Bug 1668534
Summary: | Using operator to install ASB/TSB, it failed with error ' CERTIFICATE_VERIFY_FAILED' | ||
---|---|---|---|
Product: | OpenShift Container Platform | Reporter: | Zihan Tang <zitang> |
Component: | apiserver-auth | Assignee: | Erica von Buelow <evb> |
Status: | CLOSED ERRATA | QA Contact: | Chuan Yu <chuyu> |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | 4.1.0 | CC: | aos-bugs, chezhang, chuyu, dyan, eparis, jfan, jiazha, rmeggins, shurley, sponnaga |
Target Milestone: | --- | ||
Target Release: | 4.1.0 | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2019-06-04 10:42:08 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 1605136, 1662257, 1662274, 1667363, 1669368, 1678624 |
Description
Zihan Tang
2019-01-23 03:05:34 UTC
Adding TestBlocker keyword since it is blocking automation broker testing Install templateservicebroker, also hit this issue. $ oc get templateservicebroker -o yaml -n openshift-template-service-broker apiVersion: v1 items: - apiVersion: osb.openshift.io/v1alpha1 kind: TemplateServiceBroker metadata: creationTimestamp: 2019-01-28T03:02:54Z finalizers: - finalizer.osb.openshift.io generation: 1 name: template-service-broker namespace: openshift-template-service-broker resourceVersion: "38123" selfLink: /apis/osb.openshift.io/v1alpha1/namespaces/openshift-template-service-broker/templateservicebrokers/template-service-broker uid: 34c248fd-22a9-11e9-9f04-060ee74b6582 spec: {} status: conditions: - ansibleResult: changed: 1 completion: 2019-01-28T03:03:02.349635 failures: 1 ok: 4 skipped: 0 lastTransitionTime: 2019-01-28T03:03:02Z message: 'An unhandled exception occurred while running the lookup plugin ''k8s''. Error was a <class ''urllib3.exceptions.MaxRetryError''>, original message: HTTPSConnectionPool(host=''172.30.0.1'', port=443): Max retries exceeded with url: /version (Caused by SSLError(SSLError(1, u''[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:618)''),))' reason: Failed status: "True" type: Failure - lastTransitionTime: 2019-01-28T03:10:50Z message: Running reconciliation reason: Running status: "False" type: Running kind: List metadata: resourceVersion: "" selfLink: "" This is a problem with ca.crt that is delivered to the operator. This is being tracked here: https://jira.coreos.com/browse/AUTH-235 In 4.0.0-0.nightly-2019-02-17-024922, I didn't hit this, remove TestBlocker. When install ASB, I haven't hit it in the recent builds, but TSB still install failed with this error: message: 'An unhandled exception occurred while running the lookup plugin ''template''. Error was a <class ''ansible.errors.AnsibleError''>, original message: An unhandled exception occurred while running the lookup plugin ''k8s''. Error was a <class ''urllib3.exceptions.MaxRetryError''>, original message: HTTPSConnectionPool(host=''172.30.0.1'', port=443): Max retries exceeded with url: /version (Caused by SSLError(SSLError(1, u''[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:618)''),))' This is still an auth team bug. Please re-assign as discussed. As discussed, resign to AUTH, related jira task : https://jira.coreos.com/browse/AUTH-235 TSB install still hit this issue, move to ASSIGNED. Which version of the installer are you using? It's likely you're missing the patch. (In reply to Erica von Buelow from comment #13) > Which version of the installer are you using? It's likely you're missing the > patch. With my last env, the installer version is : v4.0.0-0.174.0.0-dirty, OCP Version is: 4.0.0-0.nightly-2019-02-17-024922 With installer: v4.0.0-0.177.0.1-dirty Cluster version is 4.0.0-0.nightly-2019-02-20-194410 this issue is fixed. Thanks *** Bug 1670282 has been marked as a duplicate of this bug. *** Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2019:0758 The needinfo request[s] on this closed bug have been removed as they have been unresolved for 1000 days |