Bug 1427774 – Router default cert is not being propagated to the F5

Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.

Bug 1427774 - Router default cert is not being propagated to the F5

Summary:	Router default cert is not being propagated to the F5

Status:	CLOSED ERRATA

Aliases:	None

Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	Networking (Show other bugs)
Sub Component:
Version:	3.4.0
Hardware:	Unspecified Unspecified

Priority	unspecified Severity high
Target Milestone:	---
Target Release:	---
Assigned To:	Rajat Chopra
QA Contact:	hongli
Docs Contact:

URL:
Whiteboard:
Keywords:

Depends On:
Blocks:	1428025
	Show dependency tree / graph

Reported:	2017-03-01 02:49 EST by Alexander Koksharov
Modified:	2017-08-16 15 EDT (History)
CC List:	6 users (show)

See Also:
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:	Cause: CLI help text was not clear about what worked on the F5 vs the haproxy routers Consequence: It was not obvious from the CLI what was supported on the F5 Fix: Update the CLI help text Result: More clear expectations
Story Points:	---
Clone Of:
Clones:	1428025 (view as bug list)
Environment:
Last Closed:	2017-08-10 01:18:47 EDT
Type:	Bug
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

External Trackers
Tracker	ID	Priority	Status	Summary	Last Updated
Origin (Github)	13820	None	None	None	2017-04-25 09:18 EDT
Red Hat Product Errata	RHEA-2017:1716	normal	SHIPPED_LIVE	Red Hat OpenShift Container Platform 3.6 RPM Release Advisory	2017-08-10 05:02:50 EDT

Groups: None (edit)

Description Alexander Koksharov 2017-03-01 02:49:18 EST

Description of problem:
were following "F5 native integration" and have noticed that router default certificate is not being propagated to the F5. We were using --default-certs option while deploying the f5-router but it did not change anything. We still getting some default certificate which is set on F5 and is for "localhost.local" domain. If we manually replace this cert on F5, we can access OCP services over secured routes.

Does f5-router pod configures default router certificate on F5? Are there prerequisites for this?

Version-Release number of selected component (if applicable):
3.4

How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:

Comment 5 Rajat Chopra 2017-04-07 19:04:26 EDT

https://github.com/openshift/openshift-docs/pull/4090

Comment 7 Ben Bennett 2017-04-19 11:02:42 EDT

Talked about this in standup and we are going to:
 - Clarify the command line args for F5 and haproxy in the docs (there's no current section)
 - In the CLI help we are going to add indications of which is for which router

Comment 8 Rajat Chopra 2017-04-19 14:51:38 EDT

CLI PR: https://github.com/openshift/origin/pull/13820

Comment 10 hongli 2017-05-30 23:03:28 EDT

verified in atomic-openshift-3.6.86-1.git.0.3d5c716.el7.x86_64 and the cli help info has updated.

Comment 12 errata-xmlrpc 2017-08-10 01:18:47 EDT

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2017:1716

Note You need to log in before you can comment on or make changes to this bug.