[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Ansible install: creation of ca.crt to authenticate on master

Setting host level vars for openshift_ip and openshift_public_ip ensures that both get added to master certificate subject alt names. 149.xx.xx.xx is automatically being used as the internal and public IP since it's likely the default route.

172.16.0.xx openshift_ip='172.16.xx.xx' openshift_public_ip='148.xx.xx.xx'

If you intend to refer to the cluster using only these IP addresses I'd recommend setting openshift_master_cluster_hostname and openshift_master_cluster_public_hostname. We may stop adding master IP addresses to certificate SANs unless they're explicitly set as the cluster hostnames since IP addresses can change frequently in cloud environments or otherwise.


On Mon, Jun 20, 2016 at 5:04 PM, Den Cowboy <dencowboy hotmail com> wrote:
I've 2 Centos instances. They both have a public IP on eth0 (148.xx.xx.xx) and both have an internal IP (172.16.xx.xx) on eth1.
I'm able to create my cluster with my private IP inside my /etc/ansible/hosts file.

But when I try to login internally:
oc login https://172.xx.xx:8443
Unable to connect to the server: x509: certificate is valid for 149.xx.xx.xx,, not 172.16.xxxx
I'm only able to authenticate with my public IP. What am I doing wrong?

This is my /etc/ansible/hosts file
# Create an OSEv3 group that contains the masters, nodes, and etcd groups

# Set variables common for all OSEv3 hosts

# uncomment the following to enable htpasswd authentication; defaults to DenyAllPasswordIdentityProvider
openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider', 'filename': '/etc/origin/master/htpasswd'}]

# host group for masters

# host group for etcd

# host group for nodes, includes region info
172.16.0.ww openshift_node_labels="{'region': 'primary', 'zone': 'east'}"


users mailing list
users lists openshift redhat com

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]