[tc] [ptl] [qa] [infra] [nova] [cinder] [designate] [trove] [zaqar] [freezer] [networking-midonet] Migrating legacy jobs to Bionic (Ubuntu LTS 18.04)

melanie witt melwittt at gmail.com
Wed Mar 13 19:28:23 UTC 2019

On Wed, 13 Mar 2019 13:32:01 -0500, Matt Riedemann <mriedemos at gmail.com> 
> On 3/13/2019 12:21 AM, Ghanshyam Mann wrote:
>> nova  - testing with tls-proxy disable -https://review.openstack.org/#/c/639017/
> This is being worked around for two separate issues:
> 1. ceph setup in the nova-live-migration and nova-grenade-live-migration
> job isn't working with bionic: https://review.openstack.org/#/c/643122/
> 2. tls-proxy is being disabled in the nova-next job as a workaround:
> https://review.openstack.org/#/c/643129/
> I'm not sure what's going on with #1 since it's using the
> devstack-plugin-ceph repo functions to install ceph but it's not very
> easy to tell what's going wrong from the logs, we probably need a debug
> patch which turns on xtrace.

 From what it says in the commit message on the skip patch, the plugin 
wants to install Ceph Hammer (fairly old version) and that version is 
not available on bionic. I'll look into whether we can move up to a 
newer version (or something) to fix this issue.

> As for the tls-proxy one, it looks like Mel is investigating it a bit
> and could probably also use some of Stephen's help.

Yeah, I'm digging into it. I first tried an attempt to use 2048 bit 
certs instead of 1024 bit, based on this bugzilla I found:

https://bugzilla.redhat.com/show_bug.cgi?id=1651882#c6 - "The 
certificates which are generated by the script are too weak for openssl 
default's configuration, and thus they get rejected."

but that didn't work. Next, I'm going to see if it's a permission issue 
with the ownership of the certs directory. I remember when I originally 
tweaked Dan Berrange's patch to run console proxies with TLS in CI, I 
had to change the user:group from qemu:qemu to libvirt-qemu:libvirt-qemu 
[1] before it worked. So, I'm wondering if there's possibly new change 
in the qemu user, or something like that. I'll keep investigating.



More information about the openstack-discuss mailing list