Customer requests to backport https://github.com/openshift/origin/commit/5ce393cd760c07f993e1bf07ab010239662617bd into OCP 3.3. Depending on other open router issues he might need a backport into OCP 3.2.
Backported https://github.com/openshift/origin/pull/11217 to OSE 3.3 The OSE 3.3 specific PR is: https://github.com/openshift/ose/pull/578
since this PR https://github.com/openshift/ose/pull/578 has not been merged. so mark this bug to 'assigned' for now. feel free to change back to 'ON_QA' once it is merged to OCP 3.3
This has been merged into ocp and is in OCP v3.3.1.13 or newer.
hi, tested this bug on OCP v3.3.1.13 , the router cannot be running with the following logs. E0209 07:13:26.497584 1 ratelimiter.go:52] error creating config file /var/lib/haproxy/conf/cert_config.map: open /var/lib/haproxy/conf/cert_config.map: permission denied
@Troy, that looks the Dockerfile changes were not picked up. There is a change to the Dockerfile to touch/create the cert_config.map file. Thx
@Ram You are correct. I'm sorry about that. I have updated the Dockerfile, making sure it's correct and rebuilt the image. openshift3/ose-haproxy-router:v3.3.1.13-3 It should be available in all the usual testing areas.
Verified this bug on 3.3.1.13 with haproxy image id(726deac0cf76), it works well steps: 1. Create app and edge/reencrypt route with custom cert 2. Check the route can work well 3. check the cert_config.map in haproxy pod cat cert_config.map /var/lib/haproxy/router/certs/z1_reencrypt-route-no-path.pem reen.example.com /var/lib/haproxy/router/certs/z1_edge-route-no-path.pem edge.example.com
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2017:0289
*** Bug 1428233 has been marked as a duplicate of this bug. ***