Bug 1256692
Summary: | When use inconsistent owner of signer key and serial file to create certificate meet crash error | ||
---|---|---|---|
Product: | OpenShift Container Platform | Reporter: | DeShuai Ma <dma> |
Component: | apiserver-auth | Assignee: | Jordan Liggitt <jliggitt> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | weiwei jiang <wjiang> |
Severity: | low | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | aos-bugs, dmcphers, wsun |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2016-05-12 17:09:08 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
DeShuai Ma
2015-08-25 09:32:26 UTC
[fedora@ip-172-18-7-137 master]$ openshift version openshift v1.1.1-21-gbc1a879 kubernetes v1.1.0-origin-1107-g4c8e6f4 etcd 2.2.2 [fedora@ip-172-18-7-137 master]$ ls -l ca* -rw-r--r--. 1 fedora fedora 1066 Feb 14 05:15 ca.crt -rw-------. 1 fedora fedora 1675 Feb 14 05:15 ca.key -rw-r--r--. 1 root root 2 Feb 14 05:26 ca.serial.txt [fedora@ip-172-18-7-137 master]$ oadm ca create-server-cert --signer-cert=ca.crt --signer-key=ca.key --signer-serial=ca.serial.txt --hostnames='docker-registry.dma1.svc.cluster.local,172.18.7.137' --cert=registry.crt --key=registry.key --v=6 I0214 05:30:55.286711 8312 create_servercert.go:106] Creating a server cert with: admin.CreateServerCertOptions{SignerCertOptions:(*admin.SignerCertOptions)(0xc20850a0c0), CertFile:"registry.crt", KeyFile:"registry.key", Hostnames:[]string{"docker-registry.dma1.svc.cluster.local", "172.18.7.137"}, Overwrite:true, Output:(*os.File)(0xc20802e008)} I0214 05:30:55.428845 8312 crypto.go:249] Generating server certificate in registry.crt, key in registry.key panic: runtime error: invalid memory address or nil pointer dereference [signal 0xb code=0x1 addr=0x0 pc=0xcfabfc] goroutine 1 [running]: github.com/openshift/origin/pkg/cmd/server/crypto.encodeCertificates(0xc2084e0560, 0x2, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0) /go/src/github.com/openshift/origin/_output/local/go/src/github.com/openshift/origin/pkg/cmd/server/crypto/crypto.go:467 +0x2bc github.com/openshift/origin/pkg/cmd/server/crypto.writeCertificates(0x7fff1cc4351b, 0xc, 0xc2084e0560, 0x2, 0x2, 0x0, 0x0) /go/src/github.com/openshift/origin/_output/local/go/src/github.com/openshift/origin/pkg/cmd/server/crypto/crypto.go:501 +0xdf github.com/openshift/origin/pkg/cmd/server/crypto.(*TLSCertificateConfig).writeCertConfig(0xc2083eee40, 0x7fff1cc4351b, 0xc, 0x7fff1cc4352e, 0xc, 0x0, 0x0) /go/src/github.com/openshift/origin/_output/local/go/src/github.com/openshift/origin/pkg/cmd/server/crypto/crypto.go:71 +0x67 github.com/openshift/origin/pkg/cmd/server/crypto.(*CA).MakeServerCert(0xc2083eae70, 0x7fff1cc4351b, 0xc, 0x7fff1cc4352e, 0xc, 0xc2083eb230, 0x1, 0x0, 0x0) /go/src/github.com/openshift/origin/_output/local/go/src/github.com/openshift/origin/pkg/cmd/server/crypto/crypto.go:258 +0x5b2 github.com/openshift/origin/pkg/cmd/server/admin.CreateServerCertOptions.CreateServerCert(0xc20850a0c0, 0x7fff1cc4351b, 0xc, 0x7fff1cc4352e, 0xc, 0xc20851e7a0, 0x2, 0x2, 0x1, 0x7f41701a5530, ...) /go/src/github.com/openshift/origin/_output/local/go/src/github.com/openshift/origin/pkg/cmd/server/admin/create_servercert.go:116 +0x224 github.com/openshift/origin/pkg/cmd/server/admin.func·015(0xc208503c00, 0xc2085107e0, 0x0, 0x7) /go/src/github.com/openshift/origin/_output/local/go/src/github.com/openshift/origin/pkg/cmd/server/admin/create_servercert.go:59 +0x139 github.com/spf13/cobra.(*Command).execute(0xc208503c00, 0xc208510700, 0x7, 0x7, 0x0, 0x0) /go/src/github.com/openshift/origin/Godeps/_workspace/src/github.com/spf13/cobra/command.go:572 +0x82f github.com/spf13/cobra.(*Command).ExecuteC(0xc2084e8000, 0xc208503c00, 0x0, 0x0) /go/src/github.com/openshift/origin/Godeps/_workspace/src/github.com/spf13/cobra/command.go:662 +0x4db github.com/spf13/cobra.(*Command).Execute(0xc2084e8000, 0x0, 0x0) /go/src/github.com/openshift/origin/Godeps/_workspace/src/github.com/spf13/cobra/command.go:618 +0x3a main.main() /go/src/github.com/openshift/origin/_output/local/go/src/github.com/openshift/origin/cmd/openshift/openshift.go:22 +0x175 goroutine 5 [syscall]: os/signal.loop() /usr/lib/golang/src/os/signal/signal_unix.go:21 +0x1f created by os/signal.init·1 /usr/lib/golang/src/os/signal/signal_unix.go:27 +0x35 goroutine 10 [chan receive]: github.com/golang/glog.(*loggingT).flushDaemon(0x4cdab20) /go/src/github.com/openshift/origin/Godeps/_workspace/src/github.com/golang/glog/glog.go:879 +0x78 created by github.com/golang/glog.init·1 /go/src/github.com/openshift/origin/Godeps/_workspace/src/github.com/golang/glog/glog.go:410 +0x2a7 goroutine 17 [syscall, locked to thread]: runtime.goexit() /usr/lib/golang/src/runtime/asm_amd64.s:2232 +0x1 This is fixed in master, but has not been tagged into a release yet. Verify this on the latest origin. [fedora@ip-172-18-14-193 master]$ openshift version openshift v1.1.2-301-gcf704a1 kubernetes v1.2.0-origin etcd 2.2.2+git [fedora@ip-172-18-14-193 master]$ ls -l ca* -rw-r--r--. 1 fedora fedora 1070 Feb 17 04:49 ca.crt -rw-------. 1 fedora fedora 1679 Feb 17 04:49 ca.key -rw-r--r--. 1 root root 2 Feb 17 04:49 ca.serial.txt [fedora@ip-172-18-14-193 master]$ oadm ca create-server-cert --signer-cert=ca.crt --signer-key=ca.key --signer-serial=ca.serial.txt --hostnames='docker-registry.dma1.svc.cluster.local,172.18.7.137' --cert=registry.crt --key=registry.key --v=6 I0217 05:06:33.096226 6223 create_servercert.go:106] Creating a server cert with: admin.CreateServerCertOptions{SignerCertOptions:(*admin.SignerCertOptions)(0xc82048af00), CertFile:"registry.crt", KeyFile:"registry.key", Hostnames:[]string{"docker-registry.dma1.svc.cluster.local", "172.18.7.137"}, Overwrite:true, Output:(*os.File)(0xc82002c010)} I0217 05:06:33.097217 6223 crypto.go:249] Generating server certificate in registry.crt, key in registry.key I0217 05:06:33.303345 6223 create_servercert.go:121] Generated new server certificate as registry.crt, key as registry.key F0217 05:06:33.303399 6223 helpers.go:104] error: open ca.serial.txt: permission denied |