Bug 2034270

Summary: [4.8] vsphere-problem-detector cannot connect to vCenter API over https
Product: OpenShift Container Platform Reporter: Jan Safranek <jsafrane>
Component: StorageAssignee: Jan Safranek <jsafrane>
Storage sub component: Operators QA Contact: Wei Duan <wduan>
Status: CLOSED ERRATA Docs Contact:
Severity: high    
Priority: unspecified CC: aos-bugs, gellner, hekumar, jsafrane, simore, wduan
Version: 4.7Keywords: Reopened
Target Milestone: ---   
Target Release: 4.8.z   
Hardware: Unspecified   
OS: Unspecified   
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 1969719 Environment:
Last Closed: 2022-01-11 22:31:17 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On: 1969719    
Bug Blocks: 2030740    

Comment 3 Wei Duan 2021-12-22 12:21:10 UTC
I installed cluster with additionalTrustBundle with proxy env on 4.8:
In previous OCP4.8(without fix), after removing `insecure-flag = "1"` in cm/cloud-provider-config, I got following error in the storage CO (storage CO doesn't become degraded due to another bug fix)
  - lastTransitionTime: "2021-12-21T06:28:41Z"
    message: 'VSphereProblemDetectorControllerAvailable: failed to connect to vcenter.sddc-44-236-21-251.vmwarevmc.com:
      Post "https://vcenter.sddc-44-236-21-251.vmwarevmc.com/sdk": proxyconnect tcp:
      x509: certificate signed by unknown authority'
    reason: AsExpected
    status: "True"
    type: Available
In 4.8.0-0.nightly-2021-12-21-212247(with fix), after removing `insecure-flag = "1"`, the storage CO doesn't report such message. And checked inside the vsphere-problem-detector-operator pod, the addtional CA is added in /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem. 

Marked as "Verified".

Comment 6 errata-xmlrpc 2022-01-11 22:31:17 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (OpenShift Container Platform 4.8.26 bug fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.