upstream was merged
When openshift_logging_es_allow_external=True, the domain name couldn't be added to subject Alt name. I get the followimg error message. It seem the playbook couldn't handle the character '-' INSTALLER STATUS *************************************************************** Initialization : Complete (0:00:21) Logging Install : Complete (0:07:00) Elasticsearch external hostname es.apps.0502-u3j.qe.rhcloud.com contains invalid characters for certificate subject Alt Name. Not adding to Elasticsearch certificate.
(In reply to Anping Li from comment #5) > When openshift_logging_es_allow_external=True, the domain name couldn't be > added to subject Alt name. I get the followimg error message. It seem the > playbook couldn't handle the character '-' > > > INSTALLER STATUS > *************************************************************** > Initialization : Complete (0:00:21) > Logging Install : Complete (0:07:00) > Elasticsearch external hostname es.apps.0502-u3j.qe.rhcloud.com contains > invalid characters for certificate subject Alt Name. Not adding to > Elasticsearch certificate. This is a feature, not a bug. Hostname components that begin with a digit [0-9] are not allowed in a DNS field in a SubjectAltName. So "0502-u3j" cannot be part of a DNS field in a SubjectAltName.
@Rich, Is it a limitation of keytool? QE are always using subdomain like 0502-u3j.qe.rhcloud.com.
(In reply to Anping Li from comment #7) > @Rich, Is it a limitation of keytool? QE are always using subdomain like > 0502-u3j.qe.rhcloud.com. Yes, it might be a limitation of keytool.
Verified with openshift-ansible:v3.9.27
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2018:1566