Bug 1733330 - Redeploy-certificates does not regenerate heapster-certs secret
Summary: Redeploy-certificates does not regenerate heapster-certs secret
Keywords:
Status: ASSIGNED
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Hawkular
Version: 3.11.0
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: ---
: 3.11.z
Assignee: Ruben Vargas Palma
QA Contact: Junqi Zhao
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-07-25 17:52 UTC by Pablo Alonso Rodriguez
Modified: 2020-01-13 08:01 UTC (History)
10 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Target Upstream Version:


Attachments (Terms of Use)

Description Pablo Alonso Rodriguez 2019-07-25 17:52:28 UTC
Description of problem:

While running "/usr/share/ansible/openshift-ansible/playbooks/redeploy-certificates.yml", service signer CA is recreated even if CA is not (this is currently expected behavior).

However, heapster-certs secret at openshift-infra namespace is not regenerated, so the one signed by old CA is still there. This causes issues with both heapster and hawkular-metrics until the secret is deleted manually, so that it is regenerated.

Version-Release number of the following components:

rpm -q openshift-ansible
openshift-ansible-3.11.129-1.git.0.11838de.el7.noarch

rpm -q ansible
ansible-2.6.16-1.el7ae.noarch

ansible --version
ansible 2.6.16
  config file = /root/ansible.cfg
  configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python2.7/site-packages/ansible
  executable location = /usr/bin/ansible
  python version = 2.7.5 (default, Jun 11 2019, 12:19:05) [GCC 4.8.5 20150623 (Red Hat 4.8.5-36)]

How reproducible:

Always if hawkular metrics stack is installed

Steps to Reproduce:
1. Redeploy certificates

Actual results:

heapster-certs secret at openshift-infra namespace is not regenerated

Expected results:

heapster-certs secret at openshift-infra namespace to be regenerated

Additional info:

I am going to attach full log just in case, but it is not actually relevant for this concrete bug.

Comment 8 Jesus M. Rodriguez 2019-08-23 03:12:39 UTC
*** Bug 1733327 has been marked as a duplicate of this bug. ***


Note You need to log in before you can comment on or make changes to this bug.