Re: unable to redeploy all certs

Fri, 19 Jun 2020 15:48:17 -0700 

A follow-up since I haven't hear anything.
The redeploy_certificates playbo​ok from the rpm 
package(3.11.37-1.git.0.3b8b341) fails to complete with the following message:
TASK [etcd : restart etcd] 
***************************************************************************
Friday 19 June 2020  15:16:38 -0700 (0:00:00.237)       0:02:03.210 ***********
fatal: [gsm-dc20.mdc.usaorbea.lab]: FAILED! => {"changed": true, "cmd": 
["/usr/local/bin/master-restart", "etcd"], "delta": "0:01:00.282143", "end": 
"2020-06-19 15:17:39.213329", "msg": "non-zero return code", "rc": 124, 
"start": "2020-06-19 15:16:38.931186", "stderr": "", "stderr_lines": [], 
"stdout": "", "stdout_lines": []}

Running the same playbook from the git repo tagged [3.11.223-1]
Completes without errors but does not update the 
/etc/origin/node/node.kubeconfig file

Openshift is version 3.11
oc v3.11.0+62803d0-1
kubernetes v1.11.0+d4cacc0
features: Basic-Auth GSSAPI Kerberos SPNEGO

Server https://okd.example.com:8443
openshift v3.11.0+d0c29df-98
kubernetes v1.11.0+d4cacc0


From: Brigman, Larry
Sent: Wednesday, June 17, 2020 8:58 AM
To: users <users@lists.openshift.redhat.com>
Subject: unable to redeploy all certs 
 
I'm having a problem with the internal OpenShift certs as they are about to 
expire on multiple clusters that I have.

I run the redeploy_certs playbook with the following options:
-e openshift_redeploy_openshift_ca=true -e 
openshift_master_bootstrap_auto_approve=true

It redeploys all of the certs correctly except the ones inside the 
/etc/origin/node/node.kubeconfig
Those are still being flagged as warning <365 days. 
Here is the section of the report.
      "kubeconfigs": [
        {
          "cert_cn": "O:system:masters, O:system:cluster-admins, 
CN:system:admin",
          "days_remaining": 273,
          "expiry": "2021-03-01 22:15:50",
          "health": "warning",
          "path": "/etc/origin/node/node.kubeconfig",
          "serial": 6,
          "serial_hex": "0x6"
        },
        {
          "cert_cn": "O:system:masters, O:system:cluster-admins, 
CN:system:admin",
          "days_remaining": 273,
          "expiry": "2021-03-01 22:15:50",
          "health": "warning",
          "path": "/etc/origin/node/node.kubeconfig",
          "serial": 6,
          "serial_hex": "0x6"
        },

Indeed the file has not been touched since OpenShift was installed over a year 
ago.

What do I need to do to redeploy the certs in node.kubeconfig? 

_______________________________________________
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Reply via email to