Bug 1538896 – [3.7] Invalid entries in namedCertificates when using openshift_master_named_certificates

Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.

Bug 1538896 - [3.7] Invalid entries in namedCertificates when using openshift_master_named_certificates

Summary:	[3.7] Invalid entries in namedCertificates when using openshift_master_named_...

Status:	CLOSED ERRATA

Aliases:	None

Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	Installer (Show other bugs)
Sub Component:
Version:	3.7.1
Hardware:	x86_64 Linux

Priority	unspecified Severity high
Target Milestone:	---
Target Release:	3.7.z
Assigned To:	Russell Teague
QA Contact:	Johnny Liu
Docs Contact:

URL:
Whiteboard:
Keywords:

Depends On:
Blocks:
	Show dependency tree / graph

Reported:	2018-01-25 23:19 EST by Russell Teague
Modified:	2018-04-05 05:36 EDT (History)
CC List:	5 users (show)

See Also:
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:	Cause: Alternative names in certificates were not being properly parsed. Consequence: Alternatives with 'email:' were being added as additional hostnames. Fix: Updated the logic to only add alternative names which begin with 'DNS:' Result: Proper parsing and updating of namedCertificates
Story Points:	---
Clone Of:	1502838
Environment:
Last Closed:	2018-04-05 05:36:18 EDT
Type:	Bug
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

External Trackers
Tracker	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2018:0636	None	None	None	2018-04-05 05:36 EDT

Groups: None (edit)

Comment 1 Russell Teague 2018-01-26 11:21:44 EST

Proposed: https://github.com/openshift/openshift-ansible/pull/6890

Comment 2 Russell Teague 2018-01-29 08:11:03 EST

Fixed in openshift-ansible-3.7.27-1

Comment 4 Johnny Liu 2018-01-30 03:56:03 EST

Verified this bug with openshift-ansible-3.7.27-1.git.0.ae95fc3.el7.noarch, and PASS.

# cat /etc/origin/master/master-config.yaml
<--snip-->
  namedCertificates:
  - certFile: /etc/origin/master/named_certificates/cloudbeta.rio.gov.br.crt
    keyFile: /etc/origin/master/named_certificates/cloudbeta.rio.gov.br.key
    names:
    - cloudbeta.rio.gov.br
<--snip-->

Comment 8 errata-xmlrpc 2018-04-05 05:36:18 EDT

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:0636

Note You need to log in before you can comment on or make changes to this bug.