Closed zzzeek closed 5 years ago
I'm deploying undercloud using --config-options to override all the conf settings that deal with the "192.168.24" network to use 192.168.25:
infrared tripleo-undercloud ... --config DEFAULT.cidr=192.168.25.0/24 --config DEFAULT.undercloud_public_host=192.168.25.2 .... (lots more --config )
However, plugins/tripleo-undercloud/tasks/ssl.yml runs and grabs out the "undercloud_public_host" before the correct values are written to undercloud.conf:
TASK [grab undercloud_public_host from undercloud.conf] ******************************************************************************************************************************* task path: /home/classic/dev/stretch_cluster/checkouts/infrared/plugins/tripleo-undercloud/tasks/ssl.yml:15 changed: [s2undercloud-0] => {"changed": true, "cmd": ["awk", "-F=", "/^undercloud_public_host\\s*=\\s*/ {print $2}", "~/undercloud.conf"], "delta": "0:00:00.003176", "end": "2018-10- 05 18:39:15.612734", "rc": 0, "start": "2018-10-05 18:39:15.609558", "stderr": "", "stderr_lines": [], "stdout": " 192.168.24.2", "stdout_lines": [" 192.168.24.2"]}
... later ...
TASK [override values in undercloud conf] ********************************************************************************************************************************************* task path: /home/classic/dev/stretch_cluster/checkouts/infrared/plugins/tripleo-undercloud/tasks/inject_undercloud_conf.yml:2 changed: [s2undercloud-0] => (item={'value': u'192.168.25.2', 'key': u'undercloud_public_host'}) => {"changed": true, "gid": 1001, "group": "stack", "item": {"key": "undercloud_public _host", "value": "192.168.25.2"}, "mode": "0755", "msg": "option changed", "owner": "stack", "path": "/home/stack/undercloud.conf", "secontext": "unconfined_u:object_r:user_home_t:s0" , "size": 873, "state": "file", "uid": 1001}
so the cert is generated with the wrong IP number and undercloud deploy fails:
tripleoclient.v1.tripleo_deploy.Deploy [ ] "Certificate did not match expected hostname: 192.168.25.2. Certificate: {'notBefore$ : u'Oct 5 18:39:16 2018 GMT', 'serialNumber': u'BB3D764D931D3119', 'notAfter': 'Oct 5 18:39:16 2019 GMT', 'version': 3L, 'subject': ((('countryName', u'US'),), (('stateOrProvinceNa$ e', u'NC'),), (('localityName', u'Raleigh'),), (('organizationName', u'Red HAt'),), (('organizationalUnitName', u'QE'),), (('commonName', u'192.168.24.2'),)), 'issuer': ((('countryNa$ e', u'US'),), (('stateOrProvinceName', u'NC'),), (('localityName', u'Raleigh'),), (('organizationName', u'Red HAt'),), (('organizationalUnitName', u'QE'),), (('commonName', u'192.168$ 24.2'),))}", 2018-10-05 19:09:22.577 12754 WARNING tripleoclient.v1.tripleo_deploy.Deploy [ ] "Failed to discover available identity versions when contacting https://192.168.25.2$ 13000/. Attempting to parse version from URL.", 2018-10-05 19:09:22.577 12754 WARNING tripleoclient.v1.tripleo_deploy.Deploy [ ] "Could not find versioned identity endpoints when attempting to authenticate. Please check that your auth_url is correct. SSL exception connecting to https://192.168.25.2:13000/: hostname '192.168.25.2' doesn't match u'192.168.24.2'",
I believe you'd want to make this change (haven't tested yet):
diff --git a/plugins/tripleo-undercloud/configure.yml b/plugins/tripleo-undercloud/configure.yml index a0496b69..cf78cf73 100644 --- a/plugins/tripleo-undercloud/configure.yml +++ b/plugins/tripleo-undercloud/configure.yml @@ -37,17 +37,17 @@ mode: 0755 when: not local_src - - name: enable undercloud-ssl - include_tasks: tasks/ssl.yml - when: install.ssl or install.version|openstack_release > 13 - tags: ssl - - name: override values in undercloud conf include_tasks: tasks/inject_undercloud_conf.yml with_dict: "{{ conf.options|default({}) }}" loop_control: loop_var: section + - name: enable undercloud-ssl + include_tasks: tasks/ssl.yml + when: install.ssl or install.version|openstack_release > 13 + tags: ssl + - name: create the base undercloud deploy script template: src: undercloud_deploy.sh.j2
confirmed this fixes.
gerrit at https://review.gerrithub.io/#/c/redhat-openstack/infrared/+/428249
I'm deploying undercloud using --config-options to override all the conf settings that deal with the "192.168.24" network to use 192.168.25:
However, plugins/tripleo-undercloud/tasks/ssl.yml runs and grabs out the "undercloud_public_host" before the correct values are written to undercloud.conf:
... later ...
so the cert is generated with the wrong IP number and undercloud deploy fails:
I believe you'd want to make this change (haven't tested yet):