Tripleo under/over cloud TLS via novajoin
I am attempting to follow https://docs.openstack.org/project-deploy-guide/tripleo-docs/latest/features/tls_everywhere.html (https://docs.openstack.org/project-de...) and get errors while running the openstack undercloud install.
2020-04-06 00:16:03.800 6639 WARNING tripleoclient.v1.tripleo_deploy.Deploy [ ] fatal: [ucloud]: FAILED! => {"changed": true, "cmd": "/usr/bin/kinit -kt /etc/krb5.keytab && ipa-getkeytab -s $(grep xmlrpc_uri /etc/ipa/default.conf | cut -d/ -f3) -p nova/cloud.example.com -k /etc/novajoin/krb5.keytab", "delta": "0:00:00.743919", "end": "2020-04-06 00:16:03.748135", "msg": "non-zero return code", "rc": 9, "start": "2020-04-06 00:16:03.004216", "stderr": "Failed to parse result: PrincipalName not found.\n\nRetrying with pre-4.0 keytab retrieval method...\nFailed to parse result: PrincipalName not found.\n\nFailed to get keytab!\nFailed to get keytab", "stderr_lines": ["Failed to parse result: PrincipalName not found.", "", "Retrying with pre-4.0 keytab retrieval method...", "Failed to parse result: PrincipalName not found.", "", "Failed to get keytab!", "Failed to get keytab"], "stdout": "", "stdout_lines": []}
i have had several different types of errors.
- /etc/krb5.keytab is never generated.
- the novajoin script did not add the principal alias in freeipa so trying to run
ipa-getkeytab -s $(grep xmlrpc_uri /etc/ipa/default.conf | cut -d/ -f3) -p nova/cloud.example.com -k /etc/novajoin/krb5.keytab"
was failing.
any suggestions on how to get this sorted out would be appriciated. 3.