b-870a-fab6-0000000072af
>>>>>>>>> | OK | Create admin role | undercloud
>>>>>>>>> 2022-07-13 21:35:38.633754 | 525400ae-089b-870a-fab6-0000000072af
>>>>>>>>> | TIMING | tripleo_keystone_resources : Create admin role | undercloud
>>>>>>>>> | 0:11:37.725949 | 2.20s
>>>>>>>>> 2022-07-13 21:35:38.649721 | 525400ae-089b-870a-fab6-0000000072b0
>>>>>>>>> | TASK | Create _member_ role
>>>>>>>>> 2022-07-13 21:35:38.689773 | 525400ae-089b-870a-fab6-0000000072b0
>>>>>>>>> | SKIPPED | Create _member_ role | undercloud
>>>>>>>>> 2022-07-13 21:35:38.691172 | 525400ae-089b-870a-fab6-0000000072b0
>>>>>>>>> | TIMING | tripleo_keystone_resources : Create _member_ role |
>>>>>>>>> undercloud | 0:11:37.783369 | 0.04s
>>>>>>>>> 2022-07-13 21:35:38.706920 | 525400ae-089b-870a-fab6-0000000072b1
>>>>>>>>> | TASK | Create admin user
>>>>>>>>> 2022-07-13 21:35:42.051623 | 525400ae-089b-870a-fab6-0000000072b1
>>>>>>>>> | CHANGED | Create admin user | undercloud
>>>>>>>>> 2022-07-13 21:35:42.053285 | 525400ae-089b-870a-fab6-0000000072b1
>>>>>>>>> | TIMING | tripleo_keystone_resources : Create admin user | undercloud
>>>>>>>>> | 0:11:41.145472 | 3.34s
>>>>>>>>> 2022-07-13 21:35:42.069370 | 525400ae-089b-870a-fab6-0000000072b2
>>>>>>>>> | TASK | Assign admin role to admin project for admin user
>>>>>>>>> 2022-07-13 21:35:45.194891 | 525400ae-089b-870a-fab6-0000000072b2
>>>>>>>>> | OK | Assign admin role to admin project for admin user |
>>>>>>>>> undercloud
>>>>>>>>> 2022-07-13 21:35:45.196669 | 525400ae-089b-870a-fab6-0000000072b2
>>>>>>>>> | TIMING | tripleo_keystone_resources : Assign admin role to admin
>>>>>>>>> project for admin user | undercloud | 0:11:44.288848 | 3.13s
>>>>>>>>> 2022-07-13 21:35:45.212674 | 525400ae-089b-870a-fab6-0000000072b3
>>>>>>>>> | TASK | Assign _member_ role to admin project for admin user
>>>>>>>>> 2022-07-13 21:35:45.252884 | 525400ae-089b-870a-fab6-0000000072b3
>>>>>>>>> | SKIPPED | Assign _member_ role to admin project for admin user |
>>>>>>>>> undercloud
>>>>>>>>> 2022-07-13 21:35:45.254283 | 525400ae-089b-870a-fab6-0000000072b3
>>>>>>>>> | TIMING | tripleo_keystone_resources : Assign _member_ role to admin
>>>>>>>>> project for admin user | undercloud | 0:11:44.346479 | 0.04s
>>>>>>>>> 2022-07-13 21:35:45.270310 | 525400ae-089b-870a-fab6-0000000072b4
>>>>>>>>> | TASK | Create identity service
>>>>>>>>> 2022-07-13 21:35:46.928715 | 525400ae-089b-870a-fab6-0000000072b4
>>>>>>>>> | OK | Create identity service | undercloud
>>>>>>>>> 2022-07-13 21:35:46.930167 | 525400ae-089b-870a-fab6-0000000072b4
>>>>>>>>> | TIMING | tripleo_keystone_resources : Create identity service |
>>>>>>>>> undercloud | 0:11:46.022362 | 1.66s
>>>>>>>>> 2022-07-13 21:35:46.946797 | 525400ae-089b-870a-fab6-0000000072b5
>>>>>>>>> | TASK | Create identity public endpoint
>>>>>>>>> 2022-07-13 21:35:49.139298 | 525400ae-089b-870a-fab6-0000000072b5
>>>>>>>>> | OK | Create identity public endpoint | undercloud
>>>>>>>>> 2022-07-13 21:35:49.141158 | 525400ae-089b-870a-fab6-0000000072b5
>>>>>>>>> | TIMING | tripleo_keystone_resources : Create identity public endpoint
>>>>>>>>> | undercloud | 0:11:48.233349 | 2.19s
>>>>>>>>> 2022-07-13 21:35:49.157768 | 525400ae-089b-870a-fab6-0000000072b6
>>>>>>>>> | TASK | Create identity internal endpoint
>>>>>>>>> 2022-07-13 21:35:51.566826 | 525400ae-089b-870a-fab6-0000000072b6
>>>>>>>>> | FATAL | Create identity internal endpoint | undercloud |
>>>>>>>>> error={"changed": false, "extra_data": {"data": null, "details": "The
>>>>>>>>> request you have made requires authentication.", "response":
>>>>>>>>> "{\"error\":{\"code\":401,\"message\":\"The request you have made requires
>>>>>>>>> authentication.\",\"title\":\"Unauthorized\"}}\n"}, "msg": "Failed to list
>>>>>>>>> services: Client Error for url: https://[fd00:fd00:fd00:9900::81]:13000/v3/services,
>>>>>>>>> The request you have made requires authentication."}
>>>>>>>>> 2022-07-13 21:35:51.568473 | 525400ae-089b-870a-fab6-0000000072b6
>>>>>>>>> | TIMING | tripleo_keystone_resources : Create identity internal
>>>>>>>>> endpoint | undercloud | 0:11:50.660654 | 2.41s
>>>>>>>>>
>>>>>>>>> PLAY RECAP
>>>>>>>>> *********************************************************************
>>>>>>>>> localhost : ok=1 changed=0 unreachable=0
>>>>>>>>> failed=0 skipped=2 rescued=0 ignored=0
>>>>>>>>> overcloud-controller-0 : ok=437 changed=103 unreachable=0
>>>>>>>>> failed=0 skipped=214 rescued=0 ignored=0
>>>>>>>>> overcloud-controller-1 : ok=435 changed=101 unreachable=0
>>>>>>>>> failed=0 skipped=214 rescued=0 ignored=0
>>>>>>>>> overcloud-controller-2 : ok=432 changed=101 unreachable=0
>>>>>>>>> failed=0 skipped=214 rescued=0 ignored=0
>>>>>>>>> overcloud-novacompute-0 : ok=345 changed=82 unreachable=0
>>>>>>>>> failed=0 skipped=198 rescued=0 ignored=0
>>>>>>>>> undercloud : ok=39 changed=7 unreachable=0
>>>>>>>>> failed=1 skipped=6 rescued=0 ignored=0
>>>>>>>>>
>>>>>>>>> Also :
>>>>>>>>> (undercloud) [stack at undercloud oc-cert]$ cat server.csr.cnf
>>>>>>>>> [req]
>>>>>>>>> default_bits = 2048
>>>>>>>>> prompt = no
>>>>>>>>> default_md = sha256
>>>>>>>>> distinguished_name = dn
>>>>>>>>> [dn]
>>>>>>>>> C=IN
>>>>>>>>> ST=UTTAR PRADESH
>>>>>>>>> L=NOIDA
>>>>>>>>> O=HSC
>>>>>>>>> OU=HSC
>>>>>>>>> emailAddress=demo at demo.com
>>>>>>>>>
>>>>>>>>> v3.ext:
>>>>>>>>> (undercloud) [stack at undercloud oc-cert]$ cat v3.ext
>>>>>>>>> authorityKeyIdentifier=keyid,issuer
>>>>>>>>> basicConstraints=CA:FALSE
>>>>>>>>> keyUsage = digitalSignature, nonRepudiation, keyEncipherment,
>>>>>>>>> dataEncipherment
>>>>>>>>> subjectAltName = @alt_names
>>>>>>>>> [alt_names]
>>>>>>>>> IP.1=fd00:fd00:fd00:9900::81
>>>>>>>>>
>>>>>>>>> Using these files we create other certificates.
>>>>>>>>> Please check and let me know in case we need anything else.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On Wed, Jul 13, 2022 at 10:00 PM Vikarna Tathe <
>>>>>>>>> vikarnatathe at gmail.com> wrote:
>>>>>>>>>
>>>>>>>>>> Hi Lokendra,
>>>>>>>>>>
>>>>>>>>>> Are you able to access all the tabs in the OpenStack dashboard
>>>>>>>>>> without any error? If not, please retry generating the certificate. Also,
>>>>>>>>>> share the openssl.cnf or server.cnf.
>>>>>>>>>>
>>>>>>>>>> On Wed, 13 Jul 2022 at 18:18, Lokendra Rathour <
>>>>>>>>>> lokendrarathour at gmail.com> wrote:
>>>>>>>>>>
>>>>>>>>>>> Hi Team,
>>>>>>>>>>> Any input on this case raised.
>>>>>>>>>>>
>>>>>>>>>>> Thanks,
>>>>>>>>>>> Lokendra
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> On Tue, Jul 12, 2022 at 10:18 PM Lokendra Rathour <
>>>>>>>>>>> lokendrarathour at gmail.com> wrote:
>>>>>>>>>>>
>>>>>>>>>>>> Hi Shephard/Swogat,
>>>>>>>>>>>> I tried changing the setting as suggested and it looks like it
>>>>>>>>>>>> has failed at step 4 with error:
>>>>>>>>>>>>
>>>>>>>>>>>> :31:32.169420 | 525400ae-089b-fb79-67ac-0000000072ce |
>>>>>>>>>>>> TIMING | tripleo_keystone_resources : Create identity public endpoint |
>>>>>>>>>>>> undercloud | 0:24:47.736198 | 2.21s
>>>>>>>>>>>> 2022-07-12 21:31:32.185594 |
>>>>>>>>>>>> 525400ae-089b-fb79-67ac-0000000072cf | TASK | Create identity
>>>>>>>>>>>> internal endpoint
>>>>>>>>>>>> 2022-07-12 21:31:34.468996 |
>>>>>>>>>>>> 525400ae-089b-fb79-67ac-0000000072cf | FATAL | Create identity
>>>>>>>>>>>> internal endpoint | undercloud | error={"changed": false, "extra_data":
>>>>>>>>>>>> {"data": null, "details": "The request you have made requires
>>>>>>>>>>>> authentication.", "response": "{\"error\":{\"code\":401,\"message\":\"The
>>>>>>>>>>>> request you have made requires
>>>>>>>>>>>> authentication.\",\"title\":\"Unauthorized\"}}\n"}, "msg": "Failed to list
>>>>>>>>>>>> services: Client Error for url: https://[fd00:fd00:fd00:9900::81]:13000/v3/services,
>>>>>>>>>>>> The request you have made requires authentication."}
>>>>>>>>>>>> 2022-07-12 21:31:34.470415 | 525400ae-089b-fb79-67ac-000000
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> Checking further the endpoint list:
>>>>>>>>>>>> I see only one endpoint for keystone is gettin created.
>>>>>>>>>>>>
>>>>>>>>>>>> DeprecationWarning
>>>>>>>>>>>>
>>>>>>>>>>>> +----------------------------------+-----------+--------------+--------------+---------+-----------+-----------------------------------------+
>>>>>>>>>>>> | ID | Region | Service Name |
>>>>>>>>>>>> Service Type | Enabled | Interface | URL
>>>>>>>>>>>> |
>>>>>>>>>>>>
>>>>>>>>>>>> +----------------------------------+-----------+--------------+--------------+---------+-----------+-----------------------------------------+
>>>>>>>>>>>> | 4378dc0a4d8847ee87771699fc7b995e | regionOne | keystone |
>>>>>>>>>>>> identity | True | admin | http://30.30.30.173:35357
>>>>>>>>>>>> |
>>>>>>>>>>>> | 67c829e126944431a06ed0c2b97a295f | regionOne | keystone |
>>>>>>>>>>>> identity | True | internal | http://[fd00:fd00:fd00:2000::326]:5000
>>>>>>>>>>>> |
>>>>>>>>>>>> | 8a9a3de4993c4ff7903caf95b8ae40fa | regionOne | keystone |
>>>>>>>>>>>> identity | True | public | https://[fd00:fd00:fd00:9900::81]:13000
>>>>>>>>>>>> |
>>>>>>>>>>>>
>>>>>>>>>>>> +----------------------------------+-----------+--------------+--------------+---------+-----------+-----------------------------------------+
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> it looks like something related to the SSL, we have also
>>>>>>>>>>>> verified that the GUI login screen shows that Certificates are applied.
>>>>>>>>>>>> exploring more in logs, meanwhile any suggestions or know
>>>>>>>>>>>> observation would be of great help.
>>>>>>>>>>>> thanks again for the support.
>>>>>>>>>>>>
>>>>>>>>>>>> Best Regards,
>>>>>>>>>>>> Lokendra
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> On Sat, Jul 9, 2022 at 11:24 AM Swogat Pradhan <
>>>>>>>>>>>> swogatpradhan22 at gmail.com> wrote:
>>>>>>>>>>>>
>>>>>>>>>>>>> I had faced a similar kind of issue, for ip based setup you
>>>>>>>>>>>>> need to specify the domain name as the ip that you are going to use, this
>>>>>>>>>>>>> error is showing up because the ssl is ip based but the fqdns seems to be
>>>>>>>>>>>>> undercloud.com or overcloud.example.com.
>>>>>>>>>>>>> I think for undercloud you can change the undercloud.conf.
>>>>>>>>>>>>>
>>>>>>>>>>>>> And will it work if we specify clouddomain parameter to the IP
>>>>>>>>>>>>> address for overcloud? because it seems he has not specified the
>>>>>>>>>>>>> clouddomain parameter and overcloud.example.com is the
>>>>>>>>>>>>> default domain for overcloud.example.com.
>>>>>>>>>>>>>
>>>>>>>>>>>>> On Fri, 8 Jul 2022, 6:01 pm Swogat Pradhan, <
>>>>>>>>>>>>> swogatpradhan22 at gmail.com> wrote:
>>>>>>>>>>>>>
>>>>>>>>>>>>>> What is the domain name you have specified in the
>>>>>>>>>>>>>> undercloud.conf file?
>>>>>>>>>>>>>> And what is the fqdn name used for the generation of the SSL
>>>>>>>>>>>>>> cert?
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> On Fri, 8 Jul 2022, 5:38 pm Lokendra Rathour, <
>>>>>>>>>>>>>> lokendrarathour at gmail.com> wrote:
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Hi Team,
>>>>>>>>>>>>>>> We were trying to install overcloud with SSL enabled for
>>>>>>>>>>>>>>> which the UC is installed, but OC install is getting failed at step 4:
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> ERROR
>>>>>>>>>>>>>>> :nectionPool(host='fd00:fd00:fd00:9900::2ef', port=13000):
>>>>>>>>>>>>>>> Max retries exceeded with url: / (Caused by
>>>>>>>>>>>>>>> SSLError(CertificateError(\"hostname 'fd00:fd00:fd00:9900::2ef' doesn't
>>>>>>>>>>>>>>> match 'undercloud.com'\",),))\n", "module_stdout": "",
>>>>>>>>>>>>>>> "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 1}
>>>>>>>>>>>>>>> 2022-07-08 17:03:23.606739 |
>>>>>>>>>>>>>>> 5254009a-6a3c-adb1-f96f-0000000072ac | FATAL | Clean up legacy Cinder
>>>>>>>>>>>>>>> keystone catalog entries | undercloud | item={'service_name': 'cinderv3',
>>>>>>>>>>>>>>> 'service_type': 'volume'} | error={"ansible_index_var":
>>>>>>>>>>>>>>> "cinder_api_service", "ansible_loop_var": "item", "changed": false,
>>>>>>>>>>>>>>> "cinder_api_service": 1, "item": {"service_name": "cinderv3",
>>>>>>>>>>>>>>> "service_type": "volume"}, "module_stderr": "Failed to discover available
>>>>>>>>>>>>>>> identity versions when contacting https://[fd00:fd00:fd00:9900::2ef]:13000.
>>>>>>>>>>>>>>> Attempting to parse version from URL.\nTraceback (most recent call last):\n
>>>>>>>>>>>>>>> File \"/usr/lib/python3.6/site-packages/urllib3/connectionpool.py\", line
>>>>>>>>>>>>>>> 600, in urlopen\n chunked=chunked)\n File
>>>>>>>>>>>>>>> \"/usr/lib/python3.6/site-packages/urllib3/connectionpool.py\", line 343,
>>>>>>>>>>>>>>> in _make_request\n self._validate_conn(conn)\n File
>>>>>>>>>>>>>>> \"/usr/lib/python3.6/site-packages/urllib3/connectionpool.py\", line 839,
>>>>>>>>>>>>>>> in _validate_conn\n conn.connect()\n File
>>>>>>>>>>>>>>> \"/usr/lib/python3.6/site-packages/urllib3/connection.py\", line 378, in
>>>>>>>>>>>>>>> connect\n _match_hostname(cert, self.assert_hostname or
>>>>>>>>>>>>>>> server_hostname)\n File
>>>>>>>>>>>>>>> \"/usr/lib/python3.6/site-packages/urllib3/connection.py\", line 388, in
>>>>>>>>>>>>>>> _match_hostname\n match_hostname(cert, asserted_hostname)\n File
>>>>>>>>>>>>>>> \"/usr/lib64/python3.6/ssl.py\", line 291, in match_hostname\n %
>>>>>>>>>>>>>>> (hostname, dnsnames[0]))\nssl.CertificateError: hostname
>>>>>>>>>>>>>>> 'fd00:fd00:fd00:9900::2ef' doesn't match 'undercloud.com'\n\nDuring
>>>>>>>>>>>>>>> handling of the above exception, another exception occurred:\n\nTraceback
>>>>>>>>>>>>>>> (most recent call last):\n File
>>>>>>>>>>>>>>> \"/usr/lib/python3.6/site-packages/requests/adapters.py\", line 449, in
>>>>>>>>>>>>>>> send\n timeout=timeout\n File
>>>>>>>>>>>>>>> \"/usr/lib/python3.6/site-packages/urllib3/connectionpool.py\", line 638,
>>>>>>>>>>>>>>> in urlopen\n _stacktrace=sys.exc_info()[2])\n File
>>>>>>>>>>>>>>> \"/usr/lib/python3.6/site-packages/urllib3/util/retry.py\", line 399, in
>>>>>>>>>>>>>>> increment\n raise MaxRetryError(_pool, url, error or
>>>>>>>>>>>>>>> ResponseError(cause))\nurllib3.exceptions.MaxRetryError:
>>>>>>>>>>>>>>> HTTPSConnectionPool(host='fd00:fd00:fd00:9900::2ef', port=13000): Max
>>>>>>>>>>>>>>> retries exceeded with url: / (Caused by
>>>>>>>>>>>>>>> SSLError(CertificateError(\"hostname 'fd00:fd00:fd00:9900::2ef' doesn't
>>>>>>>>>>>>>>> match 'undercloud.com'\",),))\n\nDuring handling of the
>>>>>>>>>>>>>>> above exception, another exception occurred:\n\nTraceback (most recent call
>>>>>>>>>>>>>>> last):\n File
>>>>>>>>>>>>>>> \"/usr/lib/python3.6/site-packages/keystoneauth1/session.py\", line 1022,
>>>>>>>>>>>>>>> in _send_request\n resp = self.session.request(method, url, **kwargs)\n
>>>>>>>>>>>>>>> File \"/usr/lib/python3.6/site-packages/requests/sessions.py\", line 533,
>>>>>>>>>>>>>>> in request\n resp = self.send(prep, **send_kwargs)\n File
>>>>>>>>>>>>>>> \"/usr/lib/python3.6/site-packages/requests/sessions.py\", line 646, in
>>>>>>>>>>>>>>> send\n r = adapter.send(request, **kwargs)\n File
>>>>>>>>>>>>>>> \"/usr/lib/python3.6/site-packages/requests/adapters.py\", line 514, in
>>>>>>>>>>>>>>> send\n raise SSLError(e, request=request)\nrequests.exceptions.SSLError:
>>>>>>>>>>>>>>> HTTPSConnectionPool(host='fd00:fd00:fd00:9900::2ef', port=13000): Max
>>>>>>>>>>>>>>> retries exceeded with url: / (Caused by
>>>>>>>>>>>>>>> SSLError(CertificateError(\"hostname 'fd00:fd00:fd00:9900::2ef' doesn't
>>>>>>>>>>>>>>> match 'undercloud.com'\",),))\n\nDuring handling of the
>>>>>>>>>>>>>>> above exception, another exception occurred:\n\nTraceback (most recent call
>>>>>>>>>>>>>>> last):\n File
>>>>>>>>>>>>>>> \"/usr/lib/python3.6/site-packages/keystoneauth1/identity/generic/base.py\",
>>>>>>>>>>>>>>> line 138, in _do_create_plugin\n authenticated=False)\n File
>>>>>>>>>>>>>>> \"/usr/lib/python3.6/site-packages/keystoneauth1/identity/base.py\", line
>>>>>>>>>>>>>>> 610, in get_discovery\n authenticated=authenticated)\n File
>>>>>>>>>>>>>>> \"/usr/lib/python3.6/site-packages/keystoneauth1/discover.py\", line 1452,
>>>>>>>>>>>>>>> in get_discovery\n disc = Discover(session, url,
>>>>>>>>>>>>>>> authenticated=authenticated)\n File
>>>>>>>>>>>>>>> \"/usr/lib/python3.6/site-packages/keystoneauth1/discover.py\", line 536,
>>>>>>>>>>>>>>> in __init__\n authenticated=authenticated)\n File
>>>>>>>>>>>>>>> \"/usr/lib/python3.6/site-packages/keystoneauth1/discover.py\", line 102,
>>>>>>>>>>>>>>> in get_version_data\n resp = session.get(url, headers=headers,
>>>>>>>>>>>>>>> authenticated=authenticated)\n File
>>>>>>>>>>>>>>> \"/usr/lib/python3.6/site-packages/keystoneauth1/session.py\", line 1141,
>>>>>>>>>>>>>>> in get\n return self.request(url, 'GET', **kwargs)\n File
>>>>>>>>>>>>>>> \"/usr/lib/python3.6/site-packages/keystoneauth1/session.py\", line 931, in
>>>>>>>>>>>>>>> request\n resp = send(**kwargs)\n File
>>>>>>>>>>>>>>> \"/usr/lib/python3.6/site-packages/keystoneauth1/session.py\", line 1026,
>>>>>>>>>>>>>>> in _send_request\n raise
>>>>>>>>>>>>>>> exceptions.SSLError(msg)\nkeystoneauth1.exceptions.connection.SSLError: SSL
>>>>>>>>>>>>>>> exception connecting to https://[fd00:fd00:fd00:9900::2ef]:13000:
>>>>>>>>>>>>>>> HTTPSConnectionPool(host='fd00:fd00:fd00:9900::2ef', port=13000): Max
>>>>>>>>>>>>>>> retries exceeded with url: / (Caused by
>>>>>>>>>>>>>>> SSLError(CertificateError(\"hostname 'fd00:fd00:fd00:9900::2ef' doesn't
>>>>>>>>>>>>>>> match 'undercloud.com'\",),))\n\nDuring handling of the
>>>>>>>>>>>>>>> above exception, another exception occurred:\n\nTraceback (most recent call
>>>>>>>>>>>>>>> last):\n File \"<stdin>\", line 102, in <module>\n File \"<stdin>\", line
>>>>>>>>>>>>>>> 94, in _ansiballz_main\n File \"<stdin>\", line 40, in invoke_module\n
>>>>>>>>>>>>>>> File \"/usr/lib64/python3.6/runpy.py\", line 205, in run_module\n
>>>>>>>>>>>>>>> return _run_module_code(code, init_globals, run_name, mod_spec)\n File
>>>>>>>>>>>>>>> \"/usr/lib64/python3.6/runpy.py\", line 96, in _run_module_code\n
>>>>>>>>>>>>>>> mod_name, mod_spec, pkg_name, script_name)\n File
>>>>>>>>>>>>>>> \"/usr/lib64/python3.6/runpy.py\", line 85, in _run_code\n exec(code,
>>>>>>>>>>>>>>> run_globals)\n File
>>>>>>>>>>>>>>> \"/tmp/ansible_openstack.cloud.catalog_service_payload_7ikyjf7t/ansible_openstack.cloud.catalog_service_payload.zip/ansible_collections/openstack/cloud/plugins/modules/catalog_service.py\",
>>>>>>>>>>>>>>> line 185, in <module>\n File
>>>>>>>>>>>>>>> \"/tmp/ansible_openstack.cloud.catalog_service_payload_7ikyjf7t/ansible_openstack.cloud.catalog_service_payload.zip/ansible_collections/openstack/cloud/plugins/modules/catalog_service.py\",
>>>>>>>>>>>>>>> line 181, in main\n File
>>>>>>>>>>>>>>> \"/tmp/ansible_openstack.cloud.catalog_service_payload_7ikyjf7t/ansible_openstack.cloud.catalog_service_payload.zip/ansible_collections/openstack/cloud/plugins/module_utils/openstack.py\",
>>>>>>>>>>>>>>> line 407, in __call__\n File
>>>>>>>>>>>>>>> \"/tmp/ansible_openstack.cloud.catalog_service_payload_7ikyjf7t/ansible_openstack.cloud.catalog_service_payload.zip/ansible_collections/openstack/cloud/plugins/modules/catalog_service.py\",
>>>>>>>>>>>>>>> line 141, in run\n File
>>>>>>>>>>>>>>> \"/usr/lib/python3.6/site-packages/openstack/cloud/_identity.py\", line
>>>>>>>>>>>>>>> 517, in search_services\n services = self.list_services()\n File
>>>>>>>>>>>>>>> \"/usr/lib/python3.6/site-packages/openstack/cloud/_identity.py\", line
>>>>>>>>>>>>>>> 492, in list_services\n if self._is_client_version('identity', 2):\n
>>>>>>>>>>>>>>> File
>>>>>>>>>>>>>>> \"/usr/lib/python3.6/site-packages/openstack/cloud/openstackcloud.py\",
>>>>>>>>>>>>>>> line 460, in _is_client_version\n client = getattr(self, client_name)\n
>>>>>>>>>>>>>>> File \"/usr/lib/python3.6/site-packages/openstack/cloud/_identity.py\",
>>>>>>>>>>>>>>> line 32, in _identity_client\n 'identity', min_version=2,
>>>>>>>>>>>>>>> max_version='3.latest')\n File
>>>>>>>>>>>>>>> \"/usr/lib/python3.6/site-packages/openstack/cloud/openstackcloud.py\",
>>>>>>>>>>>>>>> line 407, in _get_versioned_client\n if adapter.get_endpoint():\n File
>>>>>>>>>>>>>>> \"/usr/lib/python3.6/site-packages/keystoneauth1/adapter.py\", line 291, in
>>>>>>>>>>>>>>> get_endpoint\n return self.session.get_endpoint(auth or self.auth,
>>>>>>>>>>>>>>> **kwargs)\n File
>>>>>>>>>>>>>>> \"/usr/lib/python3.6/site-packages/keystoneauth1/session.py\", line 1243,
>>>>>>>>>>>>>>> in get_endpoint\n return auth.get_endpoint(self, **kwargs)\n File
>>>>>>>>>>>>>>> \"/usr/lib/python3.6/site-packages/keystoneauth1/identity/base.py\", line
>>>>>>>>>>>>>>> 380, in get_endpoint\n allow_version_hack=allow_version_hack,
>>>>>>>>>>>>>>> **kwargs)\n File
>>>>>>>>>>>>>>> \"/usr/lib/python3.6/site-packages/keystoneauth1/identity/base.py\", line
>>>>>>>>>>>>>>> 271, in get_endpoint_data\n service_catalog =
>>>>>>>>>>>>>>> self.get_access(session).service_catalog\n File
>>>>>>>>>>>>>>> \"/usr/lib/python3.6/site-packages/keystoneauth1/identity/base.py\", line
>>>>>>>>>>>>>>> 134, in get_access\n self.auth_ref = self.get_auth_ref(session)\n File
>>>>>>>>>>>>>>> \"/usr/lib/python3.6/site-packages/keystoneauth1/identity/generic/base.py\",
>>>>>>>>>>>>>>> line 206, in get_auth_ref\n self._plugin =
>>>>>>>>>>>>>>> self._do_create_plugin(session)\n File
>>>>>>>>>>>>>>> \"/usr/lib/python3.6/site-packages/keystoneauth1/identity/generic/base.py\",
>>>>>>>>>>>>>>> line 161, in _do_create_plugin\n 'auth_url is correct.
>>>>>>>>>>>>>>> %s' % e)\nkeystoneauth1.exceptions.discovery.DiscoveryFailure: Could not
>>>>>>>>>>>>>>> find versioned identity endpoints when attempting to authenticate. Please
>>>>>>>>>>>>>>> check that your auth_url is correct. SSL exception connecting to https://[fd00:fd00:fd00:9900::2ef]:13000:
>>>>>>>>>>>>>>> HTTPSConnectionPool(host='fd00:fd00:fd00:9900::2ef', port=13000): Max
>>>>>>>>>>>>>>> retries exceeded with url: / (Caused by
>>>>>>>>>>>>>>> SSLError(CertificateError(\"hostname 'fd00:fd00:fd00:9900::2ef' doesn't
>>>>>>>>>>>>>>> match 'overcloud.example.com'\",),))\n", "module_stdout":
>>>>>>>>>>>>>>> "", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 1}
>>>>>>>>>>>>>>> 2022-07-08 17:03:23.609354 |
>>>>>>>>>>>>>>> 5254009a-6a3c-adb1-f96f-0000000072ac | TIMING | Clean up legacy Cinder
>>>>>>>>>>>>>>> keystone catalog entries | undercloud | 0:11:01.271914 | 2.47s
>>>>>>>>>>>>>>> 2022-07-08 17:03:23.611094 |
>>>>>>>>>>>>>>> 5254009a-6a3c-adb1-f96f-0000000072ac | TIMING | Clean up legacy Cinder
>>>>>>>>>>>>>>> keystone catalog entries | undercloud | 0:11:01.273659 | 2.47s
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> PLAY RECAP
>>>>>>>>>>>>>>> *********************************************************************
>>>>>>>>>>>>>>> localhost : ok=0 changed=0
>>>>>>>>>>>>>>> unreachable=0 failed=0 skipped=2 rescued=0 ignored=0
>>>>>>>>>>>>>>> overcloud-controller-0 : ok=437 changed=104
>>>>>>>>>>>>>>> unreachable=0 failed=0 skipped=214 rescued=0 ignored=0
>>>>>>>>>>>>>>> overcloud-controller-1 : ok=436 changed=101
>>>>>>>>>>>>>>> unreachable=0 failed=0 skipped=214 rescued=0 ignored=0
>>>>>>>>>>>>>>> overcloud-controller-2 : ok=431 changed=101
>>>>>>>>>>>>>>> unreachable=0 failed=0 skipped=214 rescued=0 ignored=0
>>>>>>>>>>>>>>> overcloud-novacompute-0 : ok=345 changed=83
>>>>>>>>>>>>>>> unreachable=0 failed=0 skipped=198 rescued=0 ignored=0
>>>>>>>>>>>>>>> undercloud : ok=28 changed=7
>>>>>>>>>>>>>>> unreachable=0 failed=1 skipped=3 rescued=0 ignored=0
>>>>>>>>>>>>>>> 2022-07-08 17:03:23.647270 |
>>>>>>>>>>>>>>> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Summary Information
>>>>>>>>>>>>>>> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>>>>>>>>>>>>>>> 2022-07-08 17:03:23.647907 |
>>>>>>>>>>>>>>> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Total Tasks: 1373
>>>>>>>>>>>>>>> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> in the deploy.sh:
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> openstack overcloud deploy --templates \
>>>>>>>>>>>>>>> -r /home/stack/templates/roles_data.yaml \
>>>>>>>>>>>>>>> --networks-file
>>>>>>>>>>>>>>> /home/stack/templates/custom_network_data.yaml \
>>>>>>>>>>>>>>> --vip-file /home/stack/templates/custom_vip_data.yaml \
>>>>>>>>>>>>>>> --baremetal-deployment
>>>>>>>>>>>>>>> /home/stack/templates/overcloud-baremetal-deploy.yaml \
>>>>>>>>>>>>>>> --network-config \
>>>>>>>>>>>>>>> -e /home/stack/templates/environment.yaml \
>>>>>>>>>>>>>>> -e
>>>>>>>>>>>>>>> /usr/share/openstack-tripleo-heat-templates/environments/services/ironic-conductor.yaml
>>>>>>>>>>>>>>> \
>>>>>>>>>>>>>>> -e
>>>>>>>>>>>>>>> /usr/share/openstack-tripleo-heat-templates/environments/services/ironic-inspector.yaml
>>>>>>>>>>>>>>> \
>>>>>>>>>>>>>>> -e
>>>>>>>>>>>>>>> /usr/share/openstack-tripleo-heat-templates/environments/services/ironic-overcloud.yaml
>>>>>>>>>>>>>>> \
>>>>>>>>>>>>>>> -e /home/stack/templates/ironic-config.yaml \
>>>>>>>>>>>>>>> -e
>>>>>>>>>>>>>>> /usr/share/openstack-tripleo-heat-templates/environments/external-ceph.yaml
>>>>>>>>>>>>>>> \
>>>>>>>>>>>>>>> -e
>>>>>>>>>>>>>>> /usr/share/openstack-tripleo-heat-templates/environments/services/ptp.yaml \
>>>>>>>>>>>>>>> -e
>>>>>>>>>>>>>>> /usr/share/openstack-tripleo-heat-templates/environments/ssl/enable-tls.yaml
>>>>>>>>>>>>>>> \
>>>>>>>>>>>>>>> -e
>>>>>>>>>>>>>>> /usr/share/openstack-tripleo-heat-templates/environments/ssl/tls-endpoints-public-ip.yaml
>>>>>>>>>>>>>>> \
>>>>>>>>>>>>>>> -e
>>>>>>>>>>>>>>> /usr/share/openstack-tripleo-heat-templates/environments/ssl/inject-trust-anchor.yaml
>>>>>>>>>>>>>>> \
>>>>>>>>>>>>>>> -e
>>>>>>>>>>>>>>> /usr/share/openstack-tripleo-heat-templates/environments/docker-ha.yaml \
>>>>>>>>>>>>>>> -e
>>>>>>>>>>>>>>> /usr/share/openstack-tripleo-heat-templates/environments/podman.yaml \
>>>>>>>>>>>>>>> -e /home/stack/containers-prepare-parameter.yaml
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Addition lines as highlighted in yellow were passed with
>>>>>>>>>>>>>>> modifications:
>>>>>>>>>>>>>>> tls-endpoints-public-ip.yaml:
>>>>>>>>>>>>>>> Passed as is in the defaults.
>>>>>>>>>>>>>>> enable-tls.yaml:
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> #
>>>>>>>>>>>>>>> *******************************************************************
>>>>>>>>>>>>>>> # This file was created automatically by the sample
>>>>>>>>>>>>>>> environment
>>>>>>>>>>>>>>> # generator. Developers should use `tox -e genconfig` to
>>>>>>>>>>>>>>> update it.
>>>>>>>>>>>>>>> # Users are recommended to make changes to a copy of the
>>>>>>>>>>>>>>> file instead
>>>>>>>>>>>>>>> # of the original, if any customizations are needed.
>>>>>>>>>>>>>>> #
>>>>>>>>>>>>>>> *******************************************************************
>>>>>>>>>>>>>>> # title: Enable SSL on OpenStack Public Endpoints
>>>>>>>>>>>>>>> # description: |
>>>>>>>>>>>>>>> # Use this environment to pass in certificates for SSL
>>>>>>>>>>>>>>> deployments.
>>>>>>>>>>>>>>> # For these values to take effect, one of the
>>>>>>>>>>>>>>> tls-endpoints-*.yaml
>>>>>>>>>>>>>>> # environments must also be used.
>>>>>>>>>>>>>>> parameter_defaults:
>>>>>>>>>>>>>>> # Set CSRF_COOKIE_SECURE / SESSION_COOKIE_SECURE in Horizon
>>>>>>>>>>>>>>> # Type: boolean
>>>>>>>>>>>>>>> HorizonSecureCookies: True
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> # Specifies the default CA cert to use if TLS is used for
>>>>>>>>>>>>>>> services in the public network.
>>>>>>>>>>>>>>> # Type: string
>>>>>>>>>>>>>>> PublicTLSCAFile:
>>>>>>>>>>>>>>> '/etc/pki/ca-trust/source/anchors/overcloud-cacert.pem'
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> # The content of the SSL certificate (without Key) in PEM
>>>>>>>>>>>>>>> format.
>>>>>>>>>>>>>>> # Type: string
>>>>>>>>>>>>>>> SSLRootCertificate: |
>>>>>>>>>>>>>>> -----BEGIN CERTIFICATE-----
>>>>>>>>>>>>>>> ----*** CERTICATELINES TRIMMED **
>>>>>>>>>>>>>>> -----END CERTIFICATE-----
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> SSLCertificate: |
>>>>>>>>>>>>>>> -----BEGIN CERTIFICATE-----
>>>>>>>>>>>>>>> ----*** CERTICATELINES TRIMMED **
>>>>>>>>>>>>>>> -----END CERTIFICATE-----
>>>>>>>>>>>>>>> # The content of an SSL intermediate CA certificate in PEM
>>>>>>>>>>>>>>> format.
>>>>>>>>>>>>>>> # Type: string
>>>>>>>>>>>>>>> SSLIntermediateCertificate: ''
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> # The content of the SSL Key in PEM format.
>>>>>>>>>>>>>>> # Type: string
>>>>>>>>>>>>>>> SSLKey: |
>>>>>>>>>>>>>>> -----BEGIN PRIVATE KEY-----
>>>>>>>>>>>>>>> ----*** CERTICATELINES TRIMMED **
>>>>>>>>>>>>>>> -----END PRIVATE KEY-----
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> # ******************************************************
>>>>>>>>>>>>>>> # Static parameters - these are values that must be
>>>>>>>>>>>>>>> # included in the environment but should not be changed.
>>>>>>>>>>>>>>> # ******************************************************
>>>>>>>>>>>>>>> # The filepath of the certificate as it will be stored in
>>>>>>>>>>>>>>> the controller.
>>>>>>>>>>>>>>> # Type: string
>>>>>>>>>>>>>>> DeployedSSLCertificatePath:
>>>>>>>>>>>>>>> /etc/pki/tls/private/overcloud_endpoint.pem
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> # *********************
>>>>>>>>>>>>>>> # End static parameters
>>>>>>>>>>>>>>> # *********************
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> inject-trust-anchor.yaml
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> #
>>>>>>>>>>>>>>> *******************************************************************
>>>>>>>>>>>>>>> # This file was created automatically by the sample
>>>>>>>>>>>>>>> environment
>>>>>>>>>>>>>>> # generator. Developers should use `tox -e genconfig` to
>>>>>>>>>>>>>>> update it.
>>>>>>>>>>>>>>> # Users are recommended to make changes to a copy of the
>>>>>>>>>>>>>>> file instead
>>>>>>>>>>>>>>> # of the original, if any customizations are needed.
>>>>>>>>>>>>>>> #
>>>>>>>>>>>>>>> *******************************************************************
>>>>>>>>>>>>>>> # title: Inject SSL Trust Anchor on Overcloud Nodes
>>>>>>>>>>>>>>> # description: |
>>>>>>>>>>>>>>> # When using an SSL certificate signed by a CA that is not
>>>>>>>>>>>>>>> in the default
>>>>>>>>>>>>>>> # list of CAs, this environment allows adding a custom CA
>>>>>>>>>>>>>>> certificate to
>>>>>>>>>>>>>>> # the overcloud nodes.
>>>>>>>>>>>>>>> parameter_defaults:
>>>>>>>>>>>>>>> # The content of a CA's SSL certificate file in PEM
>>>>>>>>>>>>>>> format. This is evaluated on the client side.
>>>>>>>>>>>>>>> # Mandatory. This parameter must be set by the user.
>>>>>>>>>>>>>>> # Type: string
>>>>>>>>>>>>>>> SSLRootCertificate: |
>>>>>>>>>>>>>>> -----BEGIN CERTIFICATE-----
>>>>>>>>>>>>>>> ----*** CERTICATELINES TRIMMED **
>>>>>>>>>>>>>>> -----END CERTIFICATE-----
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> resource_registry:
>>>>>>>>>>>>>>> OS::TripleO::NodeTLSCAData:
>>>>>>>>>>>>>>> ../../puppet/extraconfig/tls/ca-inject.yaml
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> The procedure to create such files was followed using:
>>>>>>>>>>>>>>> Deploying with SSL — TripleO 3.0.0 documentation
>>>>>>>>>>>>>>> (openstack.org)
>>>>>>>>>>>>>>> <https://docs.openstack.org/project-deploy-guide/tripleo-docs/latest/features/ssl.html>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Idea is to deploy overcloud with SSL enabled i.e* Self-signed
>>>>>>>>>>>>>>> IP-based certificate, without DNS. *
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Any idea around this error would be of great help.
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> --
>>>>>>>>>>>>>>> skype: lokendrarathour
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> --
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>> ~ Lokendra
>>>>>>>>> skype: lokendrarathour
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>
>>>>>> --
>>>>>> ~ Lokendra
>>>>>> skype: lokendrarathour
>>>>>>
>>>>>>
>>>>>>
>>>>
>>>> --
>>>> ~ Lokendra
>>>> skype: lokendrarathour
>>>>
>>>>
>>>>
>>>
>>> --
>>> ~ Lokendra
>>> skype: lokendrarathour
>>>
>>>
>>>
>
> --
> ~ Lokendra
> skype: lokendrarathour
>
>
>
--
~ Lokendra
skype: lokendrarathour
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.openstack.org/pipermail/openstack-discuss/attachments/20220727/d54c3b64/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 81010 bytes
Desc: not available
URL: <https://lists.openstack.org/pipermail/openstack-discuss/attachments/20220727/d54c3b64/attachment-0001.png>
More information about the openstack-discuss
mailing list
