I'm trying to do my first openstack 4.1.2.1 deployment.
It's a compact deployment on vCenter 6.0 and with NSX-V 6.4.
The deployment start and get an error related to certificates during the start of the provisioning of the first 2 virtual machine (controlplane and compute).
This is where i get an error it seems that the ansible task used to copy the ca files get an error. Anyone had a similar experience or know what can create this problem?
2019-03-09 09:56:35,579 column.plugins.callback.progress Started TASK [prep-common : update the available ephemeral port range to 10000~65535]
2019-03-09 09:56:35,790 p=1425 u=jarvis | changed: [10.160.19.103]
2019-03-09 09:56:35,795 p=1425 u=jarvis | changed: [10.160.19.104]
2019-03-09 09:56:35,798 p=1425 u=jarvis | TASK [prep-common : load settings from /etc/sysctl.conf] ***********************
2019-03-09 09:56:35,799 column.plugins.callback.progress Started TASK [prep-common : load settings from /etc/sysctl.conf]
2019-03-09 09:56:35,940 p=1425 u=jarvis | changed: [10.160.19.103]
2019-03-09 09:56:35,946 p=1425 u=jarvis | changed: [10.160.19.104]
2019-03-09 09:56:35,949 p=1425 u=jarvis | TASK [prep-common : Add viouser to adm to allow access to logs] ****************
2019-03-09 09:56:35,949 column.plugins.callback.progress Started TASK [prep-common : Add viouser to adm to allow access to logs]
2019-03-09 09:56:36,072 p=1425 u=jarvis | ok: [10.160.19.103]
2019-03-09 09:56:36,077 p=1425 u=jarvis | ok: [10.160.19.104]
2019-03-09 09:56:36,081 p=1425 u=jarvis | TASK [prep-common : list existing certificates] ********************************
2019-03-09 09:56:36,081 column.plugins.callback.progress Started TASK [prep-common : list existing certificates]
2019-03-09 09:56:36,439 p=1425 u=jarvis | ok: [10.160.19.103]
2019-03-09 09:56:36,445 p=1425 u=jarvis | ok: [10.160.19.104]
2019-03-09 09:56:36,448 p=1425 u=jarvis | TASK [prep-common : remove existing certificates] ******************************
2019-03-09 09:56:36,448 column.plugins.callback.progress Started TASK [prep-common : remove existing certificates]
2019-03-09 09:56:36,496 p=1425 u=jarvis | TASK [prep-common : write Root CA certificates] ********************************
2019-03-09 09:56:36,496 column.plugins.callback.progress Started TASK [prep-common : write Root CA certificates]
2019-03-09 09:56:37,287 p=1425 u=jarvis | An exception occurred during task execution. To see the full traceback, use -vvv. The error was: ValueError: Country name must be a 2 character country code
2019-03-09 09:56:37,290 p=1425 u=jarvis | fatal: [10.160.19.103]: FAILED! => {"changed": false, "failed": true, "module_stderr": "Traceback (most recent call last):\n File \"/tmp/ansible_iEJZ1c/ansible_module_write_certificates.py\", line 104, in <module>\n main()\n File \"/tmp/ansible_iEJZ1c/ansible_module_write_certificates.py\", line 76, in main\n issued_to = cert.subject.get_attributes_for_oid(\n File \"/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/x509.py\", line 106, in subject\n return _decode_x509_name(self._backend, subject)\n File \"/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/decode_asn1.py\", line 51, in _decode_x509_name\n attribute = _decode_x509_name_entry(backend, entry)\n File \"/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/decode_asn1.py\", line 42, in _decode_x509_name_entry\n return x509.NameAttribute(x509.ObjectIdentifier(oid), value)\n File \"/usr/lib/python2.7/dist-packages/cryptography/x509/name.py\", line 27, in __init__\n \"Country name must be a 2 character country code\"\nValueError: Country name must be a 2 character country code\n", "module_stdout": "", "msg": "MODULE FAILURE", "rc": 1}
2019-03-09 09:56:37,293 p=1425 u=jarvis | An exception occurred during task execution. To see the full traceback, use -vvv. The error was: ValueError: Country name must be a 2 character country code
2019-03-09 09:56:37,293 p=1425 u=jarvis | fatal: [10.160.19.104]: FAILED! => {"changed": false, "failed": true, "module_stderr": "Traceback (most recent call last):\n File \"/tmp/ansible_Azac9x/ansible_module_write_certificates.py\", line 104, in <module>\n main()\n File \"/tmp/ansible_Azac9x/ansible_module_write_certificates.py\", line 76, in main\n issued_to = cert.subject.get_attributes_for_oid(\n File \"/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/x509.py\", line 106, in subject\n return _decode_x509_name(self._backend, subject)\n File \"/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/decode_asn1.py\", line 51, in _decode_x509_name\n attribute = _decode_x509_name_entry(backend, entry)\n File \"/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/decode_asn1.py\", line 42, in _decode_x509_name_entry\n return x509.NameAttribute(x509.ObjectIdentifier(oid), value)\n File \"/usr/lib/python2.7/dist-packages/cryptography/x509/name.py\", line 27, in __init__\n \"Country name must be a 2 character country code\"\nValueError: Country name must be a 2 character country code\n", "module_stdout": "", "msg": "MODULE FAILURE", "rc": 1}
2019-03-09 09:56:37,294 p=1425 u=jarvis | to retry, use: --limit @/var/lib/vio/ansible/site.retry
It seems the problem is my default nsx manageger certificate:
CN=vShield Manager,OU=vShield,O=VMware Inc.,L=Palo Alto,ST=CA,C=USA |
Anyone know if there's any workaround?