Bug 1418191
Summary: | Getting 'Failed to pull image .... x509: certificate signed by unknown authority', after redeployed certificates | ||
---|---|---|---|
Product: | OpenShift Container Platform | Reporter: | Takayuki Konishi <tkonishi> |
Component: | Installer | Assignee: | Andrew Butcher <abutcher> |
Status: | CLOSED ERRATA | QA Contact: | Gaoyun Pei <gpei> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 3.3.1 | CC: | abutcher, aos-bugs, jokerman, mmccomas, nhashimo, rromerom |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: |
Previously the registry certificate was not properly updated when running the certificate re-deploy playbooks which may have prevented pushing or pulling images. The playbooks have been updated to ensure that the registry certificate is correctly updated.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2017-04-12 18:49:30 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Takayuki Konishi
2017-02-01 08:58:07 UTC
Test this with openshift-ansible-3.5.6-1.git.0.5e6099d.el7.noarch. For an ocp-3.5 cluster, redeploy the openshift CA certificate files with running command: ansible-playbook -i inventory playbooks/byo/openshift-cluster/redeploy-openshift-ca.yml After playbook finished, create an app, sti-build could be done successfully, built image could be pushed into docker-registry. Redeploy all openshift certificates(etcd/master/node/router/registry certificates) with running command: ansible-playbook -i inventory playbooks/byo/openshift-cluster/redeploy-certificates.yml After playbook finished, create an app, sti-build could be done, image could be pushed into docker-registry. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2017:0903 |