1464642 – cert update should be minimal impact

Bug 1464642 - cert update should be minimal impact

Summary: cert update should be minimal impact

Keywords:
Status:	CLOSED DUPLICATE of bug 1451927
Alias:	None
Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	Installer
Sub Component:
Version:	3.5.1
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Target Release:	---
Assignee:	Scott Dodson
QA Contact:	Johnny Liu
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2017-06-24 06:59 UTC by Kenjiro Nakayama
Modified:	2017-06-26 08:46 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2017-06-26 08:46:08 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Description Kenjiro Nakayama 2017-06-24 06:59:39 UTC

Description of problem:
--
- When users need to update cert, they want to make the impact minimal. 
- For example, when master.etcd-ca.crt has been expired, it seems we need to use redeploy-openshift-ca.yml. It means that all services including etcd, masters, nodes and docker have to be restarted. That's not good UX and cannot use for critical system.

Version-Release number of selected component (if applicable):
---
- 3.x

How reproducible:
---
- 100%

Steps to Reproduce:
---
1. Update master.etcd-ca.crt by using redeploy-openshift-ca.yml.

Actual results:
---
- All service are restarted.

Expected results:
---
- Not all services are rebooted.

- There are several options:
 a) playbook updates only master.etcd-ca.crt (or all of each certs).
 b) use current redeploy-openshift-ca.yml but restart operations can be conducted manually after the cert update.

Comment 1 Josep 'Pep' Turro Mauri 2017-06-26 08:46:08 UTC


*** This bug has been marked as a duplicate of bug 1451927 ***

Note You need to log in before you can comment on or make changes to this bug.