Hi Lokendra, The CN field is missing. Can you add that and generate the certificate again. CN=ipaddress Also add dns.1=ipaddress under alt_names for precaution. Vikarna On Wed, 13 Jul, 2022, 23:02 Lokendra Rathour, <lokendrarathour@gmail.com> wrote:
HI Vikarna, Thanks for the inputs. I am note able to access any tabs in GUI. [image: image.png]
to re-state, we are failing at the time of deployment at step4 :
PLAY [External deployment step 4] ********************************************** 2022-07-13 21:35:22.505148 | 525400ae-089b-870a-fab6-0000000000d7 | TASK | External deployment step 4 2022-07-13 21:35:22.534899 | 525400ae-089b-870a-fab6-0000000000d7 | OK | External deployment step 4 | undercloud -> localhost | result={ "changed": false, "msg": "Use --start-at-task 'External deployment step 4' to resume from this task" } [WARNING]: ('undercloud -> localhost', '525400ae-089b-870a-fab6-0000000000d7') missing from stats 2022-07-13 21:35:22.591268 | 525400ae-089b-870a-fab6-0000000000d8 | TIMING | include_tasks | undercloud | 0:11:21.683453 | 0.04s 2022-07-13 21:35:22.605901 | f29c4b58-75a5-4993-97b8-3921a49d79d7 | INCLUDED | /home/stack/overcloud-deploy/overcloud/config-download/overcloud/external_deploy_steps_tasks_step4.yaml | undercloud 2022-07-13 21:35:22.627112 | 525400ae-089b-870a-fab6-000000007239 | TASK | Clean up legacy Cinder keystone catalog entries 2022-07-13 21:35:25.110635 | 525400ae-089b-870a-fab6-000000007239 | OK | Clean up legacy Cinder keystone catalog entries | undercloud | item={'service_name': 'cinderv2', 'service_type': 'volumev2'} 2022-07-13 21:35:25.112368 | 525400ae-089b-870a-fab6-000000007239 | TIMING | Clean up legacy Cinder keystone catalog entries | undercloud | 0:11:24.204562 | 2.48s 2022-07-13 21:35:27.029270 | 525400ae-089b-870a-fab6-000000007239 | OK | Clean up legacy Cinder keystone catalog entries | undercloud | item={'service_name': 'cinderv3', 'service_type': 'volume'} 2022-07-13 21:35:27.030383 | 525400ae-089b-870a-fab6-000000007239 | TIMING | Clean up legacy Cinder keystone catalog entries | undercloud | 0:11:26.122584 | 4.40s 2022-07-13 21:35:27.032091 | 525400ae-089b-870a-fab6-000000007239 | TIMING | Clean up legacy Cinder keystone catalog entries | undercloud | 0:11:26.124296 | 4.40s 2022-07-13 21:35:27.047913 | 525400ae-089b-870a-fab6-00000000723c | TASK | Manage Keystone resources for OpenStack services 2022-07-13 21:35:27.077672 | 525400ae-089b-870a-fab6-00000000723c | TIMING | Manage Keystone resources for OpenStack services | undercloud | 0:11:26.169842 | 0.03s 2022-07-13 21:35:27.120270 | 525400ae-089b-870a-fab6-00000000726b | TASK | Gather variables for each operating system 2022-07-13 21:35:27.161225 | 525400ae-089b-870a-fab6-00000000726b | TIMING | tripleo_keystone_resources : Gather variables for each operating system | undercloud | 0:11:26.253383 | 0.04s 2022-07-13 21:35:27.177798 | 525400ae-089b-870a-fab6-00000000726c | TASK | Create Keystone Admin resources 2022-07-13 21:35:27.207430 | 525400ae-089b-870a-fab6-00000000726c | TIMING | tripleo_keystone_resources : Create Keystone Admin resources | undercloud | 0:11:26.299608 | 0.03s 2022-07-13 21:35:27.230985 | 46e05e2d-2e9c-467b-ac4f-c5f0bc7286b3 | INCLUDED | /usr/share/ansible/roles/tripleo_keystone_resources/tasks/admin.yml | undercloud 2022-07-13 21:35:27.256076 | 525400ae-089b-870a-fab6-0000000072ad | TASK | Create default domain 2022-07-13 21:35:29.343399 | 525400ae-089b-870a-fab6-0000000072ad | OK | Create default domain | undercloud 2022-07-13 21:35:29.345172 | 525400ae-089b-870a-fab6-0000000072ad | TIMING | tripleo_keystone_resources : Create default domain | undercloud | 0:11:28.437360 | 2.09s 2022-07-13 21:35:29.361643 | 525400ae-089b-870a-fab6-0000000072ae | TASK | Create admin and service projects 2022-07-13 21:35:29.391295 | 525400ae-089b-870a-fab6-0000000072ae | TIMING | tripleo_keystone_resources : Create admin and service projects | undercloud | 0:11:28.483468 | 0.03s 2022-07-13 21:35:29.402539 | af7a4a76-4998-4679-ac6f-58acc0867554 | INCLUDED | /usr/share/ansible/roles/tripleo_keystone_resources/tasks/projects.yml | undercloud 2022-07-13 21:35:29.428918 | 525400ae-089b-870a-fab6-000000007304 | TASK | Async creation of Keystone project 2022-07-13 21:35:30.144295 | 525400ae-089b-870a-fab6-000000007304 | CHANGED | Async creation of Keystone project | undercloud | item=admin 2022-07-13 21:35:30.145884 | 525400ae-089b-870a-fab6-000000007304 | TIMING | tripleo_keystone_resources : Async creation of Keystone project | undercloud | 0:11:29.238078 | 0.72s 2022-07-13 21:35:30.493458 | 525400ae-089b-870a-fab6-000000007304 | CHANGED | Async creation of Keystone project | undercloud | item=service 2022-07-13 21:35:30.494386 | 525400ae-089b-870a-fab6-000000007304 | TIMING | tripleo_keystone_resources : Async creation of Keystone project | undercloud | 0:11:29.586587 | 1.06s 2022-07-13 21:35:30.495729 | 525400ae-089b-870a-fab6-000000007304 | TIMING | tripleo_keystone_resources : Async creation of Keystone project | undercloud | 0:11:29.587916 | 1.07s 2022-07-13 21:35:30.511748 | 525400ae-089b-870a-fab6-000000007306 | TASK | Check Keystone project status 2022-07-13 21:35:30.908189 | 525400ae-089b-870a-fab6-000000007306 | WAITING | Check Keystone project status | undercloud | 30 retries left 2022-07-13 21:35:36.166541 | 525400ae-089b-870a-fab6-000000007306 | OK | Check Keystone project status | undercloud | item=admin 2022-07-13 21:35:36.168506 | 525400ae-089b-870a-fab6-000000007306 | TIMING | tripleo_keystone_resources : Check Keystone project status | undercloud | 0:11:35.260666 | 5.66s 2022-07-13 21:35:36.400914 | 525400ae-089b-870a-fab6-000000007306 | OK | Check Keystone project status | undercloud | item=service 2022-07-13 21:35:36.402534 | 525400ae-089b-870a-fab6-000000007306 | TIMING | tripleo_keystone_resources : Check Keystone project status | undercloud | 0:11:35.494729 | 5.89s 2022-07-13 21:35:36.406576 | 525400ae-089b-870a-fab6-000000007306 | TIMING | tripleo_keystone_resources : Check Keystone project status | undercloud | 0:11:35.498771 | 5.89s 2022-07-13 21:35:36.427719 | 525400ae-089b-870a-fab6-0000000072af | TASK | Create admin role 2022-07-13 21:35:38.632266 | 525400ae-089b-870a-fab6-0000000072af | OK | Create admin role | undercloud 2022-07-13 21:35:38.633754 | 525400ae-089b-870a-fab6-0000000072af | TIMING | tripleo_keystone_resources : Create admin role | undercloud | 0:11:37.725949 | 2.20s 2022-07-13 21:35:38.649721 | 525400ae-089b-870a-fab6-0000000072b0 | TASK | Create _member_ role 2022-07-13 21:35:38.689773 | 525400ae-089b-870a-fab6-0000000072b0 | SKIPPED | Create _member_ role | undercloud 2022-07-13 21:35:38.691172 | 525400ae-089b-870a-fab6-0000000072b0 | TIMING | tripleo_keystone_resources : Create _member_ role | undercloud | 0:11:37.783369 | 0.04s 2022-07-13 21:35:38.706920 | 525400ae-089b-870a-fab6-0000000072b1 | TASK | Create admin user 2022-07-13 21:35:42.051623 | 525400ae-089b-870a-fab6-0000000072b1 | CHANGED | Create admin user | undercloud 2022-07-13 21:35:42.053285 | 525400ae-089b-870a-fab6-0000000072b1 | TIMING | tripleo_keystone_resources : Create admin user | undercloud | 0:11:41.145472 | 3.34s 2022-07-13 21:35:42.069370 | 525400ae-089b-870a-fab6-0000000072b2 | TASK | Assign admin role to admin project for admin user 2022-07-13 21:35:45.194891 | 525400ae-089b-870a-fab6-0000000072b2 | OK | Assign admin role to admin project for admin user | undercloud 2022-07-13 21:35:45.196669 | 525400ae-089b-870a-fab6-0000000072b2 | TIMING | tripleo_keystone_resources : Assign admin role to admin project for admin user | undercloud | 0:11:44.288848 | 3.13s 2022-07-13 21:35:45.212674 | 525400ae-089b-870a-fab6-0000000072b3 | TASK | Assign _member_ role to admin project for admin user 2022-07-13 21:35:45.252884 | 525400ae-089b-870a-fab6-0000000072b3 | SKIPPED | Assign _member_ role to admin project for admin user | undercloud 2022-07-13 21:35:45.254283 | 525400ae-089b-870a-fab6-0000000072b3 | TIMING | tripleo_keystone_resources : Assign _member_ role to admin project for admin user | undercloud | 0:11:44.346479 | 0.04s 2022-07-13 21:35:45.270310 | 525400ae-089b-870a-fab6-0000000072b4 | TASK | Create identity service 2022-07-13 21:35:46.928715 | 525400ae-089b-870a-fab6-0000000072b4 | OK | Create identity service | undercloud 2022-07-13 21:35:46.930167 | 525400ae-089b-870a-fab6-0000000072b4 | TIMING | tripleo_keystone_resources : Create identity service | undercloud | 0:11:46.022362 | 1.66s 2022-07-13 21:35:46.946797 | 525400ae-089b-870a-fab6-0000000072b5 | TASK | Create identity public endpoint 2022-07-13 21:35:49.139298 | 525400ae-089b-870a-fab6-0000000072b5 | OK | Create identity public endpoint | undercloud 2022-07-13 21:35:49.141158 | 525400ae-089b-870a-fab6-0000000072b5 | TIMING | tripleo_keystone_resources : Create identity public endpoint | undercloud | 0:11:48.233349 | 2.19s 2022-07-13 21:35:49.157768 | 525400ae-089b-870a-fab6-0000000072b6 | TASK | Create identity internal endpoint 2022-07-13 21:35:51.566826 | 525400ae-089b-870a-fab6-0000000072b6 | FATAL | Create identity internal endpoint | undercloud | error={"changed": false, "extra_data": {"data": null, "details": "The request you have made requires authentication.", "response": "{\"error\":{\"code\":401,\"message\":\"The request you have made requires authentication.\",\"title\":\"Unauthorized\"}}\n"}, "msg": "Failed to list services: Client Error for url: https://[fd00:fd00:fd00:9900::81]:13000/v3/services, The request you have made requires authentication."} 2022-07-13 21:35:51.568473 | 525400ae-089b-870a-fab6-0000000072b6 | TIMING | tripleo_keystone_resources : Create identity internal endpoint | undercloud | 0:11:50.660654 | 2.41s
PLAY RECAP ********************************************************************* localhost : ok=1 changed=0 unreachable=0 failed=0 skipped=2 rescued=0 ignored=0 overcloud-controller-0 : ok=437 changed=103 unreachable=0 failed=0 skipped=214 rescued=0 ignored=0 overcloud-controller-1 : ok=435 changed=101 unreachable=0 failed=0 skipped=214 rescued=0 ignored=0 overcloud-controller-2 : ok=432 changed=101 unreachable=0 failed=0 skipped=214 rescued=0 ignored=0 overcloud-novacompute-0 : ok=345 changed=82 unreachable=0 failed=0 skipped=198 rescued=0 ignored=0 undercloud : ok=39 changed=7 unreachable=0 failed=1 skipped=6 rescued=0 ignored=0
Also : (undercloud) [stack@undercloud oc-cert]$ cat server.csr.cnf [req] default_bits = 2048 prompt = no default_md = sha256 distinguished_name = dn [dn] C=IN ST=UTTAR PRADESH L=NOIDA O=HSC OU=HSC emailAddress=demo@demo.com
v3.ext: (undercloud) [stack@undercloud oc-cert]$ cat v3.ext authorityKeyIdentifier=keyid,issuer basicConstraints=CA:FALSE keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment subjectAltName = @alt_names [alt_names] IP.1=fd00:fd00:fd00:9900::81
Using these files we create other certificates. Please check and let me know in case we need anything else.
On Wed, Jul 13, 2022 at 10:00 PM Vikarna Tathe <vikarnatathe@gmail.com> wrote:
Hi Lokendra,
Are you able to access all the tabs in the OpenStack dashboard without any error? If not, please retry generating the certificate. Also, share the openssl.cnf or server.cnf.
On Wed, 13 Jul 2022 at 18:18, Lokendra Rathour <lokendrarathour@gmail.com> wrote:
Hi Team, Any input on this case raised.
Thanks, Lokendra
On Tue, Jul 12, 2022 at 10:18 PM Lokendra Rathour < lokendrarathour@gmail.com> wrote:
Hi Shephard/Swogat, I tried changing the setting as suggested and it looks like it has failed at step 4 with error:
:31:32.169420 | 525400ae-089b-fb79-67ac-0000000072ce | TIMING | tripleo_keystone_resources : Create identity public endpoint | undercloud | 0:24:47.736198 | 2.21s 2022-07-12 21:31:32.185594 | 525400ae-089b-fb79-67ac-0000000072cf | TASK | Create identity internal endpoint 2022-07-12 21:31:34.468996 | 525400ae-089b-fb79-67ac-0000000072cf | FATAL | Create identity internal endpoint | undercloud | error={"changed": false, "extra_data": {"data": null, "details": "The request you have made requires authentication.", "response": "{\"error\":{\"code\":401,\"message\":\"The request you have made requires authentication.\",\"title\":\"Unauthorized\"}}\n"}, "msg": "Failed to list services: Client Error for url: https://[fd00:fd00:fd00:9900::81]:13000/v3/services, The request you have made requires authentication."} 2022-07-12 21:31:34.470415 | 525400ae-089b-fb79-67ac-000000
Checking further the endpoint list: I see only one endpoint for keystone is gettin created.
DeprecationWarning
+----------------------------------+-----------+--------------+--------------+---------+-----------+-----------------------------------------+ | ID | Region | Service Name | Service Type | Enabled | Interface | URL |
+----------------------------------+-----------+--------------+--------------+---------+-----------+-----------------------------------------+ | 4378dc0a4d8847ee87771699fc7b995e | regionOne | keystone | identity | True | admin | http://30.30.30.173:35357 | | 67c829e126944431a06ed0c2b97a295f | regionOne | keystone | identity | True | internal | http://[fd00:fd00:fd00:2000::326]:5000 | | 8a9a3de4993c4ff7903caf95b8ae40fa | regionOne | keystone | identity | True | public | https://[fd00:fd00:fd00:9900::81]:13000 |
+----------------------------------+-----------+--------------+--------------+---------+-----------+-----------------------------------------+
it looks like something related to the SSL, we have also verified that the GUI login screen shows that Certificates are applied. exploring more in logs, meanwhile any suggestions or know observation would be of great help. thanks again for the support.
Best Regards, Lokendra
On Sat, Jul 9, 2022 at 11:24 AM Swogat Pradhan < swogatpradhan22@gmail.com> wrote:
I had faced a similar kind of issue, for ip based setup you need to specify the domain name as the ip that you are going to use, this error is showing up because the ssl is ip based but the fqdns seems to be undercloud.com or overcloud.example.com. I think for undercloud you can change the undercloud.conf.
And will it work if we specify clouddomain parameter to the IP address for overcloud? because it seems he has not specified the clouddomain parameter and overcloud.example.com is the default domain for overcloud.example.com.
On Fri, 8 Jul 2022, 6:01 pm Swogat Pradhan, <swogatpradhan22@gmail.com> wrote:
What is the domain name you have specified in the undercloud.conf file? And what is the fqdn name used for the generation of the SSL cert?
On Fri, 8 Jul 2022, 5:38 pm Lokendra Rathour, < lokendrarathour@gmail.com> wrote:
> Hi Team, > We were trying to install overcloud with SSL enabled for which the > UC is installed, but OC install is getting failed at step 4: > > ERROR > :nectionPool(host='fd00:fd00:fd00:9900::2ef', port=13000): Max > retries exceeded with url: / (Caused by > SSLError(CertificateError(\"hostname 'fd00:fd00:fd00:9900::2ef' doesn't > match 'undercloud.com'\",),))\n", "module_stdout": "", "msg": > "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 1} > 2022-07-08 17:03:23.606739 | 5254009a-6a3c-adb1-f96f-0000000072ac | > FATAL | Clean up legacy Cinder keystone catalog entries | undercloud | > item={'service_name': 'cinderv3', 'service_type': 'volume'} | > error={"ansible_index_var": "cinder_api_service", "ansible_loop_var": > "item", "changed": false, "cinder_api_service": 1, "item": {"service_name": > "cinderv3", "service_type": "volume"}, "module_stderr": "Failed to discover > available identity versions when contacting https://[fd00:fd00:fd00:9900::2ef]:13000. > Attempting to parse version from URL.\nTraceback (most recent call last):\n > File \"/usr/lib/python3.6/site-packages/urllib3/connectionpool.py\", line > 600, in urlopen\n chunked=chunked)\n File > \"/usr/lib/python3.6/site-packages/urllib3/connectionpool.py\", line 343, > in _make_request\n self._validate_conn(conn)\n File > \"/usr/lib/python3.6/site-packages/urllib3/connectionpool.py\", line 839, > in _validate_conn\n conn.connect()\n File > \"/usr/lib/python3.6/site-packages/urllib3/connection.py\", line 378, in > connect\n _match_hostname(cert, self.assert_hostname or > server_hostname)\n File > \"/usr/lib/python3.6/site-packages/urllib3/connection.py\", line 388, in > _match_hostname\n match_hostname(cert, asserted_hostname)\n File > \"/usr/lib64/python3.6/ssl.py\", line 291, in match_hostname\n % > (hostname, dnsnames[0]))\nssl.CertificateError: hostname > 'fd00:fd00:fd00:9900::2ef' doesn't match 'undercloud.com'\n\nDuring > handling of the above exception, another exception occurred:\n\nTraceback > (most recent call last):\n File > \"/usr/lib/python3.6/site-packages/requests/adapters.py\", line 449, in > send\n timeout=timeout\n File > \"/usr/lib/python3.6/site-packages/urllib3/connectionpool.py\", line 638, > in urlopen\n _stacktrace=sys.exc_info()[2])\n File > \"/usr/lib/python3.6/site-packages/urllib3/util/retry.py\", line 399, in > increment\n raise MaxRetryError(_pool, url, error or > ResponseError(cause))\nurllib3.exceptions.MaxRetryError: > HTTPSConnectionPool(host='fd00:fd00:fd00:9900::2ef', port=13000): Max > retries exceeded with url: / (Caused by > SSLError(CertificateError(\"hostname 'fd00:fd00:fd00:9900::2ef' doesn't > match 'undercloud.com'\",),))\n\nDuring handling of the above > exception, another exception occurred:\n\nTraceback (most recent call > last):\n File > \"/usr/lib/python3.6/site-packages/keystoneauth1/session.py\", line 1022, > in _send_request\n resp = self.session.request(method, url, **kwargs)\n > File \"/usr/lib/python3.6/site-packages/requests/sessions.py\", line 533, > in request\n resp = self.send(prep, **send_kwargs)\n File > \"/usr/lib/python3.6/site-packages/requests/sessions.py\", line 646, in > send\n r = adapter.send(request, **kwargs)\n File > \"/usr/lib/python3.6/site-packages/requests/adapters.py\", line 514, in > send\n raise SSLError(e, request=request)\nrequests.exceptions.SSLError: > HTTPSConnectionPool(host='fd00:fd00:fd00:9900::2ef', port=13000): Max > retries exceeded with url: / (Caused by > SSLError(CertificateError(\"hostname 'fd00:fd00:fd00:9900::2ef' doesn't > match 'undercloud.com'\",),))\n\nDuring handling of the above > exception, another exception occurred:\n\nTraceback (most recent call > last):\n File > \"/usr/lib/python3.6/site-packages/keystoneauth1/identity/generic/base.py\", > line 138, in _do_create_plugin\n authenticated=False)\n File > \"/usr/lib/python3.6/site-packages/keystoneauth1/identity/base.py\", line > 610, in get_discovery\n authenticated=authenticated)\n File > \"/usr/lib/python3.6/site-packages/keystoneauth1/discover.py\", line 1452, > in get_discovery\n disc = Discover(session, url, > authenticated=authenticated)\n File > \"/usr/lib/python3.6/site-packages/keystoneauth1/discover.py\", line 536, > in __init__\n authenticated=authenticated)\n File > \"/usr/lib/python3.6/site-packages/keystoneauth1/discover.py\", line 102, > in get_version_data\n resp = session.get(url, headers=headers, > authenticated=authenticated)\n File > \"/usr/lib/python3.6/site-packages/keystoneauth1/session.py\", line 1141, > in get\n return self.request(url, 'GET', **kwargs)\n File > \"/usr/lib/python3.6/site-packages/keystoneauth1/session.py\", line 931, in > request\n resp = send(**kwargs)\n File > \"/usr/lib/python3.6/site-packages/keystoneauth1/session.py\", line 1026, > in _send_request\n raise > exceptions.SSLError(msg)\nkeystoneauth1.exceptions.connection.SSLError: SSL > exception connecting to https://[fd00:fd00:fd00:9900::2ef]:13000: > HTTPSConnectionPool(host='fd00:fd00:fd00:9900::2ef', port=13000): Max > retries exceeded with url: / (Caused by > SSLError(CertificateError(\"hostname 'fd00:fd00:fd00:9900::2ef' doesn't > match 'undercloud.com'\",),))\n\nDuring handling of the above > exception, another exception occurred:\n\nTraceback (most recent call > last):\n File \"<stdin>\", line 102, in <module>\n File \"<stdin>\", line > 94, in _ansiballz_main\n File \"<stdin>\", line 40, in invoke_module\n > File \"/usr/lib64/python3.6/runpy.py\", line 205, in run_module\n > return _run_module_code(code, init_globals, run_name, mod_spec)\n File > \"/usr/lib64/python3.6/runpy.py\", line 96, in _run_module_code\n > mod_name, mod_spec, pkg_name, script_name)\n File > \"/usr/lib64/python3.6/runpy.py\", line 85, in _run_code\n exec(code, > run_globals)\n File > \"/tmp/ansible_openstack.cloud.catalog_service_payload_7ikyjf7t/ansible_openstack.cloud.catalog_service_payload.zip/ansible_collections/openstack/cloud/plugins/modules/catalog_service.py\", > line 185, in <module>\n File > \"/tmp/ansible_openstack.cloud.catalog_service_payload_7ikyjf7t/ansible_openstack.cloud.catalog_service_payload.zip/ansible_collections/openstack/cloud/plugins/modules/catalog_service.py\", > line 181, in main\n File > \"/tmp/ansible_openstack.cloud.catalog_service_payload_7ikyjf7t/ansible_openstack.cloud.catalog_service_payload.zip/ansible_collections/openstack/cloud/plugins/module_utils/openstack.py\", > line 407, in __call__\n File > \"/tmp/ansible_openstack.cloud.catalog_service_payload_7ikyjf7t/ansible_openstack.cloud.catalog_service_payload.zip/ansible_collections/openstack/cloud/plugins/modules/catalog_service.py\", > line 141, in run\n File > \"/usr/lib/python3.6/site-packages/openstack/cloud/_identity.py\", line > 517, in search_services\n services = self.list_services()\n File > \"/usr/lib/python3.6/site-packages/openstack/cloud/_identity.py\", line > 492, in list_services\n if self._is_client_version('identity', 2):\n > File > \"/usr/lib/python3.6/site-packages/openstack/cloud/openstackcloud.py\", > line 460, in _is_client_version\n client = getattr(self, client_name)\n > File \"/usr/lib/python3.6/site-packages/openstack/cloud/_identity.py\", > line 32, in _identity_client\n 'identity', min_version=2, > max_version='3.latest')\n File > \"/usr/lib/python3.6/site-packages/openstack/cloud/openstackcloud.py\", > line 407, in _get_versioned_client\n if adapter.get_endpoint():\n File > \"/usr/lib/python3.6/site-packages/keystoneauth1/adapter.py\", line 291, in > get_endpoint\n return self.session.get_endpoint(auth or self.auth, > **kwargs)\n File > \"/usr/lib/python3.6/site-packages/keystoneauth1/session.py\", line 1243, > in get_endpoint\n return auth.get_endpoint(self, **kwargs)\n File > \"/usr/lib/python3.6/site-packages/keystoneauth1/identity/base.py\", line > 380, in get_endpoint\n allow_version_hack=allow_version_hack, > **kwargs)\n File > \"/usr/lib/python3.6/site-packages/keystoneauth1/identity/base.py\", line > 271, in get_endpoint_data\n service_catalog = > self.get_access(session).service_catalog\n File > \"/usr/lib/python3.6/site-packages/keystoneauth1/identity/base.py\", line > 134, in get_access\n self.auth_ref = self.get_auth_ref(session)\n File > \"/usr/lib/python3.6/site-packages/keystoneauth1/identity/generic/base.py\", > line 206, in get_auth_ref\n self._plugin = > self._do_create_plugin(session)\n File > \"/usr/lib/python3.6/site-packages/keystoneauth1/identity/generic/base.py\", > line 161, in _do_create_plugin\n 'auth_url is correct. %s' % > e)\nkeystoneauth1.exceptions.discovery.DiscoveryFailure: Could not find > versioned identity endpoints when attempting to authenticate. Please check > that your auth_url is correct. SSL exception connecting to https://[fd00:fd00:fd00:9900::2ef]:13000: > HTTPSConnectionPool(host='fd00:fd00:fd00:9900::2ef', port=13000): Max > retries exceeded with url: / (Caused by > SSLError(CertificateError(\"hostname 'fd00:fd00:fd00:9900::2ef' doesn't > match 'overcloud.example.com'\",),))\n", "module_stdout": "", > "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 1} > 2022-07-08 17:03:23.609354 | 5254009a-6a3c-adb1-f96f-0000000072ac | > TIMING | Clean up legacy Cinder keystone catalog entries | undercloud | > 0:11:01.271914 | 2.47s > 2022-07-08 17:03:23.611094 | 5254009a-6a3c-adb1-f96f-0000000072ac | > TIMING | Clean up legacy Cinder keystone catalog entries | undercloud | > 0:11:01.273659 | 2.47s > > PLAY RECAP > ********************************************************************* > localhost : ok=0 changed=0 unreachable=0 > failed=0 skipped=2 rescued=0 ignored=0 > overcloud-controller-0 : ok=437 changed=104 unreachable=0 > failed=0 skipped=214 rescued=0 ignored=0 > overcloud-controller-1 : ok=436 changed=101 unreachable=0 > failed=0 skipped=214 rescued=0 ignored=0 > overcloud-controller-2 : ok=431 changed=101 unreachable=0 > failed=0 skipped=214 rescued=0 ignored=0 > overcloud-novacompute-0 : ok=345 changed=83 unreachable=0 > failed=0 skipped=198 rescued=0 ignored=0 > undercloud : ok=28 changed=7 unreachable=0 > failed=1 skipped=3 rescued=0 ignored=0 > 2022-07-08 17:03:23.647270 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > Summary Information ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > 2022-07-08 17:03:23.647907 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Total > Tasks: 1373 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > > in the deploy.sh: > > openstack overcloud deploy --templates \ > -r /home/stack/templates/roles_data.yaml \ > --networks-file /home/stack/templates/custom_network_data.yaml \ > --vip-file /home/stack/templates/custom_vip_data.yaml \ > --baremetal-deployment > /home/stack/templates/overcloud-baremetal-deploy.yaml \ > --network-config \ > -e /home/stack/templates/environment.yaml \ > -e > /usr/share/openstack-tripleo-heat-templates/environments/services/ironic-conductor.yaml > \ > -e > /usr/share/openstack-tripleo-heat-templates/environments/services/ironic-inspector.yaml > \ > -e > /usr/share/openstack-tripleo-heat-templates/environments/services/ironic-overcloud.yaml > \ > -e /home/stack/templates/ironic-config.yaml \ > -e > /usr/share/openstack-tripleo-heat-templates/environments/external-ceph.yaml > \ > -e > /usr/share/openstack-tripleo-heat-templates/environments/services/ptp.yaml \ > -e > /usr/share/openstack-tripleo-heat-templates/environments/ssl/enable-tls.yaml > \ > -e > /usr/share/openstack-tripleo-heat-templates/environments/ssl/tls-endpoints-public-ip.yaml > \ > -e > /usr/share/openstack-tripleo-heat-templates/environments/ssl/inject-trust-anchor.yaml > \ > -e > /usr/share/openstack-tripleo-heat-templates/environments/docker-ha.yaml \ > -e > /usr/share/openstack-tripleo-heat-templates/environments/podman.yaml \ > -e /home/stack/containers-prepare-parameter.yaml > > Addition lines as highlighted in yellow were passed with > modifications: > tls-endpoints-public-ip.yaml: > Passed as is in the defaults. > enable-tls.yaml: > > # ******************************************************************* > # This file was created automatically by the sample environment > # generator. Developers should use `tox -e genconfig` to update it. > # Users are recommended to make changes to a copy of the file instead > # of the original, if any customizations are needed. > # ******************************************************************* > # title: Enable SSL on OpenStack Public Endpoints > # description: | > # Use this environment to pass in certificates for SSL deployments. > # For these values to take effect, one of the tls-endpoints-*.yaml > # environments must also be used. > parameter_defaults: > # Set CSRF_COOKIE_SECURE / SESSION_COOKIE_SECURE in Horizon > # Type: boolean > HorizonSecureCookies: True > > # Specifies the default CA cert to use if TLS is used for services > in the public network. > # Type: string > PublicTLSCAFile: > '/etc/pki/ca-trust/source/anchors/overcloud-cacert.pem' > > # The content of the SSL certificate (without Key) in PEM format. > # Type: string > SSLRootCertificate: | > -----BEGIN CERTIFICATE----- > ----*** CERTICATELINES TRIMMED ** > -----END CERTIFICATE----- > > SSLCertificate: | > -----BEGIN CERTIFICATE----- > ----*** CERTICATELINES TRIMMED ** > -----END CERTIFICATE----- > # The content of an SSL intermediate CA certificate in PEM format. > # Type: string > SSLIntermediateCertificate: '' > > # The content of the SSL Key in PEM format. > # Type: string > SSLKey: | > -----BEGIN PRIVATE KEY----- > ----*** CERTICATELINES TRIMMED ** > -----END PRIVATE KEY----- > > # ****************************************************** > # Static parameters - these are values that must be > # included in the environment but should not be changed. > # ****************************************************** > # The filepath of the certificate as it will be stored in the > controller. > # Type: string > DeployedSSLCertificatePath: > /etc/pki/tls/private/overcloud_endpoint.pem > > # ********************* > # End static parameters > # ********************* > > inject-trust-anchor.yaml > > # ******************************************************************* > # This file was created automatically by the sample environment > # generator. Developers should use `tox -e genconfig` to update it. > # Users are recommended to make changes to a copy of the file instead > # of the original, if any customizations are needed. > # ******************************************************************* > # title: Inject SSL Trust Anchor on Overcloud Nodes > # description: | > # When using an SSL certificate signed by a CA that is not in the > default > # list of CAs, this environment allows adding a custom CA > certificate to > # the overcloud nodes. > parameter_defaults: > # The content of a CA's SSL certificate file in PEM format. This > is evaluated on the client side. > # Mandatory. This parameter must be set by the user. > # Type: string > SSLRootCertificate: | > -----BEGIN CERTIFICATE----- > ----*** CERTICATELINES TRIMMED ** > -----END CERTIFICATE----- > > resource_registry: > OS::TripleO::NodeTLSCAData: > ../../puppet/extraconfig/tls/ca-inject.yaml > > > > > The procedure to create such files was followed using: > Deploying with SSL — TripleO 3.0.0 documentation (openstack.org) > <https://docs.openstack.org/project-deploy-guide/tripleo-docs/latest/features/ssl.html> > > Idea is to deploy overcloud with SSL enabled i.e* Self-signed > IP-based certificate, without DNS. * > > Any idea around this error would be of great help. > > -- > skype: lokendrarathour > > >
--
-- ~ Lokendra skype: lokendrarathour
