Overcloud deploy failure with certmonger dependencies
Issue
- Overcloud deploy fails with certmonger resubmit return code 3:
[12:40:22](undercloud) [stack@undercloud ~]$ openstack stack failures list overcloud --long
overcloud.AllNodesDeploySteps.ComputeDpdkDeployment_Step1.28:
"Error: /Stage[main]/Tripleo::Certmonger::Contrail/Certmonger_certificate[contrail]: Could not evaluate: Execution of '/usr/bin/getcert resubmit -i contrail -f /etc/contrail/ssl/certs/server.pem -c IPA -N CN=compute01.admin.localdomain -K contrail/compute01.admin.localdomain -D compute01.ctlplane.admin.localdomain -D compute01.storagemgmt.admin.localdomain -D compute01.internalapi.admin.localdomain -D compute01.tenant.admin.localdomain -C sudo docker ps -q --filter=name=\"contrail*\" | xargs -i sudo docker restart {} -w' returned 3: Resubmitting \"contrail\" to \"IPA\".",
overcloud.AllNodesDeploySteps.ComputeDpdkDeployment_Step1.6:
"Error: /Stage[main]/Tripleo::Certmonger::Contrail/Certmonger_certificate[contrail]: Could not evaluate: Execution of '/usr/bin/getcert resubmit -i contrail -f /etc/contrail/ssl/certs/server.pem -c IPA -N CN=compute02.admin.localdomain -K contrail/compute02.admin.localdomain -D compute02.ctlplane.admin.localdomain -D compute02.storagemgmt.admin.localdomain -D compute02.internalapi.admin.localdomain -D compute02.tenant.admin.localdomain -C sudo docker ps -q --filter=name=\"contrail*\" | xargs -i sudo docker restart {} -w' returned 3: Resubmitting \"contrail\" to \"IPA\".",
overcloud.AllNodesDeploySteps.ComputeDpdkDeployment_Step1.18:
"Error: /Stage[main]/Tripleo::Certmonger::Contrail/Certmonger_certificate[contrail]: Could not evaluate: Execution of '/usr/bin/getcert resubmit -i contrail -f /etc/contrail/ssl/certs/server.pem -c IPA -N CN=compute03.admin.localdomain -K contrail/compute03.admin.localdomain -D compute03.ctlplane.admin.localdomain -D compute03.storagemgmt.admin.localdomain -D compute03.internalapi.admin.localdomain -D compute03.tenant.admin.localdomain -C sudo docker ps -q --filter=name=\"contrail*\" | xargs -i sudo docker restart {} -w' returned 3: Resubmitting \"contrail\" to \"IPA\".",
overcloud.AllNodesDeploySteps.ComputeDpdkNonHtDeployment_Step1.22:
"Error: /Stage[main]/Tripleo::Certmonger::Contrail/Certmonger_certificate[contrail]: Could not evaluate: Execution of '/usr/bin/getcert resubmit -i contrail -f /etc/contrail/ssl/certs/server.pem -c IPA -N CN=compute04.admin.localdomain -K contrail/compute04.admin.localdomain -D compute04.ctlplane.admin.localdomain -D compute04.storagemgmt.admin.localdomain -D compute04.internalapi.admin.localdomain -D compute04.tenant.admin.localdomain -C sudo docker ps -q --filter=name=\"contrail*\" | xargs -i sudo docker restart {} -w' returned 3: Resubmitting \"contrail\" to \"IPA\".",
overcloud.AllNodesDeploySteps.ComputeDpdkNonHtDeployment_Step1.28:
"Error: /Stage[main]/Tripleo::Certmonger::Contrail/Certmonger_certificate[contrail]: Could not evaluate: Execution of '/usr/bin/getcert resubmit -i contrail -f /etc/contrail/ssl/certs/server.pem -c IPA -N CN=compute05.admin.localdomain -K contrail/compute05.admin.localdomain -D compute05.ctlplane.admin.localdomain -D compute05.storagemgmt.admin.localdomain -D compute05.internalapi.admin.localdomain -D compute05.tenant.admin.localdomain -C sudo docker ps -q --filter=name=\"contrail*\" | xargs -i sudo docker restart {} -w' returned 3: Resubmitting \"contrail\" to \"IPA\".",
sudo getcert liston those nodes return an error similar to this:
ca-error: Server at https://idm02.localdomain/ipa/xml failed request, will retry: -504 (libcurl failed to execute the HTTP POST transaction, explaining: Peer's Certificate has expired.).
Environment
- Red Hat OpenStack Platform 13.0 (RHOSP)
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.
