Bug 1884558 - cacert file path generated by CCO is not correct for SSC OSP16 cluster
Summary: cacert file path generated by CCO is not correct for SSC OSP16 cluster
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Installer
Version: 4.6
Hardware: Unspecified
OS: Unspecified
low
low
Target Milestone: ---
: 4.6.0
Assignee: Mike Fedosin
QA Contact: David Sanz
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2020-10-02 10:03 UTC by Martin André
Modified: 2020-10-27 16:48 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2020-10-27 16:47:41 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift installer pull 4227 0 None closed Bug 1884558: do not use local cacert path in generated clouds.yaml 2020-10-10 06:33:18 UTC
Red Hat Product Errata RHBA-2020:4196 0 None None None 2020-10-27 16:48:11 UTC

Description Martin André 2020-10-02 10:03:28 UTC
This bug was initially created as a copy of Bug #1880896

I am copying this bug because the defect was fixed as part of #1880896 but the CA cert path reported by clouds.yaml file served by the CCO is still confusing.


Description of Problem:
cacert file path generated by CCO is not correct for SSC OSP16 cluster

Version-Release number of selected component (if applicable):
4.6.0-0.nightly-2020-09-17-195238

How Reproducible:
Always


Steps to Reproduce:
1. Install an OCP4.6 cluster on a SSC OSP16 cluster
2. Check the secret created by CCO


Actual Results:
]$ oc get credentialsrequests.cloudcredential.openshift.io  manila-csi-driver-operator -n openshift-cloud-credential-operator -o json|jq .spec
{
  "providerSpec": {
    "apiVersion": "cloudcredential.openshift.io/v1",
    "kind": "OpenStackProviderSpec"
  },
  "secretRef": {
    "name": "manila-cloud-credentials",
    "namespace": "openshift-cluster-csi-drivers"
  }
}

$ oc get secret manila-cloud-credentials -n openshift-cluster-csi-drivers -ojson| jq .data
{
  "clouds.yaml": "BASE64 encode string"
}

$ echo BASE64 encode string|base64 -d
clouds:
  openstack:
    auth:
      auth_url: XXXXXX
      password: XXXX
      project_id: 86cb1a7c2dd04e1ea26087255744db1b
      project_name: shiftstack
      user_domain_name: Default
      username: shiftstack_user
    cacert: /home/jenkins/workspace/Launch Environment Flexy/workdir/cacert.crt.20200918-419-1lzytgo
    endpoint_type: public
    identity_api_version: "3"
    region_name: regionOne
    verify: true

When creating a manila share PVC, PV provisioned failed for:
Warning  ProvisioningFailed    <invalid> (x7 over <invalid>)   manila.csi.openstack.org_openstack-manila-csi-controllerplugin-59c6c8cc4-rvbx6_9f013ff7-88c6-47d8-bf30-b868a57db2a7  failed to provision volume with StorageClass "csi-manila-nfs": rpc error: code = Unauthenticated desc = failed to create Manila v2 client: failed to authenticate: failed to read and parse /home/jenkins/workspace/Launch Environment Flexy/workdir/cacert.crt.20200918-419-1lzytgo certificate: open /home/jenkins/workspace/Launch Environment Flexy/workdir/cacert.crt.20200918-419-1lzytgo: no such file or directory


Expected Results:
cacert file path is a valid file path

Additional Info:

Comment 6 errata-xmlrpc 2020-10-27 16:47:41 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (OpenShift Container Platform 4.6 GA Images), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:4196


Note You need to log in before you can comment on or make changes to this bug.