-
Bug
-
Resolution: Done-Errata
-
Minor
-
rhos-18.0.0
-
0
-
False
-
-
False
-
?
-
?
-
telemetry-operator-container-1.0.4-4
-
?
-
?
-
None
-
-
-
3
-
CloudOps 2024 Sprint 14
-
1
-
Low
- impact analysis
- related compose
- Downstream current-podified
- _How reproducible
_- everytime
- Steps to reproduce
- Deploy RHOSO
- Deploy a Prometheus without TLS (manualy)
- Set the "prometheusHost" and "prometheusPort" to point to the deployed prometheus
- Set "prometheusTLS" to false
- Expected result
- Aodh can connect to Prometheus without TLS. Alarms work. Observabilityclient inside aodh-evaluator is configured to not use TLS
- Actual results
- Aodh can't connect to Prometheus - it's trying to use TLS. Alarms have insufficient data. Observabilityclient inside aodh-evaluator is configured to use TLS
- Additional info:
- Deployed autoscaling CR
apiVersion: v1 items: - apiVersion: telemetry.openstack.org/v1beta1 kind: Autoscaling metadata: creationTimestamp: "2024-06-27T08:23:38Z" finalizers: - openstack.org/autoscaling generation: 2 name: autoscaling namespace: openstack ownerReferences: - apiVersion: telemetry.openstack.org/v1beta1 blockOwnerDeletion: true controller: true kind: Telemetry name: telemetry uid: e9218db2-2a00-4893-8abf-6e7d5ec24858 resourceVersion: "1201416" uid: a72f58cb-4687-43be-a712-dacb070a3dff spec: aodh: apiImage: images.paas.redhat.com/podified-rhos18-rhel9/openstack-aodh-api:current-podified customServiceConfig: '# add your customization here' databaseAccount: aodh databaseInstance: openstack evaluatorImage: images.paas.redhat.com/podified-rhos18-rhel9/openstack-aodh-evaluator:current-podified listenerImage: images.paas.redhat.com/podified-rhos18-rhel9/openstack-aodh-listener:current-podified notifierImage: images.paas.redhat.com/podified-rhos18-rhel9/openstack-aodh-notifier:current-podified override: service: internal: metadata: labels: osctlplane: "" osctlplane-service: telemetry public: endpointURL: https://aodh-public-openstack.apps-crc.testing metadata: labels: osctlplane: "" osctlplane-service: telemetry passwordSelector: aodhService: AodhPassword ceilometerService: CeilometerPassword preserveJobs: false rabbitMqClusterName: rabbitmq secret: osp-secret serviceUser: aodh tls: api: internal: secretName: cert-aodh-internal-svc public: secretName: cert-aodh-public-svc caBundleSecretName: combined-ca-bundle heatInstance: heat prometheusHost: prometheus-prom-0.openstack.svc prometheusPort: 9090 prometheusTLS: false
Deployed Prometheus CR
spec: alerting: alertmanagers: - name: alertmanager namespace: default port: web evaluationInterval: 30s portName: web replicas: 1 scrapeInterval: 30s serviceAccountName: prometheus serviceMonitorSelector: matchLabels: service: ceilometerThe wrong configuration generated for observabilityclient
]$ oc extract secret/aodh-config-data --keys=prometheus.yaml --to=- # prometheus.yaml host: prometheus-prom-0.openstack.svc port: 9090 ca_cert: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
- links to
-
RHSA-2024:140345
RHOSO OpenStack Podified operator containers security update
