Description of problem: When use "oadm ca create-server-cert" to create a key and server certificate, if the owner of signer key and serial file is inconsistent, it always failed with "panic: runtime error: invalid memory address or nil pointer dereference" Version-Release number of selected component (if applicable): openshift v1.0.4-502-g96963b6 kubernetes v1.1.0-alpha.0-1605-g44c91b1 How reproducible: Always Steps to Reproduce: 1.Check the file ca privilege [fedora@ip-10-237-174-172 sample-app]$ ls -l ca.* -rw-r--r--. 1 fedora fedora 1066 Aug 25 01:49 ca.crt -rw-------. 1 fedora fedora 1675 Aug 25 01:49 ca.key -rw-r--r--. 1 fedora fedora 2 Aug 25 09:10 ca.serial.txt 2.Create a key and server certificate [fedora@ip-10-237-174-172 sample-app]$ oadm ca create-server-cert --signer-cert=ca.crt --signer-key=ca.key --signer-serial=ca.serial.txt --hostnames='docker-registry.dma1.svc.cluster.local,172.30.24.194' --cert=registry.crt --key=registry.key --v=6 I0825 09:19:27.146680 5635 create_servercert.go:106] Creating a server cert with: admin.CreateServerCertOptions{SignerCertOptions:(*admin.SignerCertOptions)(0xc2080e47c0), CertFile:"registry.crt", KeyFile:"registry.key", Hostnames:util.StringList{"docker-registry.dma1.svc.cluster.local", "172.30.24.194"}, Overwrite:true, Output:(*os.File)(0xc20802e008)} I0825 09:19:27.494220 5635 crypto.go:218] Generating server certificate in registry.crt, key in registry.key I0825 09:19:27.974290 5635 create_servercert.go:121] Generated new server certificate as registry.crt, key as registry.key 3.Change ca.serial.txt owner to root:root [fedora@ip-10-237-174-172 sample-app]$ sudo chown root:root ca.serial.txt [fedora@ip-10-237-174-172 sample-app]$ ls -l ca.* -rw-r--r--. 1 fedora fedora 1066 Aug 25 01:49 ca.crt -rw-------. 1 fedora fedora 1675 Aug 25 01:49 ca.key -rw-r--r--. 1 root root 2 Aug 25 09:19 ca.serial.txt 4. Create a key and server certificate again [fedora@ip-10-237-174-172 sample-app]$ oadm ca create-server-cert --signer-cert=ca.crt --signer-key=ca.key --signer-serial=ca.serial.txt --hostnames='docker-registry.dma1.svc.cluster.local,172.30.24.194' --cert=registry.crt --key=registry.key --v=6 I0825 09:21:09.348837 5710 create_servercert.go:106] Creating a server cert with: admin.CreateServerCertOptions{SignerCertOptions:(*admin.SignerCertOptions)(0xc2080e4800), CertFile:"registry.crt", KeyFile:"registry.key", Hostnames:util.StringList{"docker-registry.dma1.svc.cluster.local", "172.30.24.194"}, Overwrite:true, Output:(*os.File)(0xc20802e008)} I0825 09:21:10.129751 5710 crypto.go:218] Generating server certificate in registry.crt, key in registry.key panic: runtime error: invalid memory address or nil pointer dereference [signal 0xb code=0x1 addr=0x0 pc=0xbb979c] goroutine 1 [running]: github.com/openshift/origin/pkg/cmd/server/crypto.encodeCertificates(0xc2081fd0e0, 0x2, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0) /go/src/github.com/openshift/origin/_output/local/go/src/github.com/openshift/origin/pkg/cmd/server/crypto/crypto.go:429 +0x2bc github.com/openshift/origin/pkg/cmd/server/crypto.writeCertificates(0x7fff5128c547, 0xc, 0xc2081fd0e0, 0x2, 0x2, 0x0, 0x0) /go/src/github.com/openshift/origin/_output/local/go/src/github.com/openshift/origin/pkg/cmd/server/crypto/crypto.go:463 +0xdf github.com/openshift/origin/pkg/cmd/server/crypto.(*TLSCertificateConfig).writeCertConfig(0xc20833f200, 0x7fff5128c547, 0xc, 0x7fff5128c55a, 0xc, 0x0, 0x0) /go/src/github.com/openshift/origin/_output/local/go/src/github.com/openshift/origin/pkg/cmd/server/crypto/crypto.go:43 +0x67 github.com/openshift/origin/pkg/cmd/server/crypto.(*CA).MakeServerCert(0xc20833ecc0, 0x7fff5128c547, 0xc, 0x7fff5128c55a, 0xc, 0xc20833ecf0, 0x7fff5128c56b, 0x0, 0x0) /go/src/github.com/openshift/origin/_output/local/go/src/github.com/openshift/origin/pkg/cmd/server/crypto/crypto.go:227 +0x5b2 github.com/openshift/origin/pkg/cmd/server/admin.CreateServerCertOptions.CreateServerCert(0xc2080e4800, 0x7fff5128c547, 0xc, 0x7fff5128c55a, 0xc, 0xc208348340, 0x2, 0x2, 0x1, 0x7f3e3215e6f0, ...) /go/src/github.com/openshift/origin/_output/local/go/src/github.com/openshift/origin/pkg/cmd/server/admin/create_servercert.go:116 +0x224 github.com/openshift/origin/pkg/cmd/server/admin.func·013(0xc2083276c0, 0xc208320d20, 0x0, 0x7) /go/src/github.com/openshift/origin/_output/local/go/src/github.com/openshift/origin/pkg/cmd/server/admin/create_servercert.go:59 +0x139 github.com/spf13/cobra.(*Command).execute(0xc2083276c0, 0xc208320c40, 0x7, 0x7, 0x0, 0x0) /go/src/github.com/openshift/origin/Godeps/_workspace/src/github.com/spf13/cobra/command.go:477 +0x3d4 github.com/spf13/cobra.(*Command).Execute(0xc208036b60, 0x0, 0x0) /go/src/github.com/openshift/origin/Godeps/_workspace/src/github.com/spf13/cobra/command.go:551 +0x414 main.main() /go/src/github.com/openshift/origin/_output/local/go/src/github.com/openshift/origin/cmd/openshift/openshift.go:22 +0x175 goroutine 5 [syscall]: os/signal.loop() /usr/lib/golang/src/os/signal/signal_unix.go:21 +0x1f created by os/signal.init·1 /usr/lib/golang/src/os/signal/signal_unix.go:27 +0x35 goroutine 8 [chan receive]: github.com/golang/glog.(*loggingT).flushDaemon(0x401e4a0) /go/src/github.com/openshift/origin/Godeps/_workspace/src/github.com/golang/glog/glog.go:879 +0x78 created by github.com/golang/glog.init·1 /go/src/github.com/openshift/origin/Godeps/_workspace/src/github.com/golang/glog/glog.go:410 +0x2a7 goroutine 17 [syscall, locked to thread]: runtime.goexit() /usr/lib/golang/src/runtime/asm_amd64.s:2232 +0x1 Actual results: 4.crash with error "panic: runtime error: invalid memory address or nil pointer dereference" Expected results: 4.Should not fail or tip info not crash. Additional info:
Fixed in https://github.com/openshift/origin/pull/7153
[fedora@ip-172-18-7-137 master]$ openshift version openshift v1.1.1-21-gbc1a879 kubernetes v1.1.0-origin-1107-g4c8e6f4 etcd 2.2.2 [fedora@ip-172-18-7-137 master]$ ls -l ca* -rw-r--r--. 1 fedora fedora 1066 Feb 14 05:15 ca.crt -rw-------. 1 fedora fedora 1675 Feb 14 05:15 ca.key -rw-r--r--. 1 root root 2 Feb 14 05:26 ca.serial.txt [fedora@ip-172-18-7-137 master]$ oadm ca create-server-cert --signer-cert=ca.crt --signer-key=ca.key --signer-serial=ca.serial.txt --hostnames='docker-registry.dma1.svc.cluster.local,172.18.7.137' --cert=registry.crt --key=registry.key --v=6 I0214 05:30:55.286711 8312 create_servercert.go:106] Creating a server cert with: admin.CreateServerCertOptions{SignerCertOptions:(*admin.SignerCertOptions)(0xc20850a0c0), CertFile:"registry.crt", KeyFile:"registry.key", Hostnames:[]string{"docker-registry.dma1.svc.cluster.local", "172.18.7.137"}, Overwrite:true, Output:(*os.File)(0xc20802e008)} I0214 05:30:55.428845 8312 crypto.go:249] Generating server certificate in registry.crt, key in registry.key panic: runtime error: invalid memory address or nil pointer dereference [signal 0xb code=0x1 addr=0x0 pc=0xcfabfc] goroutine 1 [running]: github.com/openshift/origin/pkg/cmd/server/crypto.encodeCertificates(0xc2084e0560, 0x2, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0) /go/src/github.com/openshift/origin/_output/local/go/src/github.com/openshift/origin/pkg/cmd/server/crypto/crypto.go:467 +0x2bc github.com/openshift/origin/pkg/cmd/server/crypto.writeCertificates(0x7fff1cc4351b, 0xc, 0xc2084e0560, 0x2, 0x2, 0x0, 0x0) /go/src/github.com/openshift/origin/_output/local/go/src/github.com/openshift/origin/pkg/cmd/server/crypto/crypto.go:501 +0xdf github.com/openshift/origin/pkg/cmd/server/crypto.(*TLSCertificateConfig).writeCertConfig(0xc2083eee40, 0x7fff1cc4351b, 0xc, 0x7fff1cc4352e, 0xc, 0x0, 0x0) /go/src/github.com/openshift/origin/_output/local/go/src/github.com/openshift/origin/pkg/cmd/server/crypto/crypto.go:71 +0x67 github.com/openshift/origin/pkg/cmd/server/crypto.(*CA).MakeServerCert(0xc2083eae70, 0x7fff1cc4351b, 0xc, 0x7fff1cc4352e, 0xc, 0xc2083eb230, 0x1, 0x0, 0x0) /go/src/github.com/openshift/origin/_output/local/go/src/github.com/openshift/origin/pkg/cmd/server/crypto/crypto.go:258 +0x5b2 github.com/openshift/origin/pkg/cmd/server/admin.CreateServerCertOptions.CreateServerCert(0xc20850a0c0, 0x7fff1cc4351b, 0xc, 0x7fff1cc4352e, 0xc, 0xc20851e7a0, 0x2, 0x2, 0x1, 0x7f41701a5530, ...) /go/src/github.com/openshift/origin/_output/local/go/src/github.com/openshift/origin/pkg/cmd/server/admin/create_servercert.go:116 +0x224 github.com/openshift/origin/pkg/cmd/server/admin.func·015(0xc208503c00, 0xc2085107e0, 0x0, 0x7) /go/src/github.com/openshift/origin/_output/local/go/src/github.com/openshift/origin/pkg/cmd/server/admin/create_servercert.go:59 +0x139 github.com/spf13/cobra.(*Command).execute(0xc208503c00, 0xc208510700, 0x7, 0x7, 0x0, 0x0) /go/src/github.com/openshift/origin/Godeps/_workspace/src/github.com/spf13/cobra/command.go:572 +0x82f github.com/spf13/cobra.(*Command).ExecuteC(0xc2084e8000, 0xc208503c00, 0x0, 0x0) /go/src/github.com/openshift/origin/Godeps/_workspace/src/github.com/spf13/cobra/command.go:662 +0x4db github.com/spf13/cobra.(*Command).Execute(0xc2084e8000, 0x0, 0x0) /go/src/github.com/openshift/origin/Godeps/_workspace/src/github.com/spf13/cobra/command.go:618 +0x3a main.main() /go/src/github.com/openshift/origin/_output/local/go/src/github.com/openshift/origin/cmd/openshift/openshift.go:22 +0x175 goroutine 5 [syscall]: os/signal.loop() /usr/lib/golang/src/os/signal/signal_unix.go:21 +0x1f created by os/signal.init·1 /usr/lib/golang/src/os/signal/signal_unix.go:27 +0x35 goroutine 10 [chan receive]: github.com/golang/glog.(*loggingT).flushDaemon(0x4cdab20) /go/src/github.com/openshift/origin/Godeps/_workspace/src/github.com/golang/glog/glog.go:879 +0x78 created by github.com/golang/glog.init·1 /go/src/github.com/openshift/origin/Godeps/_workspace/src/github.com/golang/glog/glog.go:410 +0x2a7 goroutine 17 [syscall, locked to thread]: runtime.goexit() /usr/lib/golang/src/runtime/asm_amd64.s:2232 +0x1
This is fixed in master, but has not been tagged into a release yet.
Verify this on the latest origin. [fedora@ip-172-18-14-193 master]$ openshift version openshift v1.1.2-301-gcf704a1 kubernetes v1.2.0-origin etcd 2.2.2+git [fedora@ip-172-18-14-193 master]$ ls -l ca* -rw-r--r--. 1 fedora fedora 1070 Feb 17 04:49 ca.crt -rw-------. 1 fedora fedora 1679 Feb 17 04:49 ca.key -rw-r--r--. 1 root root 2 Feb 17 04:49 ca.serial.txt [fedora@ip-172-18-14-193 master]$ oadm ca create-server-cert --signer-cert=ca.crt --signer-key=ca.key --signer-serial=ca.serial.txt --hostnames='docker-registry.dma1.svc.cluster.local,172.18.7.137' --cert=registry.crt --key=registry.key --v=6 I0217 05:06:33.096226 6223 create_servercert.go:106] Creating a server cert with: admin.CreateServerCertOptions{SignerCertOptions:(*admin.SignerCertOptions)(0xc82048af00), CertFile:"registry.crt", KeyFile:"registry.key", Hostnames:[]string{"docker-registry.dma1.svc.cluster.local", "172.18.7.137"}, Overwrite:true, Output:(*os.File)(0xc82002c010)} I0217 05:06:33.097217 6223 crypto.go:249] Generating server certificate in registry.crt, key in registry.key I0217 05:06:33.303345 6223 create_servercert.go:121] Generated new server certificate as registry.crt, key as registry.key F0217 05:06:33.303399 6223 helpers.go:104] error: open ca.serial.txt: permission denied