Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[tlse] update TLS/CA config #693

Merged
merged 5 commits into from
Mar 9, 2024
Merged

[tlse] update TLS/CA config #693

merged 5 commits into from
Mar 9, 2024

Conversation

stuggi
Copy link
Contributor

@stuggi stuggi commented Mar 5, 2024
edited by openshift-ci bot
Loading

changes top level tls config section to reflect ingress and podlevel tls termination and allows to customize the duration and renewBefore for each of the CAs and Certs issued for a CA.

Also:

  • creates CA for OVN
  • fixes an issue where service cert was not created when tls on ingress
    was disabled.
  • Allow using custom tlsConfig.API.Public.SecretName when no ingress used
    When also using LoadBalancer (MetalLB) for public endpoints this change allows to use the service configs tls.API.Public.SecretName to reference a secret holding a custom TLS cert. The secret must contain at least tls.key and tls.crt. The custom CA should be added to the bundle using the secret reference in the osctlplane crd.

Depends-On: openstack-k8s-operators/lib-common#471

Jira: OSPRH-5342

@openshift-ci openshift-ci bot requested review from abays and viroel March 5, 2024 15:42
@openshift-ci openshift-ci bot added the approved label Mar 5, 2024
@stuggi stuggi requested review from olliewalsh and Deydra71 and removed request for viroel March 5, 2024 15:43
@stuggi
Copy link
Contributor Author

stuggi commented Mar 5, 2024

the tls custom config would now look like this on a ctlplane CR. duration, renewBefore are defaulted.

apiVersion: core.openstack.org/v1beta1
kind: OpenStackControlPlane
metadata:
  name: openstack-network-isolation-ceph
spec:
  tls:
    ingress:
      ca:
        duration: 43800h
      cert:
        duration: 1h
        renewBefore: 55m
      enabled: true
    podLevel:
      default:
        ca:
          duration: 43800h
        cert:
          duration: 300h
          renewBefore: 5m
      enabled: true
      ovn:
        ca:
          duration: 43800h
        cert:
          duration: 8760h

olliewalsh
olliewalsh reviewed Mar 5, 2024
View reviewed changes
apis/core/v1beta1/openstackcontrolplane_types.go
CertSection `json:",inline"`
}

// TLSPodLevelConfig defines the desired state of the TLS configuration for TLS termination at the pod level
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: technically libvirt isn't a pod.... but can't think of a better name

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

right, I was thinking the same, but its also no longer a container. Service is also not a good name to mix it with k8s services. so podLevel was the only good name I came up ..

@softwarefactory-project-zuul softwarefactory-project-zuul
Copy link

Build failed (check pipeline). Post recheck (without leading slash)
to rerun all jobs. Make sure the failure cause has been resolved before
you rerun jobs.

https://review.rdoproject.org/zuul/buildset/05182c760abb4ba4a43dda1bc6e1f87e

✔️ openstack-k8s-operators-content-provider SUCCESS in 2h 27m 56s
✔️ podified-multinode-edpm-deployment-crc SUCCESS in 1h 03m 33s
✔️ cifmw-crc-podified-edpm-baremetal SUCCESS in 1h 14m 59s
cifmw-data-plane-adoption-osp-17-to-extracted-crc FAILURE in 2h 06m 44s
✔️ openstack-operator-tempest-multinode SUCCESS in 1h 20m 57s

@stuggi
Copy link
Contributor Author

stuggi commented Mar 6, 2024

recheck

@softwarefactory-project-zuul softwarefactory-project-zuul
Copy link

Build failed (check pipeline). Post recheck (without leading slash)
to rerun all jobs. Make sure the failure cause has been resolved before
you rerun jobs.

https://review.rdoproject.org/zuul/buildset/040916088eaa4cc5b3ad632188bba33e

✔️ openstack-k8s-operators-content-provider SUCCESS in 2h 30m 48s
✔️ podified-multinode-edpm-deployment-crc SUCCESS in 1h 05m 04s
✔️ cifmw-crc-podified-edpm-baremetal SUCCESS in 1h 10m 49s
cifmw-data-plane-adoption-osp-17-to-extracted-crc FAILURE in 2h 11m 14s
✔️ openstack-operator-tempest-multinode SUCCESS in 1h 26m 31s

@stuggi
Copy link
Contributor Author

stuggi commented Mar 6, 2024

/test openstack-operator-build-deploy-kuttl

@softwarefactory-project-zuul softwarefactory-project-zuul
Copy link

Build failed (check pipeline). Post recheck (without leading slash)
to rerun all jobs. Make sure the failure cause has been resolved before
you rerun jobs.

https://review.rdoproject.org/zuul/buildset/a20efea60601473f91e98ff1e2fad4d3

✔️ openstack-k8s-operators-content-provider SUCCESS in 2h 28m 13s
✔️ podified-multinode-edpm-deployment-crc SUCCESS in 1h 03m 34s
✔️ cifmw-crc-podified-edpm-baremetal SUCCESS in 1h 15m 04s
cifmw-data-plane-adoption-osp-17-to-extracted-crc FAILURE in 2h 08m 24s
✔️ openstack-operator-tempest-multinode SUCCESS in 1h 38m 42s

@stuggi
Copy link
Contributor Author

stuggi commented Mar 6, 2024

rebased

@softwarefactory-project-zuul softwarefactory-project-zuul
Copy link

Build failed (check pipeline). Post recheck (without leading slash)
to rerun all jobs. Make sure the failure cause has been resolved before
you rerun jobs.

https://review.rdoproject.org/zuul/buildset/ac6207f8155f4e8aa10dfbd4fe4b7169

✔️ openstack-k8s-operators-content-provider SUCCESS in 2h 04m 55s
✔️ podified-multinode-edpm-deployment-crc SUCCESS in 1h 05m 38s
✔️ cifmw-crc-podified-edpm-baremetal SUCCESS in 1h 23m 12s
cifmw-data-plane-adoption-osp-17-to-extracted-crc FAILURE in 1h 46m 35s
✔️ openstack-operator-tempest-multinode SUCCESS in 1h 24m 22s

@stuggi
Copy link
Contributor Author

stuggi commented Mar 7, 2024

/test openstack-operator-build-deploy-kuttl

@stuggi
Copy link
Contributor Author

stuggi commented Mar 7, 2024

recheck

@softwarefactory-project-zuul softwarefactory-project-zuul
Copy link

Build failed (check pipeline). Post recheck (without leading slash)
to rerun all jobs. Make sure the failure cause has been resolved before
you rerun jobs.

https://review.rdoproject.org/zuul/buildset/bb3af3462daf4b0593a533ddd14145a1

✔️ openstack-k8s-operators-content-provider SUCCESS in 2h 06m 56s
✔️ podified-multinode-edpm-deployment-crc SUCCESS in 1h 05m 51s
✔️ cifmw-crc-podified-edpm-baremetal SUCCESS in 1h 11m 56s
cifmw-data-plane-adoption-osp-17-to-extracted-crc FAILURE in 1h 48m 54s
✔️ openstack-operator-tempest-multinode SUCCESS in 1h 35m 46s

@stuggi
Copy link
Contributor Author

stuggi commented Mar 7, 2024

recheck

@softwarefactory-project-zuul softwarefactory-project-zuul
Copy link

Build failed (check pipeline). Post recheck (without leading slash)
to rerun all jobs. Make sure the failure cause has been resolved before
you rerun jobs.

https://review.rdoproject.org/zuul/buildset/f75aa004e3cb4f5caba7414e06a042d9

✔️ openstack-k8s-operators-content-provider SUCCESS in 1h 57m 53s
podified-multinode-edpm-deployment-crc RETRY_LIMIT in 31m 59s
✔️ cifmw-crc-podified-edpm-baremetal SUCCESS in 1h 15m 35s
cifmw-data-plane-adoption-osp-17-to-extracted-crc FAILURE in 1h 39m 35s
✔️ openstack-operator-tempest-multinode SUCCESS in 1h 26m 56s

@stuggi
Copy link
Contributor Author

stuggi commented Mar 7, 2024

nova is still in deploy progress. both cell conductors do not have db access

cell1 conductor can not access the db https://logserver.rdoproject.org/93/693/457c06271939e17c7af54e1a3bf25aaed98c6604/github-check/cifmw-data-plane-adoption-osp-17-to-extracted-crc/44455a3/controller/ci-framework-data/logs/openstack-k8s-operators-openstack-must-gather/namespaces/openstack/pods/nova-cell1-conductor-0/logs/nova-cell1-conductor-conductor.log

2024-03-07 12:45:12.803 1 ERROR nova.context sqlalchemy.exc.OperationalError: (pymysql.err.OperationalError) (1045, "Access denied for user 'nova_cell1'@'192.168.122.100' (using password: YES)")

the db create and account create job for cell1 seems has finished ok
https://logserver.rdoproject.org/93/693/457c06271939e17c7af54e1a3bf25aaed98c6604/github-check/cifmw-data-plane-adoption-osp-17-to-extracted-crc/44455a3/controller/ci-framework-data/logs/openstack-k8s-operators-openstack-must-gather/namespaces/openstack/pods/nova-cell1-db-create-q8qfv/nova-cell1-db-create-q8qfv-describe

Same for conductor in cell0 https://logserver.rdoproject.org/93/693/457c06271939e17c7af54e1a3bf25aaed98c6604/github-check/cifmw-data-plane-adoption-osp-17-to-extracted-crc/44455a3/controller/ci-framework-data/logs/openstack-k8s-operators-openstack-must-gather/namespaces/openstack/pods/nova-cell0-conductor-0/logs/nova-cell0-conductor-conductor.log

nova-scheduler and nova-api seem to be fine

@stuggi
Copy link
Contributor Author

stuggi commented Mar 7, 2024

Galera pod logs show abort erros for both instances

https://logserver.rdoproject.org/93/693/457c06271939e17c7af54e1a3bf25aaed98c6604/github-check/cifmw-data-plane-adoption-osp-17-to-extracted-crc/44455a3/controller/ci-framework-data/logs/openstack-k8s-operators-openstack-must-gather/namespaces/openstack/pods/openstack-galera-0/logs/galera.log

https://logserver.rdoproject.org/93/693/457c06271939e17c7af54e1a3bf25aaed98c6604/github-check/cifmw-data-plane-adoption-osp-17-to-extracted-crc/44455a3/controller/ci-framework-data/logs/openstack-k8s-operators-openstack-must-gather/namespaces/openstack/pods/openstack-cell1-galera-0/logs/galera.log

2024-03-07 12:39:12 120 [Warning] Aborted connection 120 to db: 'keystone' user: 'keystone' host: '10.217.1.15' (Got an error reading communication packets)
2024-03-07 12:39:20 121 [Warning] Aborted connection 121 to db: 'keystone' user: 'keystone' host: '10.217.1.16' (Got an error reading communication packets)
2024-03-07 12:39:27 124 [Warning] Aborted connection 124 to db: 'keystone' user: 'keystone' host: '10.217.1.18' (Got an error reading communication packets)
2024-03-07 12:40:35 131 [Warning] Aborted connection 131 to db: 'keystone' user: 'keystone' host: '10.217.1.19' (Got an error reading communication packets)
2024-03-07 12:40:35 130 [Warning] Aborted connection 130 to db: 'keystone' user: 'keystone' host: '10.217.1.19' (Got an error reading communication packets)
2024-03-07 12:40:35 129 [Warning] Aborted connection 129 to db: 'keystone' user: 'keystone' host: '10.217.1.19' (Got an error reading communication packets)
2024-03-07 12:40:35 134 [Warning] Aborted connection 134 to db: 'keystone' user: 'keystone' host: '10.217.1.19' (Got an error reading communication packets)
2024-03-07 12:40:53 152 [Warning] Aborted connection 152 to db: 'barbican' user: 'barbican' host: '10.217.1.25' (Got an error reading communication packets)
2024-03-07 12:42:57 202 [Warning] Aborted connection 202 to db: 'glance' user: 'glance' host: '10.217.1.38' (Got an error reading communication packets)
2024-03-07 12:42:57 203 [Warning] Aborted connection 203 to db: 'glance' user: 'glance' host: '10.217.1.38' (Got an error reading communication packets)
2024-03-07 12:42:58 204 [Warning] Aborted connection 204 to db: 'glance' user: 'glance' host: '10.217.1.38' (Got an error reading communication packets)
2024-03-07 12:43:49 218 [Warning] Aborted connection 218 to db: 'placement' user: 'placement' host: '10.217.1.44' (Got an error reading communication packets)
2024-03-07 12:44:40 236 [Warning] Aborted connection 236 to db: 'nova_api' user: 'nova_api' host: '10.217.1.53' (Got an error reading communication packets)
2024-03-07 12:44:42 239 [Warning] Aborted connection 239 to db: 'nova_cell0' user: 'nova_cell0' host: '10.217.1.53' (Got an error reading communication packets)
2024-03-07 12:45:03 247 [Warning] Aborted connection 247 to db: 'nova_api' user: 'nova_api' host: '10.217.1.56' (Got an error reading communication packets)
2024-03-07 12:45:05 249 [Warning] Aborted connection 249 to db: 'nova_api' user: 'nova_api' host: '10.217.1.56' (Got an error reading communication packets)
2024-03-07 12:45:11 248 [Warning] Aborted connection 248 to db: 'nova_cell0' user: 'nova_cell0' host: '10.217.1.61' (Got an error reading communication packets)
2024-03-07 12:45:11 246 [Warning] Aborted connection 246 to db: 'nova_api' user: 'nova_api' host: '10.217.1.61' (Got an error reading communication packets)
2024-03-07 12:45:24 271 [Warning] Aborted connection 271 to db: 'nova_api' user: 'nova_api' host: '10.217.1.68' (Got an error reading communication packets)
2024-03-07 12:45:26 272 [Warning] Aborted connection 272 to db: 'nova_api' user: 'nova_api' host: '10.217.1.68' (Got an error reading communication packets)
2024-03-07 12:45:32 270 [Warning] Aborted connection 270 to db: 'nova_cell0' user: 'nova_cell0' host: '10.217.1.65' (Got an error reading communication packets)
2024-03-07 12:45:32 265 [Warning] Aborted connection 265 to db: 'nova_api' user: 'nova_api' host: '10.217.1.65' (Got an error reading communication packets)
2024-03-07 12:45:32 267 [Warning] Aborted connection 267 to db: 'nova_cell0' user: 'nova_cell0' host: '10.217.1.65' (Got an error reading communication packets)
2024-03-07 12:45:32 269 [Warning] Aborted connection 269 to db: 'nova_cell0' user: 'nova_cell0' host: '10.217.1.65' (Got an error reading communication packets)
2024-03-07 12:45:32 268 [Warning] Aborted connection 268 to db: 'nova_cell0' user: 'nova_cell0' host: '10.217.1.65' (Got an error reading communication packets)
2024-03-07 12:45:32 266 [Warning] Aborted connection 266 to db: 'nova_api' user: 'nova_api' host: '10.217.1.65' (Got an error reading communication packets)
2024-03-07 12:45:32 261 [Warning] Aborted connection 261 to db: 'nova_api' user: 'nova_api' host: '10.217.1.66' (Got an error reading communication packets)
2024-03-07 12:45:32 262 [Warning] Aborted connection 262 to db: 'nova_cell0' user: 'nova_cell0' host: '10.217.1.66' (Got an error reading communication packets)
2024-03-07 12:45:32 263 [Warning] Aborted connection 263 to db: 'nova_cell0' user: 'nova_cell0' host: '10.217.1.66' (Got an error reading communication packets)
2024-03-07 12:45:32 264 [Warning] Aborted connection 264 to db: 'nova_cell0' user: 'nova_cell0' host: '10.217.1.66' (Got an error reading communication packets)
2024-03-07 12:45:32 260 [Warning] Aborted connection 260 to db: 'nova_cell0' user: 'nova_cell0' host: '10.217.1.66' (Got an error reading communication packets)
2024-03-07 12:45:32 259 [Warning] Aborted connection 259 to db: 'nova_api' user: 'nova_api' host: '10.217.1.66' (Got an error reading communication packets)
2024-03-07 12:45:32 255 [Warning] Aborted connection 255 to db: 'nova_cell0' user: 'nova_cell0' host: '10.217.1.67' (Got an error reading communication packets)
2024-03-07 12:45:32 256 [Warning] Aborted connection 256 to db: 'nova_cell0' user: 'nova_cell0' host: '10.217.1.67' (Got an error reading communication packets)
2024-03-07 12:45:32 254 [Warning] Aborted connection 254 to db: 'nova_api' user: 'nova_api' host: '10.217.1.67' (Got an error reading communication packets)
2024-03-07 12:45:43 278 [Warning] Aborted connection 278 to db: 'nova_cell0' user: 'nova_cell0' host: '10.217.1.71' (Got an error reading communication packets)

cell1

2024-03-07 12:45:04 174 [Warning] Aborted connection 174 to db: 'nova_cell1' user: 'nova_cell1' host: '10.217.1.62' (Got an error reading communication packets)

@stuggi
Copy link
Contributor Author

stuggi commented Mar 7, 2024

Galera pod logs show abort erros for both instances

https://logserver.rdoproject.org/93/693/457c06271939e17c7af54e1a3bf25aaed98c6604/github-check/cifmw-data-plane-adoption-osp-17-to-extracted-crc/44455a3/controller/ci-framework-data/logs/openstack-k8s-operators-openstack-must-gather/namespaces/openstack/pods/openstack-galera-0/logs/galera.log

https://logserver.rdoproject.org/93/693/457c06271939e17c7af54e1a3bf25aaed98c6604/github-check/cifmw-data-plane-adoption-osp-17-to-extracted-crc/44455a3/controller/ci-framework-data/logs/openstack-k8s-operators-openstack-must-gather/namespaces/openstack/pods/openstack-cell1-galera-0/logs/galera.log

2024-03-07 12:39:12 120 [Warning] Aborted connection 120 to db: 'keystone' user: 'keystone' host: '10.217.1.15' (Got an error reading communication packets)
2024-03-07 12:39:20 121 [Warning] Aborted connection 121 to db: 'keystone' user: 'keystone' host: '10.217.1.16' (Got an error reading communication packets)
2024-03-07 12:39:27 124 [Warning] Aborted connection 124 to db: 'keystone' user: 'keystone' host: '10.217.1.18' (Got an error reading communication packets)
2024-03-07 12:40:35 131 [Warning] Aborted connection 131 to db: 'keystone' user: 'keystone' host: '10.217.1.19' (Got an error reading communication packets)
2024-03-07 12:40:35 130 [Warning] Aborted connection 130 to db: 'keystone' user: 'keystone' host: '10.217.1.19' (Got an error reading communication packets)
2024-03-07 12:40:35 129 [Warning] Aborted connection 129 to db: 'keystone' user: 'keystone' host: '10.217.1.19' (Got an error reading communication packets)
2024-03-07 12:40:35 134 [Warning] Aborted connection 134 to db: 'keystone' user: 'keystone' host: '10.217.1.19' (Got an error reading communication packets)
2024-03-07 12:40:53 152 [Warning] Aborted connection 152 to db: 'barbican' user: 'barbican' host: '10.217.1.25' (Got an error reading communication packets)
2024-03-07 12:42:57 202 [Warning] Aborted connection 202 to db: 'glance' user: 'glance' host: '10.217.1.38' (Got an error reading communication packets)
2024-03-07 12:42:57 203 [Warning] Aborted connection 203 to db: 'glance' user: 'glance' host: '10.217.1.38' (Got an error reading communication packets)
2024-03-07 12:42:58 204 [Warning] Aborted connection 204 to db: 'glance' user: 'glance' host: '10.217.1.38' (Got an error reading communication packets)
2024-03-07 12:43:49 218 [Warning] Aborted connection 218 to db: 'placement' user: 'placement' host: '10.217.1.44' (Got an error reading communication packets)
2024-03-07 12:44:40 236 [Warning] Aborted connection 236 to db: 'nova_api' user: 'nova_api' host: '10.217.1.53' (Got an error reading communication packets)
2024-03-07 12:44:42 239 [Warning] Aborted connection 239 to db: 'nova_cell0' user: 'nova_cell0' host: '10.217.1.53' (Got an error reading communication packets)
2024-03-07 12:45:03 247 [Warning] Aborted connection 247 to db: 'nova_api' user: 'nova_api' host: '10.217.1.56' (Got an error reading communication packets)
2024-03-07 12:45:05 249 [Warning] Aborted connection 249 to db: 'nova_api' user: 'nova_api' host: '10.217.1.56' (Got an error reading communication packets)
2024-03-07 12:45:11 248 [Warning] Aborted connection 248 to db: 'nova_cell0' user: 'nova_cell0' host: '10.217.1.61' (Got an error reading communication packets)
2024-03-07 12:45:11 246 [Warning] Aborted connection 246 to db: 'nova_api' user: 'nova_api' host: '10.217.1.61' (Got an error reading communication packets)
2024-03-07 12:45:24 271 [Warning] Aborted connection 271 to db: 'nova_api' user: 'nova_api' host: '10.217.1.68' (Got an error reading communication packets)
2024-03-07 12:45:26 272 [Warning] Aborted connection 272 to db: 'nova_api' user: 'nova_api' host: '10.217.1.68' (Got an error reading communication packets)
2024-03-07 12:45:32 270 [Warning] Aborted connection 270 to db: 'nova_cell0' user: 'nova_cell0' host: '10.217.1.65' (Got an error reading communication packets)
2024-03-07 12:45:32 265 [Warning] Aborted connection 265 to db: 'nova_api' user: 'nova_api' host: '10.217.1.65' (Got an error reading communication packets)
2024-03-07 12:45:32 267 [Warning] Aborted connection 267 to db: 'nova_cell0' user: 'nova_cell0' host: '10.217.1.65' (Got an error reading communication packets)
2024-03-07 12:45:32 269 [Warning] Aborted connection 269 to db: 'nova_cell0' user: 'nova_cell0' host: '10.217.1.65' (Got an error reading communication packets)
2024-03-07 12:45:32 268 [Warning] Aborted connection 268 to db: 'nova_cell0' user: 'nova_cell0' host: '10.217.1.65' (Got an error reading communication packets)
2024-03-07 12:45:32 266 [Warning] Aborted connection 266 to db: 'nova_api' user: 'nova_api' host: '10.217.1.65' (Got an error reading communication packets)
2024-03-07 12:45:32 261 [Warning] Aborted connection 261 to db: 'nova_api' user: 'nova_api' host: '10.217.1.66' (Got an error reading communication packets)
2024-03-07 12:45:32 262 [Warning] Aborted connection 262 to db: 'nova_cell0' user: 'nova_cell0' host: '10.217.1.66' (Got an error reading communication packets)
2024-03-07 12:45:32 263 [Warning] Aborted connection 263 to db: 'nova_cell0' user: 'nova_cell0' host: '10.217.1.66' (Got an error reading communication packets)
2024-03-07 12:45:32 264 [Warning] Aborted connection 264 to db: 'nova_cell0' user: 'nova_cell0' host: '10.217.1.66' (Got an error reading communication packets)
2024-03-07 12:45:32 260 [Warning] Aborted connection 260 to db: 'nova_cell0' user: 'nova_cell0' host: '10.217.1.66' (Got an error reading communication packets)
2024-03-07 12:45:32 259 [Warning] Aborted connection 259 to db: 'nova_api' user: 'nova_api' host: '10.217.1.66' (Got an error reading communication packets)
2024-03-07 12:45:32 255 [Warning] Aborted connection 255 to db: 'nova_cell0' user: 'nova_cell0' host: '10.217.1.67' (Got an error reading communication packets)
2024-03-07 12:45:32 256 [Warning] Aborted connection 256 to db: 'nova_cell0' user: 'nova_cell0' host: '10.217.1.67' (Got an error reading communication packets)
2024-03-07 12:45:32 254 [Warning] Aborted connection 254 to db: 'nova_api' user: 'nova_api' host: '10.217.1.67' (Got an error reading communication packets)
2024-03-07 12:45:43 278 [Warning] Aborted connection 278 to db: 'nova_cell0' user: 'nova_cell0' host: '10.217.1.71' (Got an error reading communication packets)

cell1

2024-03-07 12:45:04 174 [Warning] Aborted connection 174 to db: 'nova_cell1' user: 'nova_cell1' host: '10.217.1.62' (Got an error reading communication packets)

they are probably not related we also see aborts in a successful run as in https://logserver.rdoproject.org/90/690/b0d0bda02ab5ae4f8fb39744e8cd606d829ffa04/github-check/cifmw-data-plane-adoption-osp-17-to-extracted-crc/e50ed17/controller/ci-framework-data/logs/openstack-k8s-operators-openstack-must-gather/namespaces/openstack/pods/openstack-cell1-galera-0/logs/galera.log

@stuggi
Copy link
Contributor Author

stuggi commented Mar 7, 2024

ignore previous comments. the issue is that the conductors try to reach an external DB on 192.168.122.100

2024-03-07 12:45:12.803 1 ERROR nova.context sqlalchemy.exc.OperationalError: (pymysql.err.OperationalError) (1045, "Access denied for user 'nova_cell1'@'192.168.122.100' (using password: YES)")

@stuggi
Copy link
Contributor Author

stuggi commented Mar 7, 2024

try bumping nova and mariadb operator as the issue is not seen in #690 , but kuttl might fail as in that one

@softwarefactory-project-zuul softwarefactory-project-zuul
Copy link

Build failed (check pipeline). Post recheck (without leading slash)
to rerun all jobs. Make sure the failure cause has been resolved before
you rerun jobs.

https://review.rdoproject.org/zuul/buildset/60c22e90656e49e29cf1ac78adc7a5f9

✔️ openstack-k8s-operators-content-provider SUCCESS in 2h 44m 03s
podified-multinode-edpm-deployment-crc FAILURE in 1h 16m 11s
cifmw-crc-podified-edpm-baremetal FAILURE in 1h 29m 23s
✔️ cifmw-data-plane-adoption-osp-17-to-extracted-crc SUCCESS in 2h 15m 03s
openstack-operator-tempest-multinode FAILURE in 1h 23m 38s

@olliewalsh olliewalsh mentioned this pull request Mar 8, 2024
Merged
@softwarefactory-project-zuul softwarefactory-project-zuul
Copy link

Build failed (check pipeline). Post recheck (without leading slash)
to rerun all jobs. Make sure the failure cause has been resolved before
you rerun jobs.

https://review.rdoproject.org/zuul/buildset/81278adce5444b11ac4673f771d61ebe

✔️ openstack-k8s-operators-content-provider SUCCESS in 3h 22m 26s
podified-multinode-edpm-deployment-crc FAILURE in 1h 19m 18s
✔️ cifmw-crc-podified-edpm-baremetal SUCCESS in 1h 18m 55s
cifmw-data-plane-adoption-osp-17-to-extracted-crc FAILURE in 2h 55m 08s
openstack-operator-tempest-multinode FAILURE in 2h 42m 18s

stuggi added 5 commits March 8, 2024 22:43
@stuggi @olliewalsh
[tlse] update TLS/CA config
6e3dcbb 
changes top level tls config section to reflect ingress and podlevel
tls termination and allows to customize the duration and renewBefore
for each of the CAs and Certs issued for a CA.

Also:
* creates CA for OVN
* fixes an issue where service cert was not created when tls on ingress
  was disabled.

Depends-On: openstack-k8s-operators/lib-common#471

Jira: OSPRH-5342
@stuggi @olliewalsh
[tlse] Allow using custom tlsConfig.API.Public.SecretName when no ing…
69c33b9 
…ress used

When also using LoadBalancer (MetalLB) for public endpoints
this change allows to use the service configs tls.API.Public.SecretName
to reference a secret holding a custom TLS cert. The secret
must contain at least tls.key and tls.crt. The custom CA should
be added to the bundle using the secret reference in the osctlplane
crd.
@stuggi @olliewalsh
[tlse] update kuttl tests
8b66dc5
@stuggi @olliewalsh
[tlse] rename TLSPodLevelConfig.Default to TLSPodLevelConfig.Internal
7fed349 
Jira: OSPRH-5342
@stuggi @olliewalsh
bump mariadb, nova and infra operator
f6f9c63
olliewalsh
olliewalsh approved these changes Mar 8, 2024
View reviewed changes
Copy link
Contributor

@olliewalsh olliewalsh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm pushed a rebase

@openshift-ci openshift-ci bot added the lgtm label Mar 8, 2024
@openshift-ci OpenShift CI
Copy link
Contributor

openshift-ci bot commented Mar 8, 2024

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: olliewalsh, stuggi

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-merge-bot openshift-merge-bot bot merged commit 1e57116 into openstack-k8s-operators:main Mar 9, 2024
7 checks passed
@olliewalsh olliewalsh mentioned this pull request Mar 13, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@olliewalsh olliewalsh olliewalsh approved these changes

@abays abays Awaiting requested review from abays

@Deydra71 Deydra71 Awaiting requested review from Deydra71

Assignees

@olliewalsh olliewalsh

Labels
approved lgtm
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@stuggi @olliewalsh @openshift-merge-robot