Description of problem:
While running "/usr/share/ansible/openshift-ansible/playbooks/redeploy-certificates.yml", service signer CA is recreated even if CA is not (this is currently expected behavior).
However, heapster-certs secret at openshift-infra namespace is not regenerated, so the one signed by old CA is still there. This causes issues with both heapster and hawkular-metrics until the secret is deleted manually, so that it is regenerated.
Version-Release number of the following components:
rpm -q openshift-ansible
rpm -q ansible
config file = /root/ansible.cfg
configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/site-packages/ansible
executable location = /usr/bin/ansible
python version = 2.7.5 (default, Jun 11 2019, 12:19:05) [GCC 4.8.5 20150623 (Red Hat 4.8.5-36)]
Always if hawkular metrics stack is installed
Steps to Reproduce:
1. Redeploy certificates
heapster-certs secret at openshift-infra namespace is not regenerated
heapster-certs secret at openshift-infra namespace to be regenerated
I am going to attach full log just in case, but it is not actually relevant for this concrete bug.
*** Bug 1733327 has been marked as a duplicate of this bug. ***
Thank you for continuing to use Red Hat OpenShift. As part of a wider bug review, this bug has been evaluated and we have determined that at this time we do not plan to progress it. As such, we will be closing this bug. If you have need for continued assistance on this issue, please reopen the bug with additional context on why it needs to be reconsidered.