Bug 1817436

Summary: Login to jenkins using Openshift-oauth is failing with SSl error
Product: OpenShift Container Platform Reporter: Arnab Ghosh <arghosh>
Component: JenkinsAssignee: Akram Ben Aissi <abenaiss>
Status: CLOSED DUPLICATE QA Contact: Jitendar Singh <jitsingh>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 4.3.zCC: aos-bugs, pbhattac, scuppett, vbobade
Target Milestone: ---   
Target Release: 4.5.0   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-06-02 08:51:21 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
Jenkins DC
none
Jenkins POD log none

Description Arnab Ghosh 2020-03-26 11:00:51 UTC 
Created attachment 1673763 [details]
Jenkins DC

Description of problem:
Customer has added an additional CA trust bundle by modifying the proxy resource after installing Openshift 4.3 cluster. The 'custom-ca' configmap exists in openshift-config project.

~~~
apiVersion: v1
items:
- apiVersion: config.openshift.io/v1
  kind: Proxy
  metadata:
    name: cluster
  spec:
    trustedCA:
      name: custom-ca
  status: {}
~~~

After configuring additional ca trust bundle, he deployed jenkins from jenkins-ephemeral template. While login to jenkins he is facing SSL error.

We have followed steps mentioned in document[1] to inject the certificate using operator. However the issue persists.

[1] - https://docs.openshift.com/container-platform/4.3/networking/configuring-a-custom-pki.html#certificate-injection-using-operators_configuring-a-custom-pki

Version-Release number of selected component (if applicable):

Openshift 4.3

How reproducible:
Not sure

Steps to Reproduce:
1. Configure additional trusted ca bundle by modifying proxy resource
2. Deploy Jenkins
3. Follow document[1] to inject the certificate to jenkins deployment
4. Try to login

Actual results:
Unable to login to jenkins

Expected results:
Should be able to login to Jenkins

Additional info:
Login to other application like grafana, prometheus is possible. The error is mostly due to jenkins being a java based application. Jenkins DC definition and POD log attached.
Comment 1 Arnab Ghosh 2020-03-26 11:03:31 UTC 
Created attachment 1673764 [details]
Jenkins POD log
Comment 3 Akram Ben Aissi 2020-04-14 08:48:12 UTC 
we have pushed the PR to solve this issue. It is pending merge: https://github.com/openshift/jenkins/pull/1045
Comment 4 Stephen Cuppett 2020-04-16 13:16:10 UTC 
Setting target release to current development version (4.5) and POST with PR up. Where fixes (if any) are required/requested for prior versions, cloned BZs will be created when appropriate.
Comment 5 Akram Ben Aissi 2020-06-02 08:51:21 UTC 

*** This bug has been marked as a duplicate of bug 1804345 ***