Bug 1733330 - Redeploy-certificates does not regenerate heapster-certs secret
Summary: Redeploy-certificates does not regenerate heapster-certs secret
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Hawkular
Version: 3.11.0
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: ---
: 3.11.z
Assignee: Ruben Vargas Palma
QA Contact: Junqi Zhao
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-07-25 17:52 UTC by Pablo Alonso Rodriguez
Modified: 2023-12-15 16:39 UTC (History)
10 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2020-10-07 20:53:31 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)

Description Pablo Alonso Rodriguez 2019-07-25 17:52:28 UTC
Description of problem:

While running "/usr/share/ansible/openshift-ansible/playbooks/redeploy-certificates.yml", service signer CA is recreated even if CA is not (this is currently expected behavior).

However, heapster-certs secret at openshift-infra namespace is not regenerated, so the one signed by old CA is still there. This causes issues with both heapster and hawkular-metrics until the secret is deleted manually, so that it is regenerated.

Version-Release number of the following components:

rpm -q openshift-ansible
openshift-ansible-3.11.129-1.git.0.11838de.el7.noarch

rpm -q ansible
ansible-2.6.16-1.el7ae.noarch

ansible --version
ansible 2.6.16
  config file = /root/ansible.cfg
  configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python2.7/site-packages/ansible
  executable location = /usr/bin/ansible
  python version = 2.7.5 (default, Jun 11 2019, 12:19:05) [GCC 4.8.5 20150623 (Red Hat 4.8.5-36)]

How reproducible:

Always if hawkular metrics stack is installed

Steps to Reproduce:
1. Redeploy certificates

Actual results:

heapster-certs secret at openshift-infra namespace is not regenerated

Expected results:

heapster-certs secret at openshift-infra namespace to be regenerated

Additional info:

I am going to attach full log just in case, but it is not actually relevant for this concrete bug.

Comment 8 Jesus M. Rodriguez 2019-08-23 03:12:39 UTC
*** Bug 1733327 has been marked as a duplicate of this bug. ***

Comment 18 Stephen Cuppett 2020-10-07 20:53:31 UTC
Thank you for continuing to use Red Hat OpenShift.  As part of a wider bug review, this bug has been evaluated and we have determined that at this time we do not plan to progress it.  As such, we will be closing this bug.  If you have need for continued assistance on this issue, please reopen the bug with additional context on why it needs to be reconsidered.


Note You need to log in before you can comment on or make changes to this bug.