Bug 1305165 - oadm create-master-certs does not check FQDN
oadm create-master-certs does not check FQDN
Product: OpenShift Container Platform
Classification: Red Hat
Component: Command Line Interface (Show other bugs)
Unspecified Unspecified
medium Severity medium
: ---
: ---
Assigned To: Jordan Liggitt
weiwei jiang
Depends On:
Blocks: OSOPS_V3
  Show dependency treegraph
Reported: 2016-02-05 16:40 EST by Wesley Hearn
Modified: 2016-12-09 04:53 EST (History)
11 users (show)

See Also:
Fixed In Version: atomic-openshift-
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2016-05-12 12:28:09 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Wesley Hearn 2016-02-05 16:40:56 EST
Description of problem:
Regenerated cert for web frontend using oadm create-master-certs and it ended up updating kube configs with invalid URL entries.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Spin up native ha cluster
2. Update certs with `oadm create-master-certs --hostnames="$(openssl x509 -in back/master.server.crt -text | grep api | sed 's/DNS://g;s/IP Address://g;s/ //g'),console.cluster.openshift.com" --master=api.cluster.openshift.com --public-master=api.cluster.openshift.com --cert-dir=$PWD --overwrite=false` (notice public-master and master are not FQDN)
3. ls -l in /etc/origin/master and see the *.kubeconfig files got updated

Actual results:

Expected results:
--public-master and --master should have checks for FQDN names
--overwrite=false should error if it sees that it is about to overwrite a file and error out

Additional info:
Comment 1 Jordan Liggitt 2016-02-16 02:13:53 EST
Added validation in https://github.com/openshift/origin/pull/7333

Still need to think through --overwrite behavior.
Comment 2 Jordan Liggitt 2016-02-20 10:24:27 EST
hostname validation merged upstream in https://github.com/openshift/origin/pull/7333
Comment 3 weiwei jiang 2016-02-23 01:52:11 EST
Checked with devenv_rhel7_3509 and
# openshift version 
openshift v3.1.1.905
kubernetes v1.2.0-alpha.7-703-gbc4550d
etcd 2.2.5

the bug can not be reproduced.
Comment 5 errata-xmlrpc 2016-05-12 12:28:09 EDT
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.