Bug 1711185
| Summary: | [DR][MSTR-363] Run regenerate-certificates command failed when do the certificate recovery | ||
|---|---|---|---|
| Product: | OpenShift Container Platform | Reporter: | zhou ying <yinzhou> |
| Component: | Master | Assignee: | Tomáš Nožička <tnozicka> |
| Status: | CLOSED ERRATA | QA Contact: | zhou ying <yinzhou> |
| Severity: | urgent | Docs Contact: | |
| Priority: | urgent | ||
| Version: | 4.1.0 | CC: | aos-bugs, bleanhar, jokerman, mmccomas, tnozicka, wsun |
| Target Milestone: | --- | Keywords: | Regression |
| Target Release: | 4.1.z | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2019-06-04 10:48:49 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
zhou ying
2019-05-17 07:41:28 UTC
4.1 - https://github.com/openshift/cluster-kube-apiserver-operator/pull/478 master - https://github.com/openshift/cluster-kube-apiserver-operator/pull/477 Confirmed with the payload: 4.1.0-0.nightly-2019-05-18-050636, the issue has fixed.
[root@ip-10-0-128-98 ~]# podman run -it --network=host -v /etc/kubernetes/:/etc/kubernetes/:Z --entrypoint=/usr/bin/cluster-kube-apiserver-operator "${KAO_IMAGE}" regenerate-certificates
I0520 01:46:38.431255 1 certrotationcontroller.go:452] Waiting for CertRotation
I0520 01:46:38.531536 1 client_cert_rotation_controller.go:117] Waiting for CertRotationController - "AggregatorProxyClientCert"
I0520 01:46:38.631711 1 client_cert_rotation_controller.go:124] Finished waiting for CertRotationController - "AggregatorProxyClientCert"
......
I0520 01:46:58.314770 1 helpers.go:121] Wrote new content to file "/etc/kubernetes/static-pod-resources/kube-apiserver-certs/secrets/service-network-serving-certkey/tls.crt"
I0520 01:46:58.314938 1 helpers.go:121] Wrote new content to file "/etc/kubernetes/static-pod-resources/kube-apiserver-certs/secrets/service-network-serving-certkey/tls.key"
I0520 01:46:58.319064 1 helpers.go:121] Wrote new content to file "/etc/kubernetes/static-pod-resources/kube-apiserver-certs/configmaps/client-ca/ca-bundle.crt"
I0520 01:46:58.322952 1 helpers.go:121] Wrote new content to file "/etc/kubernetes/static-pod-resources/kube-apiserver-certs/secrets/localhost-serving-cert-certkey/tls.crt"
I0520 01:46:58.323125 1 helpers.go:121] Wrote new content to file "/etc/kubernetes/static-pod-resources/kube-apiserver-certs/secrets/localhost-serving-cert-certkey/tls.key"
I0520 01:46:58.328699 1 helpers.go:121] Wrote new content to file "/etc/kubernetes/static-pod-resources/kube-apiserver-certs/secrets/internal-loadbalancer-serving-certkey/tls.key"
I0520 01:46:58.328909 1 helpers.go:121] Wrote new content to file "/etc/kubernetes/static-pod-resources/kube-apiserver-certs/secrets/internal-loadbalancer-serving-certkey/tls.crt"
I0520 01:46:58.332729 1 helpers.go:121] Wrote new content to file "/etc/kubernetes/static-pod-resources/kube-controller-manager-pod-8/secrets/kube-controller-manager-client-cert-key/tls.crt"
I0520 01:46:58.332887 1 helpers.go:121] Wrote new content to file "/etc/kubernetes/static-pod-resources/kube-controller-manager-pod-8/secrets/kube-controller-manager-client-cert-key/tls.key"
I0520 01:46:58.336739 1 helpers.go:121] Wrote new content to file "/etc/kubernetes/static-pod-resources/kube-controller-manager-pod-8/secrets/csr-signer/tls.crt"
I0520 01:46:58.337222 1 helpers.go:121] Wrote new content to file "/etc/kubernetes/static-pod-resources/kube-controller-manager-pod-8/secrets/csr-signer/tls.key"
I0520 01:46:58.340512 1 helpers.go:121] Wrote new content to file "/etc/kubernetes/static-pod-resources/kube-scheduler-pod-7/secrets/kube-scheduler-client-cert-key/tls.crt"
I0520 01:46:58.340681 1 helpers.go:121] Wrote new content to file "/etc/kubernetes/static-pod-resources/kube-scheduler-pod-7/secrets/kube-scheduler-client-cert-key/tls.key"
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2019:0758 |