Bug 2034270 - [4.8] vsphere-problem-detector cannot connect to vCenter API over https
Summary: [4.8] vsphere-problem-detector cannot connect to vCenter API over https
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Storage
Version: 4.7
Hardware: Unspecified
OS: Unspecified
unspecified
high
Target Milestone: ---
: 4.8.z
Assignee: Jan Safranek
QA Contact: Wei Duan
URL:
Whiteboard:
Depends On: 1969719
Blocks: 2030740
TreeView+ depends on / blocked
 
Reported: 2021-12-20 14:35 UTC by Jan Safranek
Modified: 2022-01-11 22:31 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of: 1969719
Environment:
Last Closed: 2022-01-11 22:31:17 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift cluster-storage-operator pull 249 0 None open [4.8] Bug 2034270: Add trusted CA bundle to vsphere operators 2021-12-20 14:46:41 UTC
Red Hat Product Errata RHBA-2022:0021 0 None None None 2022-01-11 22:31:21 UTC

Comment 3 Wei Duan 2021-12-22 12:21:10 UTC
I installed cluster with additionalTrustBundle with proxy env on 4.8:
In previous OCP4.8(without fix), after removing `insecure-flag = "1"` in cm/cloud-provider-config, I got following error in the storage CO (storage CO doesn't become degraded due to another bug fix)
  - lastTransitionTime: "2021-12-21T06:28:41Z"
    message: 'VSphereProblemDetectorControllerAvailable: failed to connect to vcenter.sddc-44-236-21-251.vmwarevmc.com:
      Post "https://vcenter.sddc-44-236-21-251.vmwarevmc.com/sdk": proxyconnect tcp:
      x509: certificate signed by unknown authority'
    reason: AsExpected
    status: "True"
    type: Available
    
In 4.8.0-0.nightly-2021-12-21-212247(with fix), after removing `insecure-flag = "1"`, the storage CO doesn't report such message. And checked inside the vsphere-problem-detector-operator pod, the addtional CA is added in /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem. 

Marked as "Verified".

Comment 6 errata-xmlrpc 2022-01-11 22:31:17 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (OpenShift Container Platform 4.8.26 bug fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2022:0021


Note You need to log in before you can comment on or make changes to this bug.