Bug 1734552

Summary: Master certificate redeploy does not recreate /etc/origin/master/bootstrap.kubeconfig
Product: OpenShift Container Platform Reporter: Ryan Howe <rhowe>
Component: InstallerAssignee: Russell Teague <rteague>
Installer sub component: openshift-ansible QA Contact: Johnny Liu <jialiu>
Status: CLOSED DUPLICATE Docs Contact:
Severity: unspecified    
Priority: unspecified    
Version: 3.11.0   
Target Milestone: ---   
Target Release: 3.11.z   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-08-02 15:57:44 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Ryan Howe 2019-07-30 20:38:18 UTC 
Description of problem:
 
 Redeploying master certs does not redeploy and create a new /etc/origin/master/bootstrap.kubeconfig  used when scaling up nodes. 


Version-Release number of the following components:
openshift-ansible-3.11.123-1.git.0.db681ba.el7.noarch

How reproducible:
100%

Steps to Reproduce:
1. Redeploy CA 
2. Redeploy master certs
3. Scale up adding new nodes

Actual results:
/etc/origin/master/bootstrap.kubeconfig is copied to new node containing incorrect old CA. Node fails to get added to cluster. 
 
Expected results:
All associated files updated with ca when redeploy of master certs is run
Comment 1 Ryan Howe 2019-08-02 15:57:44 UTC 
Fixed in this bug: 

https://bugzilla.redhat.com/show_bug.cgi?id=1652746



roles/openshift_control_plane/tasks/bootstrap.yml 
---
# TODO: create a module for this command.
# oc_serviceaccounts_kubeconfig
- name: create service account kubeconfig with csr rights
  command: >
    {{ openshift_client_binary }} --config={{ openshift.common.config_base }}/master/admin.kubeconfig serviceaccounts create-kubeconfig {{ openshift_master_csr_sa }} -n {{ openshift_master_csr_namespace }}
  register: kubeconfig_out
  until: kubeconfig_out.rc == 0
  retries: 24
  delay: 5

- name: put service account kubeconfig into a file on disk for bootstrap
  copy:
    content: "{{ kubeconfig_out.stdout }}"
    dest: "/etc/origin/master/bootstrap.kubeconfig"

*** This bug has been marked as a duplicate of bug 1652746 ***
Comment 2 Ryan Howe 2019-08-02 15:58:13 UTC 
If the OpenShift Container Platform CA was redeployed with the openshift-master/redeploy-openshift-ca.yml playbook you must add -e openshift_redeploy_openshift_ca=true to this command.