Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 1503450 - 3.7.1 White spaces in the cert prevents Origin Metrics from starting
3.7.1 White spaces in the cert prevents Origin Metrics from starting
Status: CLOSED ERRATA
Product: OpenShift Container Platform
Classification: Red Hat
Component: Hawkular (Show other bugs)
3.7.1
Unspecified Unspecified
urgent Severity urgent
: ---
: 3.7.z
Assigned To: Juraci Paixão Kröhling
Junqi Zhao
:
Depends On: 1471251
Blocks: 1500464 1500471
  Show dependency treegraph
 
Reported: 2017-10-18 03:23 EDT by Juraci Paixão Kröhling
Modified: 2017-11-28 17:17 EST (History)
12 users (show)

See Also:
Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
When either a certificate within the chain at `serviceaccount/ca.crt` or any of the certificates within the provided truststore file contain a white space after the `BEGIN CERTIFICATE` declaration, the Java keytool rejects the certificate with an error, causing Origin Metrics to fail to start. As a workaround, Origin Metrics will now attempt to remove the spaces before feeding the certificate to the Keytool, but admins should make sure their certificates don't contain such spaces.
Story Points: ---
Clone Of: 1471251
Environment:
Last Closed: 2017-11-28 17:17:38 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2017:3188 normal SHIPPED_LIVE Moderate: Red Hat OpenShift Container Platform 3.7 security, bug, and enhancement update 2017-11-28 21:34:54 EST

  None (edit)
Comment 1 Juraci Paixão Kröhling 2017-10-18 04:08:05 EDT 
The fix is available on this build:
https://brewweb.engineering.redhat.com/brew/buildinfo?buildID=608943
Comment 2 Junqi Zhao 2017-10-20 08:53:07 EDT 
Tested with metrics-hawkular-metrics:3.7.0-0.159.0.0
Steps:
1. Add more spaces to the end of "-----BEGIN CERTIFICATE-----" in /etc/origin/master/ca-bundle.crt.
2. Restart server and deploy metrics 3.7 by using image metrics-hawkular-metrics:3.7.0-0.159.0.0 
3. #oc rsh ${HAWKULAR_METRICS_PODS};
   sh-4.2$cat /var/run/secrets/kubernetes.io/serviceaccount/ca.crt

   #oc rsh ${HAWKULAR_CASSANDRA_PODS};
   sh-4.2$cat /var/run/secrets/kubernetes.io/serviceaccount/ca.crt

   #oc rsh ${HEAPSTER_PODS};
   sh-4.2$cat /var/run/secrets/kubernetes.io/serviceaccount/ca.crt

"-----BEGIN CERTIFICATE-----" field don't have spaces in /var/run/secrets/kubernetes.io/serviceaccount/ca.crt of each pod, beside this, the content is thse same with /etc/origin/master/ca-bundle.crt.

4. Sanity testing of Metrics, it works well.

env:
# openshift version
openshift v3.7.0-0.143.7
kubernetes v1.7.0+80709908fd
etcd 3.2.1
Comment 5 errata-xmlrpc 2017-11-28 17:17:38 EST 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2017:3188
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.