Hide Forgot
Description of problem: Currently we have no playbook or a way to redeploy EFK certificates. Expected results: Provide playbook to redeploy cert like other OCP components(master,etcd,registry...)
Closing WONTFIX. It is possible to rerun ansible which should redeploy with updated certificates.
After rerun the /usr/share/ansible/openshift-ansible/playbooks/openshift-logging/config.yml ansible script, the cert will not update. such as /etc/elasticsearch/secret/admin-ca admin-cert in es pod. the content are same after rerun.
@Eric, Can you comment about how the certs should be regenerated.
You will need to first remove the certificates that are stored on your `oo_first_master` node, they will be in the path {/location/of/your/base/ocp/install}/logging. The ansible role will create new certificates if they do not exist here, it should then go through and recreate the secrets with these new certificates.
Converting to a docs bug so we can identify it properly
@Xiaoli Please take a look. https://github.com/openshift/openshift-docs/pull/13107/
Changes are live: https://docs.openshift.com/container-platform/3.11/install_config/aggregate_logging.html#fluentd-redeploy-certs