Version: 4.7.0-0.nightly-2020-11-25-114114 $ openshift-install version ./openshift-install 4.7.0-0.nightly-2020-11-25-114114 built from commit a9e6c4d8fa0e7d5edb9cf95330689a65261ff09c release image registry.svc.ci.openshift.org/ocp/release@sha256:bf37e13af0e254d0b744b62ace0dcf5560230374d7877a8fde16cf9134ec7862 Platform: osp Please specify: * IPI What happened? After install a IPI on OSP cluster, add floating IP to master-0 and found there are CSRs for master-0 in pending status, and machine-approver tells: I1126 08:34:14.414126 1 main.go:147] CSR csr-gvvmx added I1126 08:34:14.457526 1 csr_check.go:418] retrieving serving cert from wj47ios1126a-tpzrs-master-0 (192.168.0.206:10250) I1126 08:34:14.459541 1 csr_check.go:163] Found existing serving cert for wj47ios1126a-tpzrs-master-0 W1126 08:34:14.459678 1 csr_check.go:172] Could not use current serving cert for renewal: CSR Subject Alternate Name values do not match current certificate W1126 08:34:14.459692 1 csr_check.go:173] Current SAN Values: [wj47ios1126a-tpzrs-master-0 192.168.0.206], CSR SAN Values: [wj47ios1126a-tpzrs-master-0 10.0.100.130 192.168.0.206] I1126 08:34:14.459706 1 csr_check.go:183] Falling back to machine-api authorization for wj47ios1126a-tpzrs-master-0 I1126 08:34:14.459721 1 main.go:182] CSR csr-gvvmx not authorized: IP address '10.0.100.130' not in machine addresses: 192.168.0.206 I1126 08:34:14.459730 1 main.go:218] Error syncing csr csr-gvvmx: IP address '10.0.100.130' not in machine addresses: 192.168.0.206 $ oc get csr NAME AGE SIGNERNAME REQUESTOR CONDITION csr-gvvmx 118s kubernetes.io/kubelet-serving system:node:wj47ios1126a-tpzrs-master-0 Pending $ oc get nodes -o wide NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME wj47ios1126a-tpzrs-master-0 Ready master 4h48m v1.19.2+ad738ba 192.168.0.206 10.0.100.130 Red Hat Enterprise Linux CoreOS 47.83.202011250342-0 (Ootpa) 4.18.0-240.1.1.el8_3.x86_64 cri-o://1.20.0-0.rhaos4.7.gitf3390f3.el8.19-dev wj47ios1126a-tpzrs-master-1 Ready master 4h48m v1.19.2+ad738ba 192.168.0.11 <none> Red Hat Enterprise Linux CoreOS 47.83.202011250342-0 (Ootpa) 4.18.0-240.1.1.el8_3.x86_64 cri-o://1.20.0-0.rhaos4.7.gitf3390f3.el8.19-dev wj47ios1126a-tpzrs-master-2 Ready master 4h49m v1.19.2+ad738ba 192.168.1.239 <none> Red Hat Enterprise Linux CoreOS 47.83.202011250342-0 (Ootpa) 4.18.0-240.1.1.el8_3.x86_64 cri-o://1.20.0-0.rhaos4.7.gitf3390f3.el8.19-dev wj47ios1126a-tpzrs-worker-0-2tdwz Ready worker 4h37m v1.19.2+ad738ba 192.168.0.149 <none> Red Hat Enterprise Linux CoreOS 47.83.202011250342-0 (Ootpa) 4.18.0-240.1.1.el8_3.x86_64 cri-o://1.20.0-0.rhaos4.7.gitf3390f3.el8.19-dev wj47ios1126a-tpzrs-worker-0-6wl5d Ready worker 4h37m v1.19.2+ad738ba 192.168.0.25 <none> Red Hat Enterprise Linux CoreOS 47.83.202011250342-0 (Ootpa) 4.18.0-240.1.1.el8_3.x86_64 cri-o://1.20.0-0.rhaos4.7.gitf3390f3.el8.19-dev wj47ios1126a-tpzrs-worker-0-nmxw7 Ready worker 4h35m v1.19.2+ad738ba 192.168.2.84 <none> Red Hat Enterprise Linux CoreOS 47.83.202011250342-0 (Ootpa) 4.18.0-240.1.1.el8_3.x86_64 cri-o://1.20.0-0.rhaos4.7.gitf3390f3.el8.19-dev What did you expect to happen? Machine-approver should still approve the CSRs How to reproduce it (as minimally and precisely as possible)? Always Anything else we need to know? no
Duplicate of: https://bugzilla.redhat.com/show_bug.cgi?id=1860774 *** This bug has been marked as a duplicate of bug 1860774 ***