DescriptionPablo Alonso Rodriguez
2019-07-25 17:52:28 UTC
Description of problem:
While running "/usr/share/ansible/openshift-ansible/playbooks/redeploy-certificates.yml", service signer CA is recreated even if CA is not (this is currently expected behavior).
However, heapster-certs secret at openshift-infra namespace is not regenerated, so the one signed by old CA is still there. This causes issues with both heapster and hawkular-metrics until the secret is deleted manually, so that it is regenerated.
Version-Release number of the following components:
rpm -q openshift-ansible
openshift-ansible-3.11.129-1.git.0.11838de.el7.noarch
rpm -q ansible
ansible-2.6.16-1.el7ae.noarch
ansible --version
ansible 2.6.16
config file = /root/ansible.cfg
configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/site-packages/ansible
executable location = /usr/bin/ansible
python version = 2.7.5 (default, Jun 11 2019, 12:19:05) [GCC 4.8.5 20150623 (Red Hat 4.8.5-36)]
How reproducible:
Always if hawkular metrics stack is installed
Steps to Reproduce:
1. Redeploy certificates
Actual results:
heapster-certs secret at openshift-infra namespace is not regenerated
Expected results:
heapster-certs secret at openshift-infra namespace to be regenerated
Additional info:
I am going to attach full log just in case, but it is not actually relevant for this concrete bug.
Comment 8Jesus M. Rodriguez
2019-08-23 03:12:39 UTC
*** Bug 1733327 has been marked as a duplicate of this bug. ***
Thank you for continuing to use Red Hat OpenShift. As part of a wider bug review, this bug has been evaluated and we have determined that at this time we do not plan to progress it. As such, we will be closing this bug. If you have need for continued assistance on this issue, please reopen the bug with additional context on why it needs to be reconsidered.