Bug 1500471
Summary: | 3.6.1 White spaces in the cert prevents Origin Metrics from starting | ||||||
---|---|---|---|---|---|---|---|
Product: | OpenShift Container Platform | Reporter: | Juraci Paixão Kröhling <jcosta> | ||||
Component: | Hawkular | Assignee: | Juraci Paixão Kröhling <jcosta> | ||||
Status: | CLOSED ERRATA | QA Contact: | Junqi Zhao <juzhao> | ||||
Severity: | urgent | Docs Contact: | |||||
Priority: | urgent | ||||||
Version: | 3.6.1 | CC: | aos-bugs, cbucur, erich, erjones, hgomes, jcantril, jcosta, juzhao, mwringe, pweil, stwalter | ||||
Target Milestone: | --- | ||||||
Target Release: | 3.6.z | ||||||
Hardware: | Unspecified | ||||||
OS: | Unspecified | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | If docs needed, set a value | |||||
Doc Text: |
When either a certificate within the chain at `serviceaccount/ca.crt` or any of the certificates within the provided truststore file contain a white space after the `BEGIN CERTIFICATE` declaration, the Java keytool rejects the certificate with an error, causing Origin Metrics to fail to start. As a workaround, Origin Metrics will now attempt to remove the spaces before feeding the certificate to the Keytool, but admins should make sure their certificates don't contain such spaces.
|
Story Points: | --- | ||||
Clone Of: | 1471251 | Environment: | |||||
Last Closed: | 2017-12-07 07:12:13 UTC | Type: | Bug | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Bug Depends On: | 1471251, 1503450 | ||||||
Bug Blocks: | 1500464 | ||||||
Attachments: |
|
Comment 2
Junqi Zhao
2017-10-18 12:40:52 UTC
Created attachment 1340164 [details]
hawkular-metrics 3.6 pod log
The cause is similar to BZ 1503462 : another Java component of the stack complains about the extra spaces. As the path is fixed to a specific cert file, we cannot easily fix this on our side: https://github.com/jboss-openshift/openshift-ping/blob/master/kube/src/main/java/org/openshift/ping/kube/KubePing.java#L91 If we *need* to apply the workaround on a scenario involving this component, a new BZ should be opened. (In reply to Juraci Paixão Kröhling from comment #4) > The cause is similar to BZ 1503462 : another Java component of the stack > complains about the extra spaces. As the path is fixed to a specific cert > file, we cannot easily fix this on our side: > > https://github.com/jboss-openshift/openshift-ping/blob/master/kube/src/main/ > java/org/openshift/ping/kube/KubePing.java#L91 > > If we *need* to apply the workaround on a scenario involving this component, > a new BZ should be opened. Opened BZ to track: https://bugzilla.redhat.com/show_bug.cgi?id=1503931 env and steps please see Comment 2, the exception mentioned in Comment 2 does not affect metrics function. See Comment 5 Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2017:3389 |