Bug 1945659
| Summary: | [oVirt] remove ovirt_cafile from ovirt-credentials secret | ||
|---|---|---|---|
| Product: | OpenShift Container Platform | Reporter: | Gal Zaidman <gzaidman> |
| Component: | Installer | Assignee: | Gal Zaidman <gzaidman> |
| Installer sub component: | OpenShift on RHV | QA Contact: | Guilherme Santos <gdeolive> |
| Status: | CLOSED ERRATA | Docs Contact: | |
| Severity: | high | ||
| Priority: | high | CC: | lwan |
| Version: | 4.8 | ||
| Target Milestone: | --- | ||
| Target Release: | 4.8.0 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2021-07-27 22:57:07 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1946097 | ||
| Bug Blocks: | 1948398 | ||
Verified on:
4.8.0-0.nightly-2021-04-26-151924
Steps:
Generate the manifests file according with the steps in the description
# cat ${installer_working_dir}/openshift/99_cloud-creds-secret.yaml
Results:
1. ovirt_ca_bundle present and empty
2. ovirt_ca_bundle present with ca file content
3. ovirt_ca_bundle present with ca bundle content
4. ovirt_ca_bundle present with ca file content
5. ovirt_ca_bundle present and empty with connection issue when generating manifests
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.8.2 bug fix and security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2021:2438 |
Description: When the user tried to use an ovirt.config with a ca_file the ca_file path is written to the secret but this will not be the path of the file in the created machines which will cause connection errors in the machine object that tries to find the file that doesn't exist. Instead we should read the file content and write it as the ovirt_ca_bundle in case the ovirt_ca_bundle is not set on the ovirt.config file. How to test: 1. try to install with insecure true 2. try to install with insecure false and ovirt_ca_bundle and ovirt_cafile set -> make sure that the secret contains the ovirt_ca_bundle content. 3. try to install with insecure false and ovirt_ca_bundle and ovirt_cafile empty -> make sure that the secret contains the ovirt_ca_bundle content. 4. try to install with insecure false and ovirt_ca_bundle empty and ovirt_cafile set to a real file -> make sure that the secret contains the ovirt_cafile content in the ovirt_ca_bundle field. 5. try to install with insecure false and ovirt_ca_bundle empty and ovirt_cafile empty -> install should fail on trying to connect unsuccessfully. To see the secret without installing just run: 1. openshift-install --dir=${install-dir} create manifests 2. look at cat /${install-dir}/openshift/99_cloud-creds-secret.yaml