-
Bug
-
Resolution: Unresolved
-
Undefined
-
None
-
None
-
None
-
0
-
False
-
-
False
-
?
-
rhos-ops-day1day2-upgrades
-
None
-
-
-
-
Moderate
After adopting from RHOSP17.1 to RHOSO18, Shift on Stack clusters continue to reference the old TripleO keystone endpoint. This endpoint is no longer reachable post adoption.
As a result, Openshift components fail to authenticate with keystone. Operators that depend on Openstack APIs (including image registry, storage/csi and machine api) reports timeouts and enter degraded states.
//image registry still pointing to old keystone url. [rajesh@e18-h18-000-r660 ocp_clusters]$ oc get configs.imageregistry.operator.openshift.io cluster -o yaml | grep -A30 "status:" status: conditions: - lastTransitionTime: "2026-01-04T08:34:39Z" message: 'failed to authenticate against OpenStack: Get "https://overcloud.redhat.local:13000/": dial tcp 172.19.3.177:13000: connect: connection timed out' reason: Could not connect to registry storage status: Unknown type: StorageExists - lastTransitionTime: "2026-01-04T08:37:18Z" message: The deployment does not have available replicas reason: NoReplicasAvailable status: "False" type: Available - lastTransitionTime: "2026-01-04T08:34:39Z" message: 'Unable to apply resources: unable to sync storage configuration: failed to authenticate against OpenStack: Get "https://overcloud.redhat.local:13000/": dial tcp 172.19.3.177:13000: connect: connection timed out' // old secret [rajesh@e18-h18-000-r660 ocp_clusters]$ oc get secret -n openshift-image-registry installer-cloud-credentials -o jsonpath='{.data.clouds\.yaml}' | base64 -d clouds: openstack: auth: auth_url: https://overcloud.redhat.local:13000 password: redhat project_domain_name: Default project_name: lmyirbr9yrhocp user_domain_name: Default username: lmyirbr9yrhocp cacert: /etc/kubernetes/static-pod-resources/configmaps/cloud-config/ca-bundle.pem identity_api_version: "3" region_name: regionOne verify: true volume_api_version: "3" // storage/csi operator failure [rajesh@e18-h18-000-r660 ocp_clusters]$ oc logs -n openshift-cluster-csi-drivers deployment/openstack-cinder-csi-driver-operator --tail=3 E0115 16:19:17.362768 1 base_controller.go:279] "Unhandled Error" err="ConfigSync reconciliation failed: couldn't collect info about cloud availability zones: failed to create a compute client: Get \"https://overcloud.redhat.local:13000/\": dial tcp 172.19.3.177:13000: i/o timeout" E0115 16:27:47.354303 1 base_controller.go:279] "Unhandled Error" err="ConfigSync reconciliation failed: couldn't collect info about cloud availability zones: failed to create a compute client: Get \"https://overcloud.redhat.local:13000/\": dial tcp 172.19.3.177:13000: i/o timeout" E0115 16:28:17.357324 1 base_controller.go:279] "Unhandled Error" err="ConfigSync reconciliation failed: couldn't collect info about cloud availability zones: failed to create a compute client: Get \"https://overcloud.redhat.local:13000/\": dial tcp 172.19.3.177:13000: i/o timeout" // old secret [rajesh@e18-h18-000-r660 ocp_clusters]$ oc get secret -n openshift-cluster-csi-drivers openstack-cloud-credentials -o jsonpath='{.data.clouds\.yaml}' | base64 -d clouds: openstack: auth: auth_url: https://overcloud.redhat.local:13000 password: redhat project_domain_name: Default project_name: lmyirbr9yrhocp user_domain_name: Default username: lmyirbr9yrhocp cacert: /etc/kubernetes/static-pod-resources/configmaps/cloud-config/ca-bundle.pem identity_api_version: "3" region_name: regionOne verify: true volume_api_version: "3" // machine api failure [rajesh@e18-h18-000-r660 ocp_clusters]$ oc get secret -n openshift-machine-api openstack-cloud-credentials -o jsonpath='{.data.clouds\.yaml}' | base64 -d clouds: openstack: auth: auth_url: https://overcloud.redhat.local:13000 password: redhat project_domain_name: Default project_name: lmyirbr9yrhocp user_domain_name: Default username: lmyirbr9yrhocp cacert: /etc/kubernetes/static-pod-resources/configmaps/cloud-config/ca-bundle.pem identity_api_version: "3" region_name: regionOne verify: true volume_api_version: "3"
Cluster status:
[rajesh@e18-h18-000-r660 ocp_clusters]$ oc get co NAME VERSION AVAILABLE PROGRESSING DEGRADED SINCE MESSAGE authentication 4.18.28 True False False 23m baremetal 4.18.28 True False False 20d cloud-controller-manager 4.18.28 True False False 20d cloud-credential 4.18.28 True False False 20d cluster-autoscaler 4.18.28 True False False 20d config-operator 4.18.28 True False False 20d console 4.18.28 True False False 27m control-plane-machine-set 4.18.28 True False False 20d csi-snapshot-controller 4.18.28 True False False 20d dns 4.18.28 True False False 20d etcd 4.18.28 True False False 22m image-registry 4.18.28 False True True 11d Available: The deployment does not have available replicas... ingress 4.18.28 True False False 20d insights 4.18.28 False False True 3d10h Unable to report: unable to build request to connect to Insights server: Post "https://console.redhat.com/api/ingress/v1/upload": dial tcp 2.18.49.203:443: i/o timeout kube-apiserver 4.18.28 True False False 20d kube-controller-manager 4.18.28 True False False 20d kube-scheduler 4.18.28 True False False 20d kube-storage-version-migrator 4.18.28 True False False 20d machine-api 4.18.28 True False False 20d machine-approver 4.18.28 True False False 20d machine-config 4.18.28 True False False 20d marketplace 4.18.28 True False False 20d monitoring 4.18.28 False True True 25m UpdatingMetricsServer: reconciling MetricsServer Deployment failed: updating Deployment object failed: waiting for DeploymentRollout of openshift-monitoring/metrics-server: context deadline exceeded: the number of pods targeted by the deployment (3 pods) is different from the number of pods targeted by the deployment that have the desired template spec (2 pods) network 4.18.28 True True False 20d DaemonSet "/openshift-multus/network-metrics-daemon" is not available (awaiting 2 nodes)... node-tuning 4.18.28 True True False 20d Waiting for 1/6 Profiles to be applied olm 4.18.28 True False False 20d openshift-apiserver 4.18.28 True False False 70m openshift-controller-manager 4.18.28 True False False 20d openshift-samples 4.18.28 True False False 20d operator-lifecycle-manager 4.18.28 True False False 20d operator-lifecycle-manager-catalog 4.18.28 True False False 20d operator-lifecycle-manager-packageserver 4.18.28 True False False 67m service-ca 4.18.28 True False False 20d storage 4.18.28 True False True 20d OpenStackCinderCSIDriverOperatorCRDegraded: ConfigSyncDegraded: couldn't collect info about cloud availability zones: failed to create a compute client: Get "https://overcloud.redhat.local:13000/": dial tcp 172.19.3.177:13000: i/o timeout [rajesh@e18-h18-000-r660 ocp_clusters]$
