Bug 1840665 - [vSphere] Get insecure flag from provider config
Summary: [vSphere] Get insecure flag from provider config
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Cloud Compute
Version: 4.5
Hardware: Unspecified
OS: Unspecified
unspecified
low
Target Milestone: ---
: 4.5.0
Assignee: Alberto
QA Contact: Milind Yadav
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2020-05-27 12:16 UTC by Alexander Demicev
Modified: 2020-07-13 17:42 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2020-07-13 17:42:09 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift machine-api-operator pull 597 0 None closed Bug 1840665: [vSphere] Get insecure flag from provider config 2020-10-27 14:30:48 UTC
Red Hat Product Errata RHBA-2020:2409 0 None None None 2020-07-13 17:42:26 UTC

Description Alexander Demicev 2020-05-27 12:16:58 UTC
We should get the insecure flag from provider config and default to secure connection if flag is missing

https://vmware.github.io/vsphere-storage-for-kubernetes/documentation/existing.html#single-vcenter


Steps for QE:

1. oc edit cm cloud-provider-config -n openshift-config 
2. Add port under Global section
[Global]
insecure-flag = "1"

Comment 3 Milind Yadav 2020-06-05 08:29:16 UTC
VALIDATED on clusterversion :
[miyadav@miyadav ~]$ oc get clusterversion
NAME      VERSION                             AVAILABLE   PROGRESSING   SINCE   STATUS
version   4.5.0-0.nightly-2020-06-04-214605   True        False         128m    Cluster version is 4.5.0-0.nightly-2020-06-04-214605



Steps :
Step1. Insecureflag already set in cm config , created new machineset 
[miyadav@miyadav ~]$ oc create -f machineset_insecureflag.yaml
machineset.machine.openshift.io/miyadav-0605-5lrtj-worker-insec created

[miyadav@miyadav ~]$ oc get machines -o wide
NAME                                    PHASE         TYPE   REGION   ZONE   AGE   NODE                              PROVIDERID                                       STATE
miyadav-0605-5lrtj-master-0             Running                              60m   miyadav-0605-5lrtj-master-0       vsphere://420b6d2b-9677-77be-9fb2-701008877eaa   poweredOn
miyadav-0605-5lrtj-master-1             Running                              60m   miyadav-0605-5lrtj-master-1       vsphere://420b654d-12b7-7f62-7b98-dc357b9b2db2   poweredOn
miyadav-0605-5lrtj-master-2             Running                              60m   miyadav-0605-5lrtj-master-2       vsphere://420bdc02-735b-5397-bbc0-a13520dc9a34   poweredOn
miyadav-0605-5lrtj-worker-insec-jzcld   Provisioned                          8s                                      vsphere://420b384c-59c0-c9e9-b93a-d1daf6562ff4   poweredOn
miyadav-0605-5lrtj-worker-qbj8s         Running                              53m   miyadav-0605-5lrtj-worker-qbj8s   vsphere://420b0a4e-11ad-efae-7c08-079052f33dd9   poweredOn
miyadav-0605-5lrtj-worker-z7s6j         Running                              53m   miyadav-0605-5lrtj-worker-z7s6j   vsphere://420b2f9c-8ee4-9c52-be3e-f33a51167f24   poweredOn

[miyadav@miyadav ~]$ oc get machines -o wide
NAME                                    PHASE     TYPE   REGION   ZONE   AGE     NODE                                    PROVIDERID                                       STATE
miyadav-0605-5lrtj-master-0             Running                          63m     miyadav-0605-5lrtj-master-0             vsphere://420b6d2b-9677-77be-9fb2-701008877eaa   poweredOn
miyadav-0605-5lrtj-master-1             Running                          63m     miyadav-0605-5lrtj-master-1             vsphere://420b654d-12b7-7f62-7b98-dc357b9b2db2   poweredOn
miyadav-0605-5lrtj-master-2             Running                          63m     miyadav-0605-5lrtj-master-2             vsphere://420bdc02-735b-5397-bbc0-a13520dc9a34   poweredOn
miyadav-0605-5lrtj-worker-insec-jzcld   Running                          2m41s   miyadav-0605-5lrtj-worker-insec-jzcld   vsphere://420b384c-59c0-c9e9-b93a-d1daf6562ff4   poweredOn
miyadav-0605-5lrtj-worker-qbj8s         Running                          55m     miyadav-0605-5lrtj-worker-qbj8s         vsphere://420b0a4e-11ad-efae-7c08-079052f33dd9   poweredOn
miyadav-0605-5lrtj-worker-z7s6j         Running                          55m     miyadav-0605-5lrtj-worker-z7s6j         vsphere://420b2f9c-8ee4-9c52-be3e-f33a51167f24   poweredOn

Machine scaled properly 
[miyadav@miyadav ~]$ oc scale machineset miyadav-0605-5lrtj-worker-insec --replicas=2

[miyadav@miyadav ~]$ oc get machines -o wide
NAME                                    PHASE     TYPE   REGION   ZONE   AGE     NODE                                    PROVIDERID                                       STATE
miyadav-0605-5lrtj-master-0             Running                          76m     miyadav-0605-5lrtj-master-0             vsphere://420b6d2b-9677-77be-9fb2-701008877eaa   poweredOn
miyadav-0605-5lrtj-master-1             Running                          76m     miyadav-0605-5lrtj-master-1             vsphere://420b654d-12b7-7f62-7b98-dc357b9b2db2   poweredOn
miyadav-0605-5lrtj-master-2             Running                          76m     miyadav-0605-5lrtj-master-2             vsphere://420bdc02-735b-5397-bbc0-a13520dc9a34   poweredOn
miyadav-0605-5lrtj-worker-insec-jzcld   Running                          16m     miyadav-0605-5lrtj-worker-insec-jzcld   vsphere://420b384c-59c0-c9e9-b93a-d1daf6562ff4   poweredOn
miyadav-0605-5lrtj-worker-insec-w89r6   Running                          5m34s   miyadav-0605-5lrtj-worker-insec-w89r6   vsphere://420b0c88-743e-19bf-0a59-4c30830c34ba   poweredOn
miyadav-0605-5lrtj-worker-qbj8s         Running                          69m     miyadav-0605-5lrtj-worker-qbj8s         vsphere://420b0a4e-11ad-efae-7c08-079052f33dd9   poweredOn
miyadav-0605-5lrtj-worker-z7s6j         Running                          69m     miyadav-0605-5lrtj-worker-z7s6j         vsphere://420b2f9c-8ee4-9c52-be3e-f33a51167f24   poweredOn

machine scaled down properly
[miyadav@miyadav ~]$ oc scale machineset miyadav-0605-5lrtj-worker-insec --replicas=1
machineset.machine.openshift.io/miyadav-0605-5lrtj-worker-insec scaled
[miyadav@miyadav ~]$ oc get machines -o wide
NAME                                    PHASE     TYPE   REGION   ZONE   AGE     NODE                                    PROVIDERID                                       STATE
miyadav-0605-5lrtj-master-0             Running                          78m     miyadav-0605-5lrtj-master-0             vsphere://420b6d2b-9677-77be-9fb2-701008877eaa   poweredOn
miyadav-0605-5lrtj-master-1             Running                          78m     miyadav-0605-5lrtj-master-1             vsphere://420b654d-12b7-7f62-7b98-dc357b9b2db2   poweredOn
miyadav-0605-5lrtj-master-2             Running                          78m     miyadav-0605-5lrtj-master-2             vsphere://420bdc02-735b-5397-bbc0-a13520dc9a34   poweredOn
miyadav-0605-5lrtj-worker-insec-w89r6   Running                          7m35s   miyadav-0605-5lrtj-worker-insec-w89r6   vsphere://420b0c88-743e-19bf-0a59-4c30830c34ba   poweredOn
miyadav-0605-5lrtj-worker-qbj8s         Running                          71m     miyadav-0605-5lrtj-worker-qbj8s         vsphere://420b0a4e-11ad-efae-7c08-079052f33dd9   poweredOn
miyadav-0605-5lrtj-worker-z7s6j         Running                          71m     miyadav-0605-5lrtj-worker-z7s6j         vsphere://420b2f9c-8ee4-9c52-be3e-f33a51167f24   poweredOn


Additional info :
When the flag was deleted from the cm config(port set to 443) , got below error in logs to show that it defaulted to secure connection 

E0605 08:25:14.753032       1 controller.go:272] miyadav-0605-5lrtj-worker-insec-thxwf: failed to check if machine exists: miyadav-0605-5lrtj-worker-insec-thxwf: failed to create scope for machine: failed to create vSphere session: error setting up new vSphere SOAP client: Post https://vcsa-qe.vmware.devcluster.openshift.com:443/sdk: x509: certificate signed by unknown authority


when set the flag insecure-flag = "1" 

machine provisioned successfully and no errors

Comment 4 errata-xmlrpc 2020-07-13 17:42:09 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:2409


Note You need to log in before you can comment on or make changes to this bug.