Bug 1615026
| Summary: | redeploy_certificates.yaml does not add namedCertificates to servingInfo | ||
|---|---|---|---|
| Product: | OpenShift Container Platform | Reporter: | Borja Aranda <farandac> |
| Component: | Installer | Assignee: | Scott Dodson <sdodson> |
| Status: | CLOSED WONTFIX | QA Contact: | Johnny Liu <jialiu> |
| Severity: | medium | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 3.10.0 | CC: | aos-bugs, jokerman, mmccomas |
| Target Milestone: | --- | Keywords: | Reopened |
| Target Release: | 4.1.0 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2019-01-28 19:45:44 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
*** This bug has been marked as a duplicate of bug 1454478 *** I thought the bug I had duped this with was still open. Re-opening this. *** Bug 1615025 has been marked as a duplicate of this bug. *** While the playbooks will land the files they do not currently update the master configuration. The workaround is to manually update master config which should be durable change unaffected by future upgrades. |
Description of problem: redeploy_certificates.yaml does not update the namedCertificates in master-config.yaml. After installing a fresh cluster with self-signed certs, I ran redeploy_certificates with a hosts file containing: ~~~ openshift_master_overwrite_named_certificates=true openshift_master_named_certificates=[{"certfile": "/home/quicklab/webconsole.crt", "keyfile": "/home/quicklab/webconsole.key", "names": ["openshift.mordor.lab.rdu2.cee.redhat.com"], "cafile": "/home/quicklab/MordorCA.crt"}] ~~~ The ca-bundle is updated with the new CA, the named certificates are placed in /etc/origin/master/named_certificates, but master-config.yaml is not updated with the proper namedCertificates section inside servingInfo: ~~~ servingInfo: bindAddress: 0.0.0.0:443 bindNetwork: tcp4 certFile: master.server.crt clientCA: ca.crt keyFile: master.server.key maxRequestsInFlight: 500 requestTimeoutSeconds: 3600 ~~~ Version-Release number of the following components: openshift-ansible-3.10.21-1.git.0.6446011.el7.noarch How reproducible: Always Steps to Reproduce: 1. Install a fresh cluster with self-signed certificates 2. Run the procedure in [0] References: [0] https://docs.openshift.com/container-platform/3.10/install_config/certificate_customization.html#configuring-custom-certificates-retrofit-master