Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1670732

Summary: [DOCS] Retrofit custom certificates does not work as intended
Product: OpenShift Container Platform Reporter: Robert Sandu <rsandu>
Component: DocumentationAssignee: Kathryn Alexander <kalexand>
Status: CLOSED CURRENTRELEASE QA Contact: Gaoyun Pei <gpei>
Severity: medium Docs Contact: Vikram Goyal <vigoyal>
Priority: high    
Version: 3.11.0CC: aos-bugs, gpei, jokerman, klaas, mmccomas, rsandu
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-03-25 16:37:35 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Robert Sandu 2019-01-30 09:42:29 UTC 
Document URL: https://access.redhat.com/documentation/en-us/openshift_container_platform/3.11/html-single/configuring_clusters/#configuring-custom-certificates-retrofit-master

Section Number and Name: 11.8.1. Retrofit Custom Master Certificates into a Cluster

Describe the issue: 

Retrofit custom certificates does not work as stated in section 11.8.1. of the documentation [1].

After running playbooks/redeploy-certificates.yml, the master-config.yaml file is not updated 

The master-config.yaml is not updated accordingly, after running the playbooks/redeploy-certificates.yml playbook.

The issue affects 3.9, 3.10 and 3.11 deployments. It has been reported and tracked from this [2] bugzilla.

Suggestions for improvement:

As the bug won't be fixed, neither for 3.9, 3,10 nor 3.11, section 11.8.1. should be amended to state that certificate retrofit does not work as intended.

Additional information: 

- Note that this issue appears while redeploying the certificates after cluster installation. 
- This behavior is not seen if the custom certificates are set at cluster deployment time.

---

[1] https://access.redhat.com/documentation/en-us/openshift_container_platform/3.11/html-single/configuring_clusters/#configuring-custom-certificates-retrofit-master
[2] https://bugzilla.redhat.com/show_bug.cgi?id=1553102
[3] https://access.redhat.com/solutions/3110541
Comment 2 Kathryn Alexander 2019-02-13 15:04:14 UTC 
PR's here: https://github.com/openshift/openshift-docs/pull/13616/files#diff-a9f533131a6f19839b3ea30284b99d8fR372

Johnny, will you PTAL?
Comment 3 Gaoyun Pei 2019-02-15 05:58:47 UTC 
Comment in the PR
Comment 6 Kathryn Alexander 2019-02-18 14:57:16 UTC 
@Gaoyun Pei, I have a follow-up question on the PR. Will you please take a look?
Comment 8 Gaoyun Pei 2019-02-19 02:46:49 UTC 
The proposed PR LGTM, move this bug to verified, thanks.
Comment 9 Kathryn Alexander 2019-02-19 12:55:45 UTC 
Thank you! I'm merging the PRs and waiting for the changes to go live.
Comment 10 Kathryn Alexander 2019-03-25 16:37:35 UTC 
This change is live on docs.openshift: https://docs.openshift.com/container-platform/3.11/install_config/certificate_customization.html#configuring-custom-certificates-retrofit

and on the portal: https://access.redhat.com/documentation/en-us/openshift_container_platform/3.11/html-single/configuring_clusters/#configuring-custom-certificates-retrofit-master