tripleo

Can't edit /etc/openldap/ldap.conf

Bug #1923048 reported by Grzegorz Grasza
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
tripleo
In Progress
Undecided
Grzegorz Grasza

Bug Description

Description
===========
For configuring high availability for LDAP in keystone one needs to edit /etc/openldap/ldap.conf [1], however, since the control plane was containerised, the file was not mounted into the container and so the configuration not applied.

Steps to reproduce
==================
Edit /etc/openldap/ldap.conf on the system

Expected result
===============
The configuration is not applied

Actual result
=============
The configuration should be applied inside the keystone container.

Environment
===========
train

[1]
https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/8/html/integrate_with_identity_service/sec-active-directory#AD-HA
2. Set the network timeout in /etc/openldap/ldap.conf:
NETWORK_TIMEOUT 2

Revision history for this message
Grzegorz Grasza (xek) wrote :

https://review.opendev.org/c/openstack/tripleo-heat-templates/+/785404

Changed in tripleo:
assignee: nobody → Grzegorz Grasza (xek)
status: New → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to tripleo-heat-templates (stable/victoria)

Fix proposed to branch: stable/victoria
Review: https://review.opendev.org/c/openstack/tripleo-heat-templates/+/786795

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to tripleo-heat-templates (stable/ussuri)

Fix proposed to branch: stable/ussuri
Review: https://review.opendev.org/c/openstack/tripleo-heat-templates/+/786896

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to tripleo-heat-templates (stable/train)

Fix proposed to branch: stable/train
Review: https://review.opendev.org/c/openstack/tripleo-heat-templates/+/786897

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to tripleo-heat-templates (stable/victoria)

Reviewed: https://review.opendev.org/c/openstack/tripleo-heat-templates/+/786795
Committed: https://opendev.org/openstack/tripleo-heat-templates/commit/ce9ae866699456ab3c69be6e34c419e537630d49
Submitter: "Zuul (22348)"
Branch: stable/victoria

commit ce9ae866699456ab3c69be6e34c419e537630d49
Author: Grzegorz Grasza <email address hidden>
Date: Thu Apr 8 14:34:57 2021 +0200

    Mount /etc/openldap inside the keystone container

    For configuring high availability for LDAP in keystone one
    needs to edit /etc/openldap/ldap.conf. This worked
    before control plane was containerised. Mounting the
    openldap configuration into the keystone container
    restores the previous behavior.

    Change-Id: Id0d73a8ab0ddf7bf9e2b76ea14ffc9acff3a0ad3
    Closes-Bug: #1923048
    Resolves: rhbz#1944466
    (cherry picked from commit 313e4484e2a219eec7affb5e1e5e61d41687c6fd)

tags: added: in-stable-victoria
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to tripleo-heat-templates (stable/train)

Reviewed: https://review.opendev.org/c/openstack/tripleo-heat-templates/+/786897
Committed: https://opendev.org/openstack/tripleo-heat-templates/commit/70f6c7804595a0d09e382b0da911792b967a7d34
Submitter: "Zuul (22348)"
Branch: stable/train

commit 70f6c7804595a0d09e382b0da911792b967a7d34
Author: Grzegorz Grasza <email address hidden>
Date: Thu Apr 8 14:34:57 2021 +0200

    Mount /etc/openldap inside the keystone container

    For configuring high availability for LDAP in keystone one
    needs to edit /etc/openldap/ldap.conf. This worked
    before control plane was containerised. Mounting the
    openldap configuration into the keystone container
    restores the previous behavior.

    Change-Id: Id0d73a8ab0ddf7bf9e2b76ea14ffc9acff3a0ad3
    Closes-Bug: #1923048
    Resolves: rhbz#1944466
    (cherry picked from commit 313e4484e2a219eec7affb5e1e5e61d41687c6fd)

tags: added: in-stable-train
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/tripleo-heat-templates 14.1.0

This issue was fixed in the openstack/tripleo-heat-templates 14.1.0 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/tripleo-heat-templates 13.3.0

This issue was fixed in the openstack/tripleo-heat-templates 13.3.0 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/tripleo-heat-templates 11.6.0

This issue was fixed in the openstack/tripleo-heat-templates 11.6.0 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to tripleo-heat-templates (stable/ussuri)

Reviewed: https://review.opendev.org/c/openstack/tripleo-heat-templates/+/786896
Committed: https://opendev.org/openstack/tripleo-heat-templates/commit/6342deafc386cd6956941f818eab7e8781899584
Submitter: "Zuul (22348)"
Branch: stable/ussuri

commit 6342deafc386cd6956941f818eab7e8781899584
Author: Grzegorz Grasza <email address hidden>
Date: Thu Apr 8 14:34:57 2021 +0200

    Mount /etc/openldap inside the keystone container

    For configuring high availability for LDAP in keystone one
    needs to edit /etc/openldap/ldap.conf. This worked
    before control plane was containerised. Mounting the
    openldap configuration into the keystone container
    restores the previous behavior.

    Change-Id: Id0d73a8ab0ddf7bf9e2b76ea14ffc9acff3a0ad3
    Closes-Bug: #1923048
    Resolves: rhbz#1944466
    (cherry picked from commit 313e4484e2a219eec7affb5e1e5e61d41687c6fd)

tags: added: in-stable-ussuri
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/tripleo-heat-templates 12.4.4

This issue was fixed in the openstack/tripleo-heat-templates 12.4.4 release.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.