[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Error: certificate signed by unknown authority



I get the following error when starting an Openshift Origin node:

github.com/openshift/origin/pkg/cmd/server/kubernetes/node.go:267: Failed to list *api.Service: Get https://10.3.1.95:8443/api/v1/services resourceVersion=0: x509: certificate signed by unknown authority

 

I don’t know what I’m doing wrong.

 

The master ip is 10.3.1.95

 

On the node

   here is the servingInfo section of node-config.yaml:

servingInfo:
  bindAddress: 0.0.0.0:10250
  bindNetwork: tcp4
  certFile: server.crt
  clientCA: node-client-ca.crt
  keyFile: server.key
  namedCertificates: null

 

   here are the contents of openshift.local.config/node-ip-10-3-1-192.raytheon.com/

-rw-r--r--. 1 root root 1070 Jul 31 14:13 ca.crt
-rw-r--r--. 1 root root 1143 Jul 31 14:13 master-client.crt
-rw-------. 1 root root 1679 Jul 31 14:13 master-client.key
-rw-r--r--. 1 root root 1070 Jul 31 14:13 node-client-ca.crt
-rw-r--r--. 1 root root 1067 Jul 31 14:13 node-config.yaml
-rw-rw-rw-. 1 root root 5762 Jul 31 14:13 node.kubeconfig
-rw-r--r--. 1 root root  376 Jul 31 14:13 node-registration.json
-rw-r--r--. 1 root root 2221 Jul 31 14:13 server.crt
-rw-------. 1 root root 1675 Jul 31 14:13 server.key

 

   Here are the contents of openshift.local.config/master/   (copied from the contents of this directory on the master)

-rw-r--r--. 1 root root 1070 Jul 31 14:13 ca.crt
-rw-r--r--. 1 root root 1679 Jul 31 14:13 ca.key
-rw-r--r--. 1 root root    2 Jul 31 14:13 ca.serial.txt

 

Here is the oadm call, inside an Ansible script, used to configure the Openshift node:

 

$ oadm create-node-config --node-dir={{ proj_home }}/server/openshift.local.config/{{ openshift_nodename }} \

    --node={{ ansible_nodename }} \

    --hostnames={{ ansible_nodename }},{{ ansible_default_ipv4.address }} \

    --master="https://{{ openshift_master_ip }}:8443" \

    --certificate-authority={{ proj_home }}/server/openshift.local.config/master/ca.crt \

    --signer-cert={{ proj_home }}/server/openshift.local.config/master/ca.crt \

    --signer-key={{ proj_home }}/server/openshift.local.config/master/ca.key \

    --signer-serial={{ proj_home }}/server/openshift.local.config/master/ca.serial.txt \

    --node-client-certificate-authority={{ proj_home }}/server/openshift.local.config/master/ca.crt

 

NOTE: I rolled my own Ansible scripts to deploy Openshift Origin in AWS Govcloud. The Openshift Ansible script provided for advanced installation didn’t work in Govcloud.

 

   -David Vogel


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]