Description of problem:
While running "/usr/share/ansible/openshift-ansible/playbooks/redeploy-certificates.yml", service signer CA is recreated even if CA is not (this is currently expected behavior).
However, heapster-certs secret at openshift-infra namespace is not regenerated, so the one signed by old CA is still there. This causes issues with both heapster and hawkular-metrics until the secret is deleted manually, so that it is regenerated.
Version-Release number of the following components:
rpm -q openshift-ansible
rpm -q ansible
config file = /root/ansible.cfg
configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/site-packages/ansible
executable location = /usr/bin/ansible
python version = 2.7.5 (default, Jun 11 2019, 12:19:05) [GCC 4.8.5 20150623 (Red Hat 4.8.5-36)]
Always if hawkular metrics stack is installed
Steps to Reproduce:
1. Redeploy certificates
heapster-certs secret at openshift-infra namespace is not regenerated
heapster-certs secret at openshift-infra namespace to be regenerated
I am going to attach full log just in case, but it is not actually relevant for this concrete bug.
*** Bug 1733327 has been marked as a duplicate of this bug. ***