Bug 1733611 - playbook ./openshift-master/redeploy-openshift-ca.yml doesn't redeploy the ca, ca.crt is still openshift signer
Summary: playbook ./openshift-master/redeploy-openshift-ca.yml doesn't redeploy the ca...
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Installer
Version: 3.11.0
Hardware: Unspecified
OS: Unspecified
unspecified
high
Target Milestone: ---
: 3.11.z
Assignee: Joseph Callen
QA Contact: Johnny Liu
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-07-26 18:40 UTC by Vladislav Walek
Modified: 2019-08-12 13:03 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-08-12 13:03:45 UTC
Target Upstream Version:

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Vladislav Walek 2019-07-26 18:40:30 UTC 
Description of problem:

customer is redeploying custom ca with parameters:

openshift_additional_ca=<custom-root-ca>.pem
openshift_master_ca_certificate={'certfile': '<custom-ca>.cer', 'keyfile': '<custom-ca>.key'}

the playbook finishes correctly, however, the /etc/origin/master/ca.crt is still the same.
# openssl x509 -in /etc/origin/master/ca.crt -text -noout

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=openshift-signer@1564141585
        Validity
            Not Before: Jul 26 11:46:24 2019 GMT
            Not After : Jul 24 11:46:25 2024 GMT
        Subject: CN=openshift-signer@1564141585
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:


Version-Release number of the following components:
rpm -q openshift-ansible
rpm -q ansible
ansible-playbook 2.6.16

will provide the rest

How reproducible:
n/a

Steps to Reproduce:
1.
2.
3.

Actual results:
Please include the entire output from the last TASK line through the end of output if an error is generated

Expected results:

Additional info:
Please attach logs from ansible-playbook with the -vvv flag
Comment 5 Vladislav Walek 2019-07-26 19:04:51 UTC 
the version is 

openshift-ansible 3.11.98
Note You need to log in before you can comment on or make changes to this bug.