Bug 1475004 - [3.6] hawkular-metrics route does not properly create the caCertificate
[3.6] hawkular-metrics route does not properly create the caCertificate
Status: CLOSED ERRATA
Product: OpenShift Container Platform
Classification: Red Hat
Component: Installer (Show other bugs)
3.6.0
x86_64 Linux
unspecified Severity medium
: ---
: 3.6.z
Assigned To: Scott Dodson
Junqi Zhao
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2017-07-25 16:11 EDT by Kenny Woodson
Modified: 2017-09-05 13:42 EDT (History)
6 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Cause: The key for the caCert was incorrectly capitalized. Consequence: The specified caCert value was not persisted to the created object. Fix: Updated capitalization to be correct. Result: The specified caCert is correctly persisted to the object.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2017-09-05 13:42:58 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
caCertificate field in metrics route (6.13 KB, text/plain)
2017-08-23 01:37 EDT, Junqi Zhao
no flags Details

  None (edit)
Description Kenny Woodson 2017-07-25 16:11:37 EDT
Description of problem:

When installing metrics in my cluster I noticed that the hawkular-metrics route did not properly have the caCertificate data that is required for proper lookup and validation of the tls information.

Version-Release number of selected component (if applicable):
atomic-openshift-3.6.153-1.git.0.4894417.el7.x86_64


How reproducible:
Very

Steps to Reproduce:
1. Run the openshift-ansible/playbooks/byo/openshift-cluster/openshift_metrics.yml
2. When it has completed, verify the route information is correct:
oc get route hawkular-metrics -n openshift-infra

look at spec.tls and verify that there is no CACertificate in the Route object.
3.

Actual results:

The route object when creating does not recognize the CACertificate flag that is used in this file: 

https://github.com/openshift/openshift-ansible/blob/master/roles/openshift_metrics/templates/route.j2#L20

It then fails to properly validate the tls information.

Expected results:

The above route.j2 should have 'caCertificate' instead of 'CACertificate' so that the route properly accepts the caCertificate attribute.

Additional info:

This is a relatively easy fix.  It probably should be backported to 3.5 as well.
Comment 3 Junqi Zhao 2017-08-23 01:37:08 EDT
Used build openshift-ansible-3.6.173.0.7-2.git.0.340aa2c.el7 mentioned in https://errata.devel.redhat.com/advisory/29863

Set openshift_metrics_hawkular_ca=***** in inventory file and run the playbook openshift-ansible/playbooks/byo/openshift-cluster/openshift_metrics.yml. When it had completed, verified the route information was correct:
# oc get route hawkular-metrics -o json -n openshift-infra

There was caCertificate in the Route object. See the attached file

    "spec": {
        "host": "hawkular-metrics.*******",
        "tls": {
            "caCertificate": "-----BEGIN CERTIFICATE-----\nMIIC6jCCAdKgAwIBAgIBATANBgkqhkiG9w0BAQsFADAmMSQwIgYDVQQDDBtvcGVu\nc2hpZnQtc2lnbmVyQDE1MDM0NDcwNDIwHhcNMTcwODIzMDAxMDQxWhcNMjIwODIy\nMDAxMDQyWjAmMSQwIgYDVQQDDBtvcGVuc2hpZnQtc2lnbmVyQDE1MDM0NDcwNDIw\nggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEMg2YjIQVc2w58Ov0H9EP\nHmSBaKgTxkB8Xx6JthMjUfrheZ//9YK6Mce4ezmfBuVn7YMnZW+YyQOWqcUarxtf\n46soWdUmlATmUxIuviDdrFcbzD4W7wrmFD6vWwj6GIWIlzi/D3r2UNaHQ0aVySBE\nsG/FaMn1kkWRSybPdX99nhkCnRfzyicdrWbhcl0GkYwpbY7iIb560NScpheKhFO+\nZBeaWY+w/h/S/sfp1xn6yH/zDucCFvAy0jvq3bHZxQ2IOBVwhapjXv1CWRHepGBw\n0YApnXIiLMjkBUSewZlcRxY3MZ2IpOwFu1ORb0V+edRVqNeTSSg/4//fPJgHRuPN\nAgMBAAGjIzAhMA4GA1UdDwEB/wQEAwICpDAPBgNVHRMBAf8EBTADAQH/MA0GCSqG\nSIb3DQEBCwUAA4IBAQB+nGQaAzM2R8XVKHxFGS5Xu5XaibeimKhsHYZqV72beBxM\ncbF+SgYOnMroNASj7V+zKvQsMbZmlePFF+bBuOrToPXyyPCIau9PfCogs9TfdQfr\nUfKEIfL1juUyGbE0Q2atH1Dol3kJnEctzkFrRImWqgr3Yq35pXY1twCjicFpi9KC\nA+M8lhchB4i5GcLdGFBGuVpzlBd1jX8fc7QX2ZD+SRNpqri+yDhVWfCr434MZzgL\nt4cfRwQLNe3mrub592xtO9CQuNyLznjxUpKmq1vnWk/Q41z8FnpLY254CxYz4O6U\nG3ztrvirqNvaiVtrGG+cEArwijY8dG1NvdEI+RTP\n-----END CERTIFICATE-----\n"
Comment 4 Junqi Zhao 2017-08-23 01:37 EDT
Created attachment 1316949 [details]
caCertificate field in metrics route
Comment 6 errata-xmlrpc 2017-09-05 13:42:58 EDT
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2017:2639

Note You need to log in before you can comment on or make changes to this bug.