[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Ansible install: creation of ca.crt to authenticate on master



Setting host level vars for openshift_ip and openshift_public_ip ensures that both get added to master certificate subject alt names. 149.xx.xx.xx is automatically being used as the internal and public IP since it's likely the default route.

[masters]
172.16.0.xx openshift_ip='172.16.xx.xx' openshift_public_ip='148.xx.xx.xx'

If you intend to refer to the cluster using only these IP addresses I'd recommend setting openshift_master_cluster_hostname and openshift_master_cluster_public_hostname. We may stop adding master IP addresses to certificate SANs unless they're explicitly set as the cluster hostnames since IP addresses can change frequently in cloud environments or otherwise.

[OSEv3:vars]
...
openshift_master_cluster_hostname='172.16.xx.xx'
openshift_master_cluster_public_hostname='148.xx.xx.xx'


On Mon, Jun 20, 2016 at 5:04 PM, Den Cowboy <dencowboy hotmail com> wrote:
I've 2 Centos instances. They both have a public IP on eth0 (148.xx.xx.xx) and both have an internal IP (172.16.xx.xx) on eth1.
I'm able to create my cluster with my private IP inside my /etc/ansible/hosts file.

But when I try to login internally:
oc login https://172.xx.xx:8443
Unable to connect to the server: x509: certificate is valid for 149.xx.xx.xx, 172.30.0.1, not 172.16.xxxx
I'm only able to authenticate with my public IP. What am I doing wrong?

This is my /etc/ansible/hosts file
# Create an OSEv3 group that contains the masters, nodes, and etcd groups
[OSEv3:children]
masters
nodes
etcd

# Set variables common for all OSEv3 hosts
[OSEv3:vars]
ansible_ssh_user=root
deployment_type=origin


# uncomment the following to enable htpasswd authentication; defaults to DenyAllPasswordIdentityProvider
openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider', 'filename': '/etc/origin/master/htpasswd'}]

# host group for masters
[masters]
172.16.0.xx

# host group for etcd
[etcd]

# host group for nodes, includes region info
[nodes]
172.16.0.ww openshift_node_labels="{'region': 'primary', 'zone': 'east'}"


Thanks

_______________________________________________
users mailing list
users lists openshift redhat com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]