Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-7954

[BZ] The script for certs check fails with Openstack client version 3.18.1

    XMLWordPrintable

Details

    • -
    • Moderate
    • No
    • ShiftStack Sprint 233, ShiftStack Sprint 234
    • 2
    • Rejected
    • False
    • Hide
      * Previously, a script provided in the documentation for checking invalid HTTPS certificates in the {rh-openstack} API assumed a recent version of the {rh-openstack} client. For users who did not have a recent version of the client, this script failed. Now, manual instructions are added to the documentation that users can follow to perform the check with any version of the client. (link:https://issues.redhat.com/browse/OCPBUGS-7954[*OCPBUGS-7954*])
      Show
      * Previously, a script provided in the documentation for checking invalid HTTPS certificates in the {rh-openstack} API assumed a recent version of the {rh-openstack} client. For users who did not have a recent version of the client, this script failed. Now, manual instructions are added to the documentation that users can follow to perform the check with any version of the client. (link: https://issues.redhat.com/browse/OCPBUGS-7954 [* OCPBUGS-7954 *])
    • Bug Fix
    • Done

    Description

      Description of problem:

      The script for checking the certs for Openshift install on openstack fails. 

https://docs.openshift.com/container-platform/4.12/installing/installing_openstack/preparing-to-install-on-openstack.html#security-osp-validating-certificates_preparing-to-install-on-openstack

I see that the command "openstack catalog list --format json --column Name --column Endpoints" returns output as,

-----------
[
  {
    "Name": "heat-cfn",
    "Endpoints": "RegionOne\n  admin: http://10.254.x.x:8000/v1\nRegionOne\n  public: https://<domain_name>:8000/v1\nRegionOne\n  internal: http://10.254.x.x:8000/v1\n"
  },
  {
    "Name": "cinderv2",
    "Endpoints": "RegionOne\n  admin: http://10.254.x.x:8776/v2/f36f2db6bb434484b71a45aa84b9d790\nRegionOne\n  internal: http://10.254.x.x:8776/v2/f36f2db6bb434484b71a45aa84b9d790\nRegionOne\n  public: https://<domain_name>:8776/v2/f36f2db6bb434484b71a45aa84b9d790\n"
  },
  {
    "Name": "glance",
    "Endpoints": "RegionOne\n  public: https://<domain_name>:9292\nRegionOne\n  admin: http://10.254.x.x:9292\nRegionOne\n  internal: http://10.254.x.x:9292\n"
  },
  {
    "Name": "keystone",
    "Endpoints": "RegionOne\n  internal: http://10.254.x.x:5000\nRegionOne\n  admin: http://10.254.x.x:35357\nRegionOne\n  public: https://<domain_name>:5000\n"
  },
  {
    "Name": "swift",
    "Endpoints": "RegionOne\n  admin: https://ch-dc-s3-gsn-33.eecloud.nsn-net.net:10032/swift/v1\nRegionOne\n  public: https://ch-dc-s3-gsn-33.eecloud.nsn-net.net:10032/swift/v1\nRegionOne\n  internal: https://ch-dc-s3-gsn-33.eecloud.nsn-net.net:10032/swift/v1\n"
  },
  {
    "Name": "nova",
    "Endpoints": "RegionOne\n  public: https://<domain_name>:8774/v2.1\nRegionOne\n  internal: http://10.254.x.x:8774/v2.1\nRegionOne\n  admin: http://10.254.x.x:8774/v2.1\n"
  },
  {
    "Name": "heat",
    "Endpoints": "RegionOne\n  internal: http://10.254.x.x:8004/v1/f36f2db6bb434484b71a45aa84b9d790\nRegionOne\n  public: https://<domain_name>:8004/v1/f36f2db6bb434484b71a45aa84b9d790\nRegionOne\n  admin: http://10.254.x.x:8004/v1/f36f2db6bb434484b71a45aa84b9d790\n"
  },
  {
    "Name": "cinder",
    "Endpoints": ""
  },
  {
    "Name": "cinderv3",
    "Endpoints": "RegionOne\n  public: https://<domain_name>:8776/v3/f36f2db6bb434484b71a45aa84b9d790\nRegionOne\n  admin: http://10.254.x.x:8776/v3/f36f2db6bb434484b71a45aa84b9d790\nRegionOne\n  internal: http://10.254.x.x:8776/v3/f36f2db6bb434484b71a45aa84b9d790\n"
  },
  {
    "Name": "neutron",
    "Endpoints": "RegionOne\n  internal: http://10.254.x.x:9696\nRegionOne\n  public: https://<domain_name>:9696\nRegionOne\n  admin: http://10.254.x.x:9696\n"
  },
  {
    "Name": "placement",
    "Endpoints": "RegionOne\n  internal: http://10.254.x.x:8778\nRegionOne\n  admin: http://10.254.x.x:8778\nRegionOne\n  public: https://<domain_name>:8778\n"
  }
]
-----------

Which then expected to be filtered with jq as " | jq -r '.[] | .Name as $name | .Endpoints[] | [$name, .interface, .url] | join(" ")'| sort " 


But it fails with error as,

----------------
./certs.sh
jq: error (at <stdin>:46): Cannot iterate over string ("RegionOne\...)

Further check the script following commands execution is  failing
 openstack catalog list --format json --column Name --column Endpoints \
> | jq -r '.[] | .Name as $name | .Endpoints[] | [$name, .interface, .url] | join(" ")'
jq: error (at <stdin>:46): Cannot iterate over string ("RegionOne\...)
----------------

Where certs.sh is the script we copied from documentation.

I did some debugs to get the things .interface,.url to internal,public,admin fields from endpoint but I'm not sure if that's way it is on openstack so marking this as BZ to have reviewed.

       

       

       

       

      Version-Release number of selected component (if applicable):

      Openshift Container Platform 4.12 on 3.18.1 release of openstack

      How reproducible:

      - Always

      Steps to Reproduce:

      1. Copy the script and run it on given release of openstack version. 2.
3.

      Actual results:

      Fails with parsing

      Expected results:

      Shouldn't fail.

      Additional info:

       

      Attachments

        Activity

          People

            pprinett@redhat.com Pierre Prinetti
            rhn-support-pkhedeka Parikshit Khedekar
            Itshak Brown Itshak Brown
            Votes:
            0 Vote for this issue
            Watchers:
            10 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: