Bug 1264975 - certificate signed by unknown authority [NEEDINFO]
certificate signed by unknown authority
Status: CLOSED NOTABUG
Product: OpenShift Container Platform
Classification: Red Hat
Component: Pod (Show other bugs)
3.0.0
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Scott Dodson
Jianwei Hou
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2015-09-21 15:04 EDT by Nicholas Nachefski
Modified: 2015-09-30 17:07 EDT (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-09-30 17:07:00 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
sdodson: needinfo? (nick)


Attachments (Terms of Use)

  None (edit)
Description Nicholas Nachefski 2015-09-21 15:04:47 EDT
I'm working through a PoC with a customer.  When attempting to run the ansible installer, we are getting this:

TASK: [openshift_examples | Import RHEL streams] ******************************

failed: [master.blah.com] => {"changed": false, "cmd": ["oc", "create", "-n", "openshift", "-f", "/usr/share/openshift/examples/image-streams/image-streams-rhel7.json"], "delta": "0:00:00.425396", "end": "2015-09-21 11:21:48.461989", "failed": true, "failed_when_result": true, "rc": 1, "start": "2015-09-21 11:21:48.036593", "stdout_lines": [], "warnings": []}

stderr: Unable to connect to the server: x509: certificate signed by unknown authority

Unable to connect to the server: x509: certificate signed by unknown authority



How reproducible:

Run the ansible installer subscribed to the latest updates.
Comment 1 Scott Dodson 2015-09-22 10:24:57 EDT
Nicholas,

This will happen when you re-install without cleaning up root's .kube/config file. Can you try copying /etc/openshift/master/admin.kubeconfig to /root/.kube/config and re-run ansible?

That's just a workaround, we can clean it up so that it uses that file directly but I want to make sure that fixes it for you so I know that there's not another problem.

--
Scott
Comment 3 Nicholas Nachefski 2015-09-22 16:25:58 EDT
i think the problem is related to a TLS intercepting proxy, or transparent proxy.
Comment 4 Scott Dodson 2015-09-23 11:39:04 EDT
Nick,

Do you have access to that CA? I'd be interested to know what happens if you import the CA used for the proxy into the host's trust chain per this solution 
https://access.redhat.com/solutions/1174393

Note You need to log in before you can comment on or make changes to this bug.