Description of problem:
On a cluster install, when providing identity providers, we cannot provide a CA certificate fro the Github certificate necessary to allow the masters to communicate with Github enterprise.
Here are the upstream links:
The changes are yet to be reflected in the v3.11.41 playbooks.
Steps to Reproduce:
1. Adding a CA in the Identity provider for Github makes the masters non-operable if it's not in the /etc/origin/master
Please include the entire output from the last TASK line through the end of output if an error is generated
The customer expects https://github.com/openshift/openshift-ansible/blob/master/roles/openshift_control_plane/tasks/main.yml#L63 to have a Github one for custom certificates
master PR https://github.com/openshift/openshift-ansible/pull/10566
3.11 cherrypick - https://github.com/openshift/openshift-ansible/pull/10647
Fix is available in openshift-ansible-3.11.43-1
CA certificate copied to /etc/origin/master
$ oc get user
NAME UID FULL NAME IDENTITIES
chuyu b2dc5f0b-eeee-11e8-aaa2-fa163eeee67b github_enterprise:3
Kernel Version: 3.10.0-957.el7.x86_64
Operating System: Red Hat Enterprise Linux Server 7.6 (Maipo)
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.