Bug 1678624 - Provison APB failed with error of 'certificate verify failed'
Summary: Provison APB failed with error of 'certificate verify failed'
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Service Broker
Version: 4.1.0
Hardware: Unspecified
OS: Unspecified
Target Milestone: ---
: 4.1.0
Assignee: Shawn Hurley
QA Contact: Zihan Tang
Depends On: 1668534
TreeView+ depends on / blocked
Reported: 2019-02-19 09:01 UTC by Zihan Tang
Modified: 2019-06-04 10:44 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: No Doc Update
Doc Text:
Clone Of:
Last Closed: 2019-06-04 10:44:14 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2019:0758 0 None None None 2019-06-04 10:44:20 UTC

Description Zihan Tang 2019-02-19 09:01:43 UTC
Description of problem:
when provision apb in 4.0 env, provision failed, and the errors in sandbox pod is:

fatal: [localhost]: FAILED! => {"changed": false, "msg": "Error attempting to update pod with last operation annotation: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:579)"}

Version-Release number of selected component (if applicable):
OCP: 4.0.0-0.nightly-2019-02-17-024922
asb-operator: docker.io/automationbroker/automation-broker-operator:latest
asb: 1.4.4

How reproducible:

Steps to Reproduce:
1. install svcat and asb by ansible playbook in https://github.com/fusor/catbrokers4/
2. provision postgresql-apb in a new project.

Actual results:
provision failed.
logs of sandbox pod: 
[core@ip-10-0-135-63 ~]$ oc project dh-postgresql-apb-prov-7b885
Now using project "dh-postgresql-apb-prov-7b885" on server "https://zitang-api.qe.devcluster.openshift.com:6443".
[core@ip-10-0-135-63 ~]$ oc get pod 
NAME                                          READY   STATUS    RESTARTS   AGE
bundle-77f67418-9c39-4280-81e7-f2d09247cc70   1/1     Running   0          14s
[core@ip-10-0-135-63 ~]$ oc logs -f bundle-77f67418-9c39-4280-81e7-f2d09247cc70
DEPRECATED: APB playbooks should be stored at /opt/apb/project

PLAY [postgresql-apb provision] ************************************************

TASK [ansibleplaybookbundle.asb-modules : debug] *******************************
skipping: [localhost]

TASK [postgresql-apb : Update last operation] **********************************
fatal: [localhost]: FAILED! => {"changed": false, "msg": "Error attempting to update pod with last operation annotation: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:579)"}

PLAY RECAP *********************************************************************
localhost                  : ok=0    changed=0    unreachable=0    failed=1   

Expected results:
provision succeed.

Additional info:

Comment 1 Shawn Hurley 2019-02-19 14:56:15 UTC
This is a duplicate of https://bugzilla.redhat.com/show_bug.cgi?id=1668534 and is the same auth bug. I would suggest that this is closed.

Comment 2 Zihan Tang 2019-02-20 03:38:33 UTC
Bug https://bugzilla.redhat.com/show_bug.cgi?id=1668534  has re-assign to auth, add this bug depending on 1668534, and will verify this when auth issue fixed.

Comment 3 Zihan Tang 2019-02-21 09:25:19 UTC
With installer: v4.0.0-
Cluster version is 4.0.0-0.nightly-2019-02-20-194410
this issue is fixed.

Comment 6 errata-xmlrpc 2019-06-04 10:44:14 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.