Bug 1461635

Summary: [3.3] Hawkular Metrics cannot handle connecting to the Kubernetes Master when the ca.crt contains multiple certificates.
Product: OpenShift Container Platform Reporter: Takayoshi Kimura <tkimura>
Component: HawkularAssignee: Matt Wringe <mwringe>
Status: CLOSED ERRATA QA Contact: Junqi Zhao <juzhao>
Severity: urgent Docs Contact:
Priority: urgent    
Version: 3.3.1CC: aos-bugs, erjones, jcantril, jtakvori, juzhao, mcurry, mwringe, stwalter, tkimura, wsun
Target Milestone: ---   
Target Release: 3.3.1   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: No Doc Update
Doc Text:
undefined
 Story Points: ---
Clone Of: 1447463
: 1468308 1479930 (view as bug list) Environment:
Last Closed: 2017-08-31 17:00:23 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1447463    
Bug Blocks: 1468308, 1468309, 1479930    
Attachments:
Description Flags
metrics diagram could be viewed form web console none

Description Takayoshi Kimura 2017-06-15 03:02:51 UTC 
Backport the fix to 3.3 image, we have customers who run 3.3 and hitting this issue.
Comment 4 Matt Wringe 2017-07-06 16:04:19 UTC 
*** Bug 1448999 has been marked as a duplicate of this bug. ***
Comment 6 Junqi Zhao 2017-07-10 01:31:26 UTC 
Verify step is the same as 
https://bugzilla.redhat.com/show_bug.cgi?id=1447463#c64

Verification steps:
1. Add the example certificate before and after /etc/origin/master/ca-bundle.crt.
2. Restart server and deploy metrics 3.3.1 by using images from brew registry.
3. oc rsh ${HAWKULAR_METRICS_PODS};
   cat /var/run/secrets/kubernetes.io/serviceaccount/ca.crt

/var/run/secrets/kubernetes.io/serviceaccount/ca.crt is the same with /etc/origin/master/ca-bundle.crt.

4. Login web console, metrics can  be viewed, see the attached web UI snapshot

Testing env:
# openshift version
openshift v3.3.1.46.2
kubernetes v1.3.0+52492b4
etcd 2.3.0+git

Imags from brew registry, metrics-hawkular-metrics latest image is 3.3.1-19 now
metrics-hawkular-metrics   3.3.1               dbe8059ce797        3 days ago          1.773 GB
metrics-hawkular-metrics   3.3.1-19            dbe8059ce797        3 days ago          1.773 GB
metrics-deployer           3.3.1               63b8bb3b83a8        4 days ago          757.8 MB
metrics-cassandra          3.3.1               08450ccd6ce6        3 weeks ago         536.3 MB
metrics-heapster           3.3.1               823e44a1ec44        3 weeks ago         278 MB
Comment 7 Junqi Zhao 2017-07-10 01:31:51 UTC 
Created attachment 1295664 [details]
metrics diagram could be viewed form web console
Comment 10 Junqi Zhao 2017-07-25 04:15:47 UTC 
Verification steps are the same as Comment 6. Login web console, metrics can  be viewed, Hawkular Metrics can handle connecting to the Kubernetes Master when the ca.crt contains multiple certificates now.

Testing env:
# openshift version
openshift v3.3.1.46.6
kubernetes v1.3.0+52492b4
etcd 2.3.0+git

Images from brew registry
metrics-hawkular-metrics   3.3.1-22            21325bd35afb        8 hours ago         1.773 GB
metrics-cassandra          3.3.1-21            418c270b2efe        8 hours ago         735.4 MB
metrics-heapster           3.3.1-21            affd2b1c0b41        8 hours ago         278 MB
metrics-deployer           v3.3.1.46.6-2       270022b5670c        8 hours ago         757.9 MB
Comment 12 errata-xmlrpc 2017-08-31 17:00:23 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2017:1828