Bug 1538895

Summary: [3.6] Invalid entries in namedCertificates when using openshift_master_named_certificates
Product: OpenShift Container Platform Reporter: Russell Teague <rteague>
Component: InstallerAssignee: Russell Teague <rteague>
Status: CLOSED ERRATA QA Contact: Johnny Liu <jialiu>
Severity: high Docs Contact:
Priority: unspecified    
Version: 3.6.0CC: aos-bugs, jialiu, jokerman, jupierce, mmccomas, rpuccini
Target Milestone: ---Flags: jupierce: needinfo-
Target Release: 3.6.z   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Cause: Alternative names in certificates were not being properly parsed. Consequence: Alternatives with 'email:' were being added as additional hostnames. Fix: Updated the logic to only add alternative names which begin with 'DNS:' Result: Proper parsing and updating of namedCertificates
 Story Points: ---
Clone Of: 1502838 Environment:
Last Closed: 2018-04-12 06:01:18 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Comment 1 Russell Teague 2018-01-26 16:27:58 UTC 
https://github.com/openshift/openshift-ansible/pull/6891
Comment 3 Johnny Liu 2018-01-30 09:07:27 UTC 
Retest this bug with "openshift-ansible-3.6.173.0.101-1.git.0.7c6b77f.el7.noarch, and FAIL.

# cat /etc/origin/master/master-config.yaml
<--snip-->
  namedCertificates:
  - certFile: /etc/origin/master/named_certificates/cloudbeta.rio.gov.br.crt
    keyFile: /etc/origin/master/named_certificates/cloudbeta.rio.gov.br.key
    names:
    - "email:hostmaster.rj.gov.br"
    - "cloudbeta.rio.gov.br"
<--snip-->

Seem like the PR is not landed into the rpm package.
Comment 4 Russell Teague 2018-02-02 16:05:15 UTC 
Waiting for 3.6 build
Comment 6 Russell Teague 2018-02-15 20:33:49 UTC 
$ git tag --contains 6be727ca13ca1260333ab7b16636c2ab7a449a70
openshift-ansible-3.6.173.0.103-1
Comment 7 Johnny Liu 2018-02-22 08:22:55 UTC 
Verified this bug with openshift-ansible-3.6.173.0.104-1.git.0.ee43cc5.el7.noarch, and PASS.

# cat /etc/origin/master/master-config.yaml
<--snip-->
  namedCertificates:
  - certFile: /etc/origin/master/named_certificates/cloudbeta.rio.gov.br.crt
    keyFile: /etc/origin/master/named_certificates/cloudbeta.rio.gov.br.key
    names:
    - "cloudbeta.rio.gov.br"
<--snip-->
Comment 10 errata-xmlrpc 2018-04-12 06:01:18 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:1106