*Resending, as I forgot the User List as CC:* Ok, I remember that I got this warning too and it seems to be unrelated to the master API certificate.
As James already mentioned, maybe it's a problem that you set the public, internal and subdomain var to the same hostname: openshift_master_cluster_hostname=okd01.aixigo.de openshift_master_cluster_public_hostname=okd01.aixigo.de openshift_master_default_subdomain=okd01.aixigo.de Is the hostname on the machine set to okd01.aixigo.de (check with 'hostname')? Verify that the openshift_master_cluster_hostname equals the 'hostname' Try the redeploy_certificate playbook with openshift_master_cluster_public_hostname not set as according to this issue https://github.com/openshift/openshift-ansible/issues/6971 this might be a problem. I assume you don't use a loadbalancer. If this still doesn't help, take a different DNS entry for the openshift_master_cluster_public_hostname pointing to the master node (e.g. openshift.aixigo.de with A record pointing to the IP of okd01.aixigo.de). If this still leads to issue, change the subdomain or master name completely. My current, working setup looks like this: openshift_master_default_subdomain=cloud.example.io # Public resolvable openshift_master_cluster_public_hostname=openshift.example.io # Public resolvable openshift_master_cluster_hostname=okd01-master01.vm.example.io # Private IP openshift_master_overwrite_named_certificates=true openshift_certificate_expiry_warning_days=0 openshift_master_named_certificates=[{"certfile": "/etc/ acme.sh/example.io/fullchain.pem", "keyfile": "/etc/ acme.sh/example.io/key.pem", "cafile": "/etc/acme.sh/example.io/ca.cer", "names": ["openshift.example.io"]}] openshift_hosted_router_certificate={"certfile": "/etc/ acme.sh/example.io/fullchain.pem", "keyfile": "/etc/ acme.sh/example.io/key.pem", "cafile": "/etc/acme.sh/example.io/ca.cer"} Just as a note, to prevent further issues, the certfile should point to the fullchain, and not only to the certificate, so that clients which don't know the intermediates certs (like curl or oc cli) work without error. Am Mi., 27. März 2019 um 14:56 Uhr schrieb Nikolas Philips < nikolas.phil...@gmail.com>: > Ok, I remember that I got this warning too and it seems to be unrelated to > the master API certificate. > > As James already mentioned, maybe it's a problem that you set the public, > internal and subdomain var to the same hostname: > > openshift_master_cluster_hostname=okd01.aixigo.de > openshift_master_cluster_public_hostname=okd01.aixigo.de > openshift_master_default_subdomain=okd01.aixigo.de > > > Is the hostname on the machine set to okd01.aixigo.de (check with > 'hostname')? Verify that the openshift_master_cluster_hostname equals the > 'hostname' > Try the redeploy_certificate playbook with > openshift_master_cluster_public_hostname > not set as according to this issue > https://github.com/openshift/openshift-ansible/issues/6971 this might be > a problem. I assume you don't use a loadbalancer. > > If this still doesn't help, take a different DNS entry for the > openshift_master_cluster_public_hostname pointing to the master node > (e.g. openshift.aixigo.de with A record pointing to the IP of > okd01.aixigo.de). If this still leads to issue, change the subdomain or > master name completely. > > My current, working setup looks like this: > openshift_master_default_subdomain=cloud.example.io # Public resolvable > openshift_master_cluster_public_hostname=openshift.example.io # Public > resolvable > openshift_master_cluster_hostname=okd01-master01.vm.example.io # Private > IP > > openshift_master_overwrite_named_certificates=true > openshift_certificate_expiry_warning_days=0 > openshift_master_named_certificates=[{"certfile": "/etc/ > acme.sh/example.io/fullchain.pem", "keyfile": "/etc/ > acme.sh/example.io/key.pem", "cafile": "/etc/acme.sh/example.io/ca.cer", > "names": ["openshift.example.io"]}] > openshift_hosted_router_certificate={"certfile": "/etc/ > acme.sh/example.io/fullchain.pem", "keyfile": "/etc/ > acme.sh/example.io/key.pem", "cafile": "/etc/acme.sh/example.io/ca.cer"} > > Just as a note, to prevent further issues, the certfile should point to > the fullchain, and not only to the certificate, so that clients which don't > know the intermediates certs (like curl or oc cli) work without error. > > > Am Mi., 27. März 2019 um 12:20 Uhr schrieb Harald Dunkel < > harald.dun...@aixigo.de>: > >> PS: The ansible problem has been resolved: It seems that systemd got >> confused. After manually running "systemctl daemon-reload" the playbook >> succeeded. >> >> The certificate for okd01.aixigo.de is still bad. There were no >> warnings for redeploy-certificates, except for >> >> : >> TASK [Evaluate oo_etcd_to_migrate] >> ************************************************************************************* >> ok: [localhost] => (item=okd01a.ac.aixigo.de) => {"add_host": {"groups": >> ["oo_etcd_to_migrate"], "host_name": "okd01a.ac.aixigo.de", "host_vars": >> {}}, "changed": false, "item": "okd01a.ac.aixigo.de"} >> [WARNING]: Could not match supplied host pattern, ignoring: >> oo_lb_to_config >> [WARNING]: Could not match supplied host pattern, ignoring: >> oo_nfs_to_config >> : >> >> >> Regards >> Harri >> >> _______________________________________________ >> users mailing list >> users@lists.openshift.redhat.com >> http://lists.openshift.redhat.com/openshiftmm/listinfo/users >> >
_______________________________________________ users mailing list users@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/users
