tripleo

TLS everywhere failing with (RPC failed at server. change collided with another change)

Bug #1818513 reported by Juan Antonio Osorio Robles on 2019-03-04

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	tripleo	Fix Released	High	Juan Antonio Osorio Robles	tripleo stein-rc1

Bug Description

this presents itself with the following error from certmonger:

"Error: /Stage[main]/Tripleo::Profile::Base::Certmonger_user/Tripleo::Certmonger::Haproxy[haproxy-internal_api]/Certmonger_certificate[haproxy-internal_api-cert]: Could not evaluate: Could not get certificate: Server at https://ipa.ooo.test/ipa/xml failed request, will retry: 4201 (RPC failed at server. change collided with another change).",

e.g. http://logs.rdoproject.org/98/604298/257/openstack-check/tripleo-ci-centos-7-ovb-3ctlr_1comp_1supp-featureset039/3e0dcec/logs/undercloud/home/zuul/overcloud_deploy.log.txt.gz

Here are the logs for the FreeIPA host: http://logs.rdoproject.org/98/604298/257/openstack-check/tripleo-ci-centos-7-ovb-3ctlr_1comp_1supp-featureset039/3e0dcec/logs/supplemental/var/log/

See original description

Tags:

Juan Antonio Osorio Robles (juan-osorio-robles) on 2019-03-04

Changed in tripleo:
importance:	Undecided → High
status:	New → Triaged
description:	updated
Changed in tripleo:
milestone:	none → stein-3

OpenStack Infra (hudson-openstack) on 2019-03-04

Changed in tripleo:
assignee:	nobody → Juan Antonio Osorio Robles (juan-osorio-robles)
status:	Triaged → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-03-05: Related fix proposed to puppet-tripleo (master)

Related fix proposed to branch: master
Review: https://review.openstack.org/640948

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-03-12: Related fix merged to puppet-tripleo (master)

Reviewed: https://review.openstack.org/640948
Committed: https://git.openstack.org/cgit/openstack/puppet-tripleo/commit/?id=a3693d85946cffc055ee9eb1dc0a4273d47d9260
Submitter: Zuul
Branch: master

commit a3693d85946cffc055ee9eb1dc0a4273d47d9260
Author: Juan Antonio Osorio Robles <email address hidden>
Date: Tue Mar 5 10:15:29 2019 +0200

certmonger: Add dnsnames parameter to redis cert request

This adds the ability to add several SANs to the certificate as needed.

Change-Id: I245516257da280b91779313ffb18f84c8a4e3635
Related-Bug: #1818513

Alex Schultz (alex-schultz) on 2019-03-14

Changed in tripleo:
milestone:	stein-3 → stein-rc1

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-03-14: Fix merged to tripleo-heat-templates (master)

Reviewed: https://review.openstack.org/640813
Committed: https://git.openstack.org/cgit/openstack/tripleo-heat-templates/commit/?id=b53f6bacded25859674f60f52a6b5bd8ee1829d1
Submitter: Zuul
Branch: master

commit b53f6bacded25859674f60f52a6b5bd8ee1829d1
Author: Juan Antonio Osorio Robles <email address hidden>
Date: Mon Mar 4 18:52:08 2019 +0200

Request certificate for using host service principals

This removes the usage of the VIP service principals for requesting the
certificate, and uses the host instead.

    Closes-Bug: #1818513
    Depends-On: I245516257da280b91779313ffb18f84c8a4e3635
    Change-Id: Ie2c3eb8e863184ffd943dd5b4a003790032542a4

Changed in tripleo:
status:	In Progress → Fix Released

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-04-18: Fix included in openstack/tripleo-heat-templates 10.5.0

This issue was fixed in the openstack/tripleo-heat-templates 10.5.0 release.

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-05-13: Related fix proposed to puppet-tripleo (stable/rocky)

Related fix proposed to branch: stable/rocky
Review: https://review.opendev.org/658816

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-05-13: Fix proposed to tripleo-heat-templates (stable/rocky)

Fix proposed to branch: stable/rocky
Review: https://review.opendev.org/658865

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-05-13: Related fix proposed to puppet-tripleo (stable/queens)

Related fix proposed to branch: stable/queens
Review: https://review.opendev.org/658869

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-05-13: Fix proposed to tripleo-heat-templates (stable/queens)

Fix proposed to branch: stable/queens
Review: https://review.opendev.org/658870

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-05-16: Related fix merged to puppet-tripleo (stable/rocky)

Reviewed: https://review.opendev.org/658816
Committed: https://git.openstack.org/cgit/openstack/puppet-tripleo/commit/?id=624840b8c0a8998840f81659ed37ae4cb41fedb4
Submitter: Zuul
Branch: stable/rocky

commit 624840b8c0a8998840f81659ed37ae4cb41fedb4
Author: Juan Antonio Osorio Robles <email address hidden>
Date: Tue Mar 5 10:15:29 2019 +0200

certmonger: Add dnsnames parameter to redis cert request

This adds the ability to add several SANs to the certificate as needed.

    Change-Id: I245516257da280b91779313ffb18f84c8a4e3635
    Related-Bug: #1818513
    (cherry picked from commit a3693d85946cffc055ee9eb1dc0a4273d47d9260)

tags:	added: in-stable-rocky
tags:	added: in-stable-queens

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-05-16: Related fix merged to puppet-tripleo (stable/queens)

#10

Reviewed: https://review.opendev.org/658869
Committed: https://git.openstack.org/cgit/openstack/puppet-tripleo/commit/?id=a77247044f3084f1595f220677c892e9f8d06676
Submitter: Zuul
Branch: stable/queens

commit a77247044f3084f1595f220677c892e9f8d06676
Author: Juan Antonio Osorio Robles <email address hidden>
Date: Tue Mar 5 10:15:29 2019 +0200

certmonger: Add dnsnames parameter to redis cert request

This adds the ability to add several SANs to the certificate as needed.

    Change-Id: I245516257da280b91779313ffb18f84c8a4e3635
    Related-Bug: #1818513
    (cherry picked from commit a3693d85946cffc055ee9eb1dc0a4273d47d9260)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-06-11: Fix merged to tripleo-heat-templates (stable/rocky)

#11

Reviewed: https://review.opendev.org/658865
Committed: https://git.openstack.org/cgit/openstack/tripleo-heat-templates/commit/?id=8bf53825dee1f21e50a5c88a453f4277c16d09a6
Submitter: Zuul
Branch: stable/rocky

commit 8bf53825dee1f21e50a5c88a453f4277c16d09a6
Author: Juan Antonio Osorio Robles <email address hidden>
Date: Mon Mar 4 18:52:08 2019 +0200

Request certificate for using host service principals

This removes the usage of the VIP service principals for requesting the
certificate, and uses the host instead.

    Closes-Bug: #1818513
    Depends-On: I245516257da280b91779313ffb18f84c8a4e3635
    Change-Id: Ie2c3eb8e863184ffd943dd5b4a003790032542a4
    (cherry picked from commit b53f6bacded25859674f60f52a6b5bd8ee1829d1)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-06-11: Fix merged to tripleo-heat-templates (stable/queens)

#12

Reviewed: https://review.opendev.org/658870
Committed: https://git.openstack.org/cgit/openstack/tripleo-heat-templates/commit/?id=6cfa2976a8a8488a5c709a6de15f0550a9cd46f7
Submitter: Zuul
Branch: stable/queens

commit 6cfa2976a8a8488a5c709a6de15f0550a9cd46f7
Author: Juan Antonio Osorio Robles <email address hidden>
Date: Mon Mar 4 18:52:08 2019 +0200

Request certificate for using host service principals

This removes the usage of the VIP service principals for requesting the
certificate, and uses the host instead.

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-06-21: Fix included in openstack/tripleo-heat-templates 9.4.0

#13

This issue was fixed in the openstack/tripleo-heat-templates 9.4.0 release.

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-06-21: Fix included in openstack/tripleo-heat-templates 8.4.0

#14

This issue was fixed in the openstack/tripleo-heat-templates 8.4.0 release.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.