Bug 1667981 - [3.10] After running redeploy-certificates.yml playbook in OCP 3.10 webconsole stop working.
Summary: [3.10] After running redeploy-certificates.yml playbook in OCP 3.10 webconsol...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Installer
Version: 3.10.0
Hardware: Unspecified
OS: Linux
unspecified
high
Target Milestone: ---
: 3.10.z
Assignee: Vadim Rutkovsky
QA Contact: Yanping Zhang
URL:
Whiteboard:
Depends On: 1592303 1596233
Blocks: 1596557 1623987
TreeView+ depends on / blocked
 
Reported: 2019-01-21 15:54 UTC by Dmitry Zhukovski
Modified: 2019-04-09 23:40 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Cause: playbook which redeployed master certificates didn't update webconsole secrets Consequence: webconsole failed to start when master certs were redeployed Fix: webconsole secrets are recreated during master cewrt redeploy playbook Result: webconsole works correctly after master cert redeploy
Clone Of: 1592303
Environment:
Last Closed: 2019-04-09 23:40:43 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2019:0620 0 None None None 2019-04-09 23:40:52 UTC

Comment 4 Vadim Rutkovsky 2019-01-23 09:40:07 UTC 
This works correctly when playbooks/redeploy-certificates.yml is being run.
However when only playbooks/openshift-master/redeploy-certificates.yml is started.
This affects 3.9, 3.10 and 3.9. 

https://github.com/openshift/openshift-ansible/pull/9713 should be used as a base: create a new webconsole-only redeploy playbook and run it when master certs are being redeployed
Comment 5 Vadim Rutkovsky 2019-02-26 15:23:26 UTC 
Created 3.11 PR - https://github.com/openshift/openshift-ansible/pull/11246
Comment 6 Vadim Rutkovsky 2019-02-28 18:45:06 UTC 
3.10 PR - https://github.com/openshift/openshift-ansible/pull/11270
Comment 7 Vadim Rutkovsky 2019-03-05 08:28:04 UTC 
Fix is available in openshift-ansible-3.10.120-1
Comment 8 Yanping Zhang 2019-03-06 07:00:31 UTC 
OCP cluster version:
openshift v3.10.121
kubernetes v1.10.0+b81c8f8
openshift-ansible version:
openshift-ansible-3.10.122-1.git.0.05498cb.el7.noarch

Run playbook: ansible-playbook -i /path/to/inventory /usr/share/ansible/openshift-ansible/playbooks/openshift-master/redeploy-certificates.yml
After finished, web console can be accessed, secret webconsole-serving-cert and web console pod are newly created.
The bug has been fixed, so move it to Verified.
Comment 10 errata-xmlrpc 2019-04-09 23:40:43 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2019:0620
Note You need to log in before you can comment on or make changes to this bug.