tripleo

  1. Bug #1700943
  2. Comment #0

Comment 0 for bug 1700943

Revision history for this message
Szilvia Racz (sziike) wrote :

Undercloud certificate generation caused loop when undercloud install was running at the first time.

Settings:
undercloud_hostname = tripleo-vm.cloud.local
undercloud_public_host = tripleo.cloud.local
generate_service_certificate = true
certificate_generation_ca = IPA
service_principal = <email address hidden>

Log:
Jun 27 22:06:07 tripleo-vm certmonger: Certificate in file "/etc/pki/tls/certs/undercloud-front.crt" issued by CA and saved.
Jun 27 22:06:08 tripleo-vm certmonger: Certificate in file "/etc/pki/tls/certs/undercloud-front.crt" issued by CA and saved.
Jun 27 22:06:08 tripleo-vm certmonger: Certificate in file "/etc/pki/tls/certs/undercloud-front.crt" issued by CA and saved.
Jun 27 22:06:09 tripleo-vm certmonger: Certificate in file "/etc/pki/tls/certs/undercloud-front.crt" issued by CA and saved.
Jun 27 22:06:09 tripleo-vm systemd: Unit haproxy.service cannot be reloaded because it is inactive.
Jun 27 22:06:12 tripleo-vm certmonger: Certificate in file "/etc/pki/tls/certs/undercloud-front.crt" issued by CA and saved.
Jun 27 22:06:12 tripleo-vm certmonger: Certificate in file "/etc/pki/tls/certs/undercloud-front.crt" issued by CA and saved.
Jun 27 22:06:12 tripleo-vm systemd: Unit haproxy.service cannot be reloaded because it is inactive.
Jun 27 22:06:12 tripleo-vm systemd: Unit haproxy.service cannot be reloaded because it is inactive.
Jun 27 22:06:13 tripleo-vm certmonger: Certificate in file "/etc/pki/tls/certs/undercloud-front.crt" issued by CA and saved.
Jun 27 22:06:13 tripleo-vm systemd: Unit haproxy.service cannot be reloaded because it is inactive.
Jun 27 22:06:14 tripleo-vm certmonger: Certificate in file "/etc/pki/tls/certs/undercloud-front.crt" issued by CA and saved.
Jun 27 22:06:14 tripleo-vm systemd: Unit haproxy.service cannot be reloaded because it is inactive.
Jun 27 22:06:15 tripleo-vm certmonger: Certificate in file "/etc/pki/tls/certs/undercloud-front.crt" issued by CA and saved.
Jun 27 22:06:15 tripleo-vm systemd: Unit haproxy.service cannot be reloaded because it is inactive.
Jun 27 22:06:15 tripleo-vm certmonger: Certificate in file "/etc/pki/tls/certs/undercloud-front.crt" issued by CA and saved.
Jun 27 22:06:16 tripleo-vm certmonger: Certificate in file "/etc/pki/tls/certs/undercloud-front.crt" issued by CA and saved.
Jun 27 22:06:16 tripleo-vm systemd: Unit haproxy.service cannot be reloaded because it is inactive.
Jun 27 22:06:16 tripleo-vm certmonger: Certificate in file "/etc/pki/tls/certs/undercloud-front.crt" issued by CA and saved.
Jun 27 22:06:17 tripleo-vm certmonger: Certificate in file "/etc/pki/tls/certs/undercloud-front.crt" issued by CA and saved.
Jun 27 22:06:18 tripleo-vm certmonger: Certificate in file "/etc/pki/tls/certs/undercloud-front.crt" issued by CA and saved.
Jun 27 22:06:18 tripleo-vm systemd: Unit haproxy.service cannot be reloaded because it is inactive.
Jun 27 22:06:18 tripleo-vm certmonger: Certificate in file "/etc/pki/tls/certs/undercloud-front.crt" issued by CA and saved.
Jun 27 22:06:21 tripleo-vm certmonger: Certificate in file "/etc/pki/tls/certs/undercloud-front.crt" issued by CA and saved.
Jun 27 22:06:22 tripleo-vm certmonger: Certificate in file "/etc/pki/tls/certs/undercloud-front.crt" issued by CA and saved.

As a workaround tracking was manually stopped.
Re-running undercloud install did not produced the same issue. Cert status was MONITORING as expected.

This may be related to https://bugs.launchpad.net/tripleo/+bug/1668775 update.