A follow-up since I haven't hear anything. The redeploy_certificates playbook from the rpm package(3.11.37-1.git.0.3b8b341) fails to complete with the following message: TASK [etcd : restart etcd] *************************************************************************** Friday 19 June 2020 15:16:38 -0700 (0:00:00.237) 0:02:03.210 *********** fatal: [gsm-dc20.mdc.usaorbea.lab]: FAILED! => {"changed": true, "cmd": ["/usr/local/bin/master-restart", "etcd"], "delta": "0:01:00.282143", "end": "2020-06-19 15:17:39.213329", "msg": "non-zero return code", "rc": 124, "start": "2020-06-19 15:16:38.931186", "stderr": "", "stderr_lines": [], "stdout": "", "stdout_lines": []}
Running the same playbook from the git repo tagged [3.11.223-1] Completes without errors but does not update the /etc/origin/node/node.kubeconfig file Openshift is version 3.11 oc v3.11.0+62803d0-1 kubernetes v1.11.0+d4cacc0 features: Basic-Auth GSSAPI Kerberos SPNEGO Server https://okd.example.com:8443 openshift v3.11.0+d0c29df-98 kubernetes v1.11.0+d4cacc0 From: Brigman, Larry Sent: Wednesday, June 17, 2020 8:58 AM To: users <users@lists.openshift.redhat.com> Subject: unable to redeploy all certs I'm having a problem with the internal OpenShift certs as they are about to expire on multiple clusters that I have. I run the redeploy_certs playbook with the following options: -e openshift_redeploy_openshift_ca=true -e openshift_master_bootstrap_auto_approve=true It redeploys all of the certs correctly except the ones inside the /etc/origin/node/node.kubeconfig Those are still being flagged as warning <365 days. Here is the section of the report. "kubeconfigs": [ { "cert_cn": "O:system:masters, O:system:cluster-admins, CN:system:admin", "days_remaining": 273, "expiry": "2021-03-01 22:15:50", "health": "warning", "path": "/etc/origin/node/node.kubeconfig", "serial": 6, "serial_hex": "0x6" }, { "cert_cn": "O:system:masters, O:system:cluster-admins, CN:system:admin", "days_remaining": 273, "expiry": "2021-03-01 22:15:50", "health": "warning", "path": "/etc/origin/node/node.kubeconfig", "serial": 6, "serial_hex": "0x6" }, Indeed the file has not been touched since OpenShift was installed over a year ago. What do I need to do to redeploy the certs in node.kubeconfig? _______________________________________________ users mailing list users@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/users