#7728 RFE: Validation and better error messages when novajoin fails because of SSL errors
Closed: fixed 5 years ago Opened 5 years ago by rcritten.

Ticket was cloned from Red Hat Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1637717

The command "openstack undercloud install" fails with:
2018-10-02T18:38:49Z DEBUG args=/usr/sbin/ipa-join -s
ipa.example.test -b dc=example,dc=test -w XXXXXXXX
2018-10-02T18:38:49Z DEBUG Process finished, return code=15
2018-10-02T18:38:49Z DEBUG stdout=
2018-10-02T18:38:49Z DEBUG stderr=Incorrect password.

However we found that the root cause was that the certificate downloaded from
IPA server (http://ipa.example.test/ipa/config/ca.crt) was an
intermediate certificate, not the root certificate.

The problem is that the error is misleading. The password was fine, but the
problem was that the certificate validation failed.


Metadata Update from @rcritten:
- Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1637717

5 years ago

Metadata Update from @rcritten:
- Issue assigned to rcritten

5 years ago

master:

  • 1e76f10 Enable LDAP debug output in client to display TLS errors in join

ipa-4-6:

  • 7cf7a74 Enable LDAP debug output in client to display TLS errors in join

ipa-4-7:

  • be5513b Enable LDAP debug output in client to display TLS errors in join

Metadata Update from @rcritten:
- Issue close_status updated to: fixed
- Issue status updated to: Closed (was: Open)

5 years ago

Login to comment on this ticket.

Metadata