[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: origin 1.2 bad certificate



more info

i managed to connect with curl to the etcd server and queried about controller keys

{"action":"get","node":{"key":"/openshift.io/leases/controllers","value":"master-lyy7bxfg","expiration":"2017-05-31T10:26:28.833756573Z","ttl":-1128220,"modifiedIndex":20547532,"createdIndex":18120566}


looks that what is expired is the key on the etcd BBDD..

how can i solve this?

best regards



El 13 jun 2017, a las 13:46, Julio Saura <jsaura hiberus com> escribió:

sorry about wget

connecting to etcd nodes using openssl and passing client certs looks good

openssl s_client -cert master.etcd-client.crt  -key master.etcd-client.key -connect etcd-node1:2379 -debug

connects without problem

but api service does not


Jun 13 15:25:04 openshift-master01 origin-master-controllers: E0613 15:25:04.997861    2391 leaderlease.go:69] unable to check lease openshift.io/leases/controllers: 501: All the given peers are not reachable (failed to propose on members [https://etcd-node02l:2379 https:/etcd-node01:2379] twice [last error: Put https://etcd-node02:2379/v2/keys/openshift.io/leases/controllers?prevExist=false: remote error: bad certificate


Julio Saura Alejandre
Responsable Servicios Gestionados
hiberus TRAVEL
Tel.: + 34 902 87 73 92 Ext. 659
Parque Empresarial PLAZA
Edificio EXPOINNOVACIÓN
C/. Bari 25 Duplicado, Escalera 1, Planta 2ª. 50197 Zaragoza

Crecemos contigo

Este mensaje se envía desde la plataforma de correo de Hiberus Este mensaje y los documentos que, en su caso, lleve anexos, se dirigen exclusivamente a su destinatario y pueden contener información privilegiada o confidencial. Si tú no eres el destinatario indicado, queda notificado de que la utilización, divulgación y/o copia sin autorización está prohibida en virtud de la legislación vigente. Por ello, se informa a quien lo reciba por error, que la información contenida en el mismo es reservada y su uso no autorizado está prohibido legalmente, por lo que en tal caso te rogamos que nos lo comuniques vía e-mail o teléfono, te abstengas de realizar copias del mensaje o remitirlo o entregarlo a terceras personas y procedas a devolverlo a su emisor y/o destruirlo de inmediato.

El 13 jun 2017, a las 13:28, Julio Saura <jsaura hiberus com> escribió:

Hello

i have a problem in a 1.2.0 cluster with etcd ca and certificates, mainly they did expire

i followed the doc regarding this and after update my openshift-ansible i got the needed playbook

after running em i see etcd certs and ca are updated on my nodes, and dumping them with openssl looks good.

ansible-playbook -v -i /etc/ansible/hosts ./playbooks/byo/openshift-cluster/redeploy-certificates.yml

i see the ca and certs have been updates nicely on my etcd nodes, they do start but i still get bad certificate when api/master tries to connect to ectd

i did check connecting with wget for example but it says bad certificate

OpenSSL: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate

any clue? my cluster is down right now :/

best regards




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]