Bug 1762932
Summary: | Backup on only 1 master causing issues in - openshift_certificate_expiry : Check cert expirys on host task | ||
---|---|---|---|
Product: | OpenShift Container Platform | Reporter: | Vladislav Walek <vwalek> |
Component: | Installer | Assignee: | Russell Teague <rteague> |
Installer sub component: | openshift-ansible | QA Contact: | Gaoyun Pei <gpei> |
Status: | CLOSED ERRATA | Docs Contact: | |
Severity: | high | ||
Priority: | unspecified | CC: | jjerezro, rteague |
Version: | 3.11.0 | ||
Target Milestone: | --- | ||
Target Release: | 3.11.z | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: |
Cause: Certificates were only backed up on the first master.
Consequence: If the redeploy-certificates playbook failed during execution, it could happen that certificates were deleted on all masters which would result in the playbook failing when run again. To recover, certificates would have to be restored from backup which could be time-consuming.
Fix: Back up certificates on all masters.
Result: If certificates need to be recovered for any master, they are available in a locally generated file archive.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2019-11-18 14:52:10 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Vladislav Walek
2019-10-17 20:04:20 UTC
*** Bug 1751194 has been marked as a duplicate of this bug. *** Gaoyun, If the redeploy-certificates.yml playbook fails between removing and recreating certificates, the deleted certificates must be manually restored from the backup file created. The changes made were to address the issue of not being able to recover files that were not backed up. To change the code to handle failures of this type would require a significant amount of refactoring over several components. Thanks for the heads up, Russell! Move this bug to verified based on Comment 4 and Comment 5, now the master certificates and configs backup would be created on all masters during playbooks/redeploy-certificates.yml. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2019:3817 |