Bug 1813354 - failed to get openstack Terraform variables: unable to parse certificate, please check the cacert section of clouds.yaml .. with empty line in certificate.pem file
Summary: failed to get openstack Terraform variables: unable to parse certificate, ple...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Installer
Version: 4.4
Hardware: Unspecified
OS: Unspecified
low
low
Target Milestone: ---
: 4.6.0
Assignee: Pierre Prinetti
QA Contact: David Sanz
URL:
Whiteboard:
Depends On:
Blocks: 1855704
TreeView+ depends on / blocked
 
Reported: 2020-03-13 15:08 UTC by Chris Janiszewski
Modified: 2020-10-27 15:57 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Cause: A programming error in the cacert parsing was causing an error when two end-of-line character sequences followed a certificate Consequence: A cacert trustbundle with two EOLs caused the installation to fail. Fix: The cacert trustbundle parser is now ignoring invisible characters. Result: The cacert trustbundle can now feature an arbitrary number of EOL char sequences before, between or after the certificates.
Clone Of:
Environment:
Last Closed: 2020-10-27 15:57:16 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift installer pull 3840 0 None closed Bug 1813354: OpenStack: Fix the cacert trustbundle parser 2020-09-23 05:51:59 UTC
Red Hat Product Errata RHBA-2020:4196 0 None None None 2020-10-27 15:57:19 UTC

Description Chris Janiszewski 2020-03-13 15:08:12 UTC
Description of problem:
OCP installer fails with error:
FATAL failed to fetch Terraform Variables: failed to generate asset "Terraform Variables": failed to get openstack Ter
raform variables: unable to parse certificate, please check the cacert section of clouds.yaml

The clouds.yaml has the correct pem certificate provided:

(chrisj-osp13) [stack@undercloud-osp13 ~]$ cat /home/stack/overcloud.pem 
-----BEGIN CERTIFICATE-----
MIIF5zCCA8+gAwIBAgIJAJGoemeMXvTiMA0GCSqGSIb3DQEBCwUAMIGIMQswCQYD
VQQGEwJVUzEXMBUGA1UECAwOTm9ydGggQ2Fyb2xpbmExDTALBgNVBAcMBEFwZXgx
EDAOBgNVBAoMB1JlZCBIYXQxEzARBgNVBAsMClRpZ2VyIFRlYW0xFDASBgNVBAMM
CzE3Mi4zMS44LjEwMRQwEgYDVQQDDAsxNzIuMzEuMC4xMDAgFw0xNzA4MTExNTQy
NDlaGA8yMjE3MDYyNDE1NDI0OVowgYgxCzAJBgNVBAYTAlVTMRcwFQYDVQQIDA5O
b3J0aCBDYXJvbGluYTENMAsGA1UEBwwEQXBleDEQMA4GA1UECgwHUmVkIEhhdDET
MBEGA1UECwwKVGlnZXIgVGVhbTEUMBIGA1UEAwwLMTcyLjMxLjguMTAxFDASBgNV
BAMMCzE3Mi4zMS4wLjEwMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA
wt4NNVOMvDd/Tr4HgGZb/43ZWvbrR3TDpSmlWc+MKk6UkBZ4Zy4lWie5xmlpb8Kp
JAbCFGcfJ/zpf433BvYnl0Em6EDwL6I7YCxwSytBr3TeyYT/JMbeHl6z/QKrxG1a
JLLrDcSBQjzCkaA5TMdMoUKQyICRWydgVGo39sAqYKhPII0Z6OoM6olrFwZNuN+T
4CA8uKSFcgDRsNf7iFjklSIsy6DfmAcOM0CYNwVtWYKG/SYVMStkmZvyZeZgeKzB
gy0SAqHxJ16tZghhLdS4edl8mNaVtpbBMcZU3Z9WqmP2IwR1MoDpebD2ZFnrY1k+
efgTyFZklIUjwmvm9YO1nX9epRsVwozH6YV4lJeRpZBVb7XzPeWm58xSvVFHiPJx
VZhFQb9PFv8fhihjAaaYf3AqhILiBlUH1Qb2pCdKpvQGetTEDD9jLAJHkpF72nfy
t3xOoCJGqhNbiUMvEKvpUlO6rTosITEkmtaRdGC1IwaBETTmBQDwS4nBg7hOlGO2
t7XrUXxrGbuGXyCY7Zz1HVVObH/m4I0yPpGf0BCZl1PbxVXeN+jOg29XX01mhG6x
7bEWsUTCfuokvJHRWUrkwZUpcgwBMFNHqOeq78NcUGlEpkbdoptWHpjxe+w6xZsz
AGJaFcvUU1EohoFdzsnF7ra7l4TEZZyFEdwlYXZnj8UCAwEAAaNQME4wHQYDVR0O
BBYEFBpbryhpHb6rSdaYsn1x7iE/KNy6MB8GA1UdIwQYMBaAFBpbryhpHb6rSdaY
sn1x7iE/KNy6MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggIBAECgEP0w
AP9BG3b7xXJdPV5oHkOIDmDcZtlSChLBQtyPwHez+8VcBxJqGF39FrYTqDaVKE+W
u1EV8oiC/JKjT9StTWNUKHrzrzNfVP378D8PShJOnlasTwIjbp4XycTV6uju8NDb
XKq8Lsd5XkpX+syhfvSw8KyuRP8nzrmUh7usokqXoMuohk94fp0nqFA2lo+16Xj5
zmZX+Ukyyho5Uh7Rpcx0W/ergsxsyfGt3yBVQO/ohsau9ezyBJwucY8vCLQ8Vd1i
OQao4dnOg4eIV8g5jPhll4nEgZqOp9NLmnoXWqOVPZ4FQ6V19nd21pRTvHmTXDFG
HO33EZdRAsSFr6f5cnHqqrv5PoTZQtyiXe01FUE9dpFS+gQf4cd98tr/Z39AYNZ7
5cllfZkM0xVuhR5fOzGlbDfVQD5eSqwM0Qp5wwMwJhGkxCLe/6l6xV0TDV5Rcb7i
BQ3zPGw7uJtOrxeFnGHWNWYdl24gxA1h7G3uKeKo/MNiJHvOLNul9wuvlWCCEJI0
bxr7iKAGSun8qkAWkYQy6ClARIGSiy+ah6pwOgObbge6eR2o/QOYFhIE1yleTNJU
JqYys+7rMa2qN2mfsnkn/IN2G80+Qs+qTLv2LDucO2PweBaslWh2ejc6axzLBJza
11Bq4Ry36CAT3PoIXyhO78iAL6Aly+gheyFT
-----END CERTIFICATE-----

(chrisj-osp13) [stack@undercloud-osp13 ~]$

There is however an empty line after the cert that is causing this error.


Version-Release number of the following components:
$ openshift-install version
openshift-install 4.4.0-0.nightly-2020-03-13-073111
built from commit e1b323fd7bbb57cabcbded74dad08483390f9a6c
release image quay.io/openshift-release-dev/ocp-release-nightly@sha256:4d13003b425559bb262721cadf809abfc953844be236c74
791138f7b7dade71e


How reproducible:
Everytime

Steps to Reproduce:
1. Add empty line to your cert file
2. Deploy
3.

Actual results:
FATAL failed to fetch Terraform Variables: failed to generate asset "Terraform Variables": failed to get openstack Ter
raform variables: unable to parse certificate, please check the cacert section of clouds.yaml


Expected results:
The cert should be parsed

Additional info:

Comment 2 Pierre Prinetti 2020-05-07 14:29:37 UTC
The team considers this bug as valid. Considering this bug priority and our capacity, we are deferring this bug to an upcoming sprint. If there are reasons for us to reprioritise, please let us know.

Comment 3 Pierre Prinetti 2020-05-14 14:16:13 UTC
Considering the priority assigned to this bug and our team capacity, we are deferring this bug to an upcoming sprint. Please let us know if there are reasons for us to reprioritize.

Comment 5 Martin André 2020-06-25 14:32:41 UTC
Considering the priority assigned to this bug and our team capacity, we are deferring this bug to an upcoming sprint. Please let us know if there are reasons for us to reprioritize.

Comment 8 David Sanz 2020-08-13 13:18:42 UTC
Verified on 4.6.0-0.nightly-2020-08-12-155346

Comment 10 errata-xmlrpc 2020-10-27 15:57:16 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (OpenShift Container Platform 4.6 GA Images), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:4196


Note You need to log in before you can comment on or make changes to this bug.