Bug 1283004

Summary: ansible should change the ca filepath if certificate contains 'names' key
Product: OpenShift Container Platform Reporter: Ma xiaoqiang <xiama>
Component: InstallerAssignee: Andrew Butcher <abutcher>
Status: CLOSED ERRATA QA Contact: Ma xiaoqiang <xiama>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 3.1.0CC: aos-bugs, bleanhar, jokerman, mmccomas, xtian
Target Milestone: ---Keywords: UpcomingRelease
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
The advanced installation configuration option 'openshift_master_named_certificates' did not properly set the correct path when installing provided certificates on your masters. This error has been corrected.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2015-12-17 21:19:39 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Ma xiaoqiang 2015-11-18 02:28:33 UTC 
Description of problem:
ansible should change the ca filepath if certificate contains 'names' key

Version-Release number of selected component (if applicable):
https://github.com/abutcher/openshift-ansible namedCertRefactor

How reproducible:
Always


Steps to Reproduce:

1. Install env with custom certificate
openshift_master_overwrite_named_certificates=true
openshift_master_named_certificates=[{"certfile": "/home/jenkins3/workspace/custom2.crt", "keyfile": "/home/jenkins3/workspace/custom2.key", "names": ["test.redhat.com"]}, {"certfile": "/home/jenkins3/workspace/OSE_V3_Ansible_Installer/custom3.crt", "keyfile": "/home/jenkins3/workspace/OSE_V3_Ansible_Installer/custom3.key"}]


Actual results:
TASK: [openshift_master | Start and enable master api] ************************ 
failed: [10.66.79.136] => {"failed": true}
msg: Job for atomic-openshift-master-api.service failed because the control process exited with error code. See "systemctl status atomic-openshift-master-api.service" and "journalctl -xe" for details.

Fail to start master service

check the master configuation 
  namedCertificates:
  - certFile: /home/jenkins3/workspace/custom2.crt
    keyFile: /home/jenkins3/workspace/custom2.key
    names:
    - "test.redhat.com"
  - certFile: /etc/origin/master/named_certificates/custom3.crt
    keyFile: /etc/origin/master/named_certificates/custom3.key
    names:
    - "custom3.test.com"
Did not change the certificate filepath

Expected results:
should change the certificate filepath

Additional info:
Comment 1 Andrew Butcher 2015-11-18 14:15:44 UTC 
Proposed fix is here: https://github.com/openshift/openshift-ansible/pull/881
Comment 2 Ma xiaoqiang 2015-11-19 01:40:10 UTC 
Get expected result, move it to VERIFIED
Comment 4 errata-xmlrpc 2015-12-17 21:19:39 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2015:2667