Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1305165

Summary: oadm create-master-certs does not check FQDN
Product: OpenShift Container Platform Reporter: Wesley Hearn <whearn>
Component: ocAssignee: Jordan Liggitt <jliggitt>
Status: CLOSED ERRATA QA Contact: weiwei jiang <wjiang>
Severity: medium Docs Contact:
Priority: medium    
Version: 3.1.0CC: agrimm, aos-bugs, jliggitt, jokerman, mmccomas, tdawson, wjiang, wsun, xtian, xxia, yinzhou
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: atomic-openshift-3.1.1.905-1.git.0.ef5902f.el7 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-05-12 16:28:09 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1303130    

Description Wesley Hearn 2016-02-05 21:40:56 UTC 
Description of problem:
Regenerated cert for web frontend using oadm create-master-certs and it ended up updating kube configs with invalid URL entries.

Version-Release number of selected component (if applicable):
3.1.1.6

How reproducible:
Always

Steps to Reproduce:
1. Spin up native ha cluster
2. Update certs with `oadm create-master-certs --hostnames="$(openssl x509 -in back/master.server.crt -text | grep api | sed 's/DNS://g;s/IP Address://g;s/ //g'),console.cluster.openshift.com" --master=api.cluster.openshift.com --public-master=api.cluster.openshift.com --cert-dir=$PWD --overwrite=false` (notice public-master and master are not FQDN)
3. ls -l in /etc/origin/master and see the *.kubeconfig files got updated

Actual results:


Expected results:
--public-master and --master should have checks for FQDN names
--overwrite=false should error if it sees that it is about to overwrite a file and error out

Additional info:
Comment 1 Jordan Liggitt 2016-02-16 07:13:53 UTC 
Added validation in https://github.com/openshift/origin/pull/7333

Still need to think through --overwrite behavior.
Comment 2 Jordan Liggitt 2016-02-20 15:24:27 UTC 
hostname validation merged upstream in https://github.com/openshift/origin/pull/7333
Comment 3 weiwei jiang 2016-02-23 06:52:11 UTC 
Checked with devenv_rhel7_3509 and
# openshift version 
openshift v3.1.1.905
kubernetes v1.2.0-alpha.7-703-gbc4550d
etcd 2.2.5

the bug can not be reproduced.
Comment 5 errata-xmlrpc 2016-05-12 16:28:09 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2016:1064