Bug 1615802
| Summary: | [W21FD0v0] some reencrypt routes can trigger router reloaded even they are in blueprints | ||||||
|---|---|---|---|---|---|---|---|
| Product: | OpenShift Container Platform | Reporter: | Hongan Li <hongli> | ||||
| Component: | Networking | Assignee: | Ram Ranganathan <ramr> | ||||
| Networking sub component: | router | QA Contact: | zhaozhanqi <zzhao> | ||||
| Status: | CLOSED CURRENTRELEASE | Docs Contact: | |||||
| Severity: | low | ||||||
| Priority: | low | CC: | aos-bugs, hongli | ||||
| Version: | 3.11.0 | ||||||
| Target Milestone: | --- | ||||||
| Target Release: | 3.11.0 | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | No Doc Update | |||||
| Doc Text: |
undefined
|
Story Points: | --- | ||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2018-12-21 15:23:07 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
|
Description
Hongan Li
2018-08-14 09:42:16 UTC
Created attachment 1475783 [details]
reen routes
@hongli - is this tested with the fix in: https://bugzilla.redhat.com/show_bug.cgi?id=1614727 ? It might be hitting the same conditions. I will also try it out against that branch a wee bit later today. Thx So I just did a dump in the config manager code of the two different routes that should have matched and the private keys are different. The first lines are different as well - blueprint one shows up as : MIICdw*+qDf and the route has: MIICXQ*/zg5 I think the key has lot more information than needed - it is getting sanitized and so ends up being different ... functional equivalent of this code below: Example: $ echo -e $(jq '.spec.tls.key' test-reen-b.json | sed 's/"//g' ) > /tmp/key.pem $ openssl rsa -in /tmp/key.pem -inform PEM -outform PEM -out /tmp/newkey.pem $ diff /tmp/key.pem /tmp/newkey.pem Try using the contents of newkey.pem aka: $ cat /tmp/newkey.pem | awk -v ORS='\\n' '1' as the key for both the blueprint route and your test route and see if that works. I'll look at fix for this ... caveat if possible - maybe we can do it on blueprint add time. Dropping the pri of this bug for now. Okay, so I figured out a way to do this generically based on whether or not extended validation being enabled - as that is what changes the private key internally. Fix for this issue is in PR: https://github.com/openshift/origin/pull/20646 @hongli ping. Any updates on the testing on this one? Thx tested in v3.11.0-0.28.0 and the issue has been fixed. Hi Ram, please move the bug status to MODIFIED when you have the PR, so I can verify them ASAP next time. thanks. verified with atomic-openshift-3.11.0-0.28.0.git.0.30d224c.el7.x86_64 and the issue has been fixed. Closing bugs that were verified and targeted for GA but for some reason were not picked up by errata. This bug fix should be present in current 3.11 release content. |