Bug 1538896

Summary: [3.7] Invalid entries in namedCertificates when using openshift_master_named_certificates
Product: OpenShift Container Platform Reporter: Russell Teague <rteague>
Component: InstallerAssignee: Russell Teague <rteague>
Status: CLOSED ERRATA QA Contact: Johnny Liu <jialiu>
Severity: high Docs Contact:
Priority: unspecified    
Version: 3.7.1CC: aos-bugs, jialiu, jokerman, mmccomas, rpuccini
Target Milestone: ---   
Target Release: 3.7.z   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Cause: Alternative names in certificates were not being properly parsed. Consequence: Alternatives with 'email:' were being added as additional hostnames. Fix: Updated the logic to only add alternative names which begin with 'DNS:' Result: Proper parsing and updating of namedCertificates
 Story Points: ---
Clone Of: 1502838 Environment:
Last Closed: 2018-04-05 09:36:18 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Comment 1 Russell Teague 2018-01-26 16:21:44 UTC 
Proposed: https://github.com/openshift/openshift-ansible/pull/6890
Comment 2 Russell Teague 2018-01-29 13:11:03 UTC 
Fixed in openshift-ansible-3.7.27-1
Comment 4 Johnny Liu 2018-01-30 08:56:03 UTC 
Verified this bug with openshift-ansible-3.7.27-1.git.0.ae95fc3.el7.noarch, and PASS.

# cat /etc/origin/master/master-config.yaml
<--snip-->
  namedCertificates:
  - certFile: /etc/origin/master/named_certificates/cloudbeta.rio.gov.br.crt
    keyFile: /etc/origin/master/named_certificates/cloudbeta.rio.gov.br.key
    names:
    - cloudbeta.rio.gov.br
<--snip-->
Comment 8 errata-xmlrpc 2018-04-05 09:36:18 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:0636