Bug 1884558

Summary: cacert file path generated by CCO is not correct for SSC OSP16 cluster
Product: OpenShift Container Platform Reporter: Martin André <m.andre>
Component: InstallerAssignee: Mike Fedosin <mfedosin>
Installer sub component: OpenShift on OpenStack QA Contact: David Sanz <dsanzmor>
Status: CLOSED ERRATA Docs Contact:
Severity: low    
Priority: low CC: mfedosin
Version: 4.6   
Target Milestone: ---   
Target Release: 4.6.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-10-27 16:47:41 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Martin André 2020-10-02 10:03:28 UTC 
This bug was initially created as a copy of Bug #1880896

I am copying this bug because the defect was fixed as part of #1880896 but the CA cert path reported by clouds.yaml file served by the CCO is still confusing.


Description of Problem:
cacert file path generated by CCO is not correct for SSC OSP16 cluster

Version-Release number of selected component (if applicable):
4.6.0-0.nightly-2020-09-17-195238

How Reproducible:
Always


Steps to Reproduce:
1. Install an OCP4.6 cluster on a SSC OSP16 cluster
2. Check the secret created by CCO


Actual Results:
]$ oc get credentialsrequests.cloudcredential.openshift.io  manila-csi-driver-operator -n openshift-cloud-credential-operator -o json|jq .spec
{
  "providerSpec": {
    "apiVersion": "cloudcredential.openshift.io/v1",
    "kind": "OpenStackProviderSpec"
  },
  "secretRef": {
    "name": "manila-cloud-credentials",
    "namespace": "openshift-cluster-csi-drivers"
  }
}

$ oc get secret manila-cloud-credentials -n openshift-cluster-csi-drivers -ojson| jq .data
{
  "clouds.yaml": "BASE64 encode string"
}

$ echo BASE64 encode string|base64 -d
clouds:
  openstack:
    auth:
      auth_url: XXXXXX
      password: XXXX
      project_id: 86cb1a7c2dd04e1ea26087255744db1b
      project_name: shiftstack
      user_domain_name: Default
      username: shiftstack_user
    cacert: /home/jenkins/workspace/Launch Environment Flexy/workdir/cacert.crt.20200918-419-1lzytgo
    endpoint_type: public
    identity_api_version: "3"
    region_name: regionOne
    verify: true

When creating a manila share PVC, PV provisioned failed for:
Warning  ProvisioningFailed    <invalid> (x7 over <invalid>)   manila.csi.openstack.org_openstack-manila-csi-controllerplugin-59c6c8cc4-rvbx6_9f013ff7-88c6-47d8-bf30-b868a57db2a7  failed to provision volume with StorageClass "csi-manila-nfs": rpc error: code = Unauthenticated desc = failed to create Manila v2 client: failed to authenticate: failed to read and parse /home/jenkins/workspace/Launch Environment Flexy/workdir/cacert.crt.20200918-419-1lzytgo certificate: open /home/jenkins/workspace/Launch Environment Flexy/workdir/cacert.crt.20200918-419-1lzytgo: no such file or directory


Expected Results:
cacert file path is a valid file path

Additional Info:
Comment 6 errata-xmlrpc 2020-10-27 16:47:41 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (OpenShift Container Platform 4.6 GA Images), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:4196