[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

RE: openshift-master fails to start with ssl errors



Hi Clayton,

 

Finally we were able to renew expired certificates. The solution is move expired certificates to another location,  backup to configuration files and then re-run the ansible playbook install.

 

This will re-create the missing certificates without overwriting anything in place but overwrite master and node configuration files.

 

Thank you so much for all.

 

Best regards.

 


Francisco Pérez Fernández
Ingeniero de Software y Sistemas / Software and Systems Engineer

GMV
Albert Einstein, s/n
5ª Planta, Módulo 2
Edificio Insur Cartuja
E-41092 Sevilla
Tel. +34 95 408 80 60
Fax +34 95 408 12 33
www.gmv.com

 

 

 

De: Clayton Coleman [mailto:ccoleman redhat com]
Enviado el: jueves, 16 de marzo de 2017 18:22
Para: Francisco Pérez Fernández
CC: users lists openshift redhat com
Asunto: Re: openshift-master fails to start with ssl errors

 

I can't speak to that - 1.1 is pretty old now :)

 

Maybe some others on the list have tried.

 

On Thu, Mar 16, 2017 at 11:25 AM, Francisco Pérez Fernández <fpfernandez gmv com> wrote:

Hi Clayton,

 

Thank you for your reply.

 

The link that you indicate is for a later version that I have. My version is 1.1.1.1

 

The version of ansible that I use to deploy does not have the “openshift_certificate_expiry” role. There is not “redeploy-certificates.yml” playbook.

 

Could I use the current version of openshift-ansible [1] with my openshift version?

 

Moreover, I have been researching and I've seen this link [2]. The solution seems to be the following: “move expired certificates to another location and then re-run the ansible playbook”. Is it safe to do this?

 

[1] – https://github.com/openshift/openshift-ansible

[2] – https://github.com/openshift/openshift-ansible/issues/1260

 

Best regards.

 

De: Clayton Coleman [mailto:ccoleman redhat com]
Enviado el: jueves, 16 de marzo de 2017 14:08
Para: Francisco Pérez Fernández
CC: users lists openshift redhat com
Asunto: Re: openshift-master fails to start with ssl errors

 

This should cover the rekey scenario, you may have to limit to the master

 


On Mar 16, 2017, at 5:33 AM, Francisco Pérez Fernández <fpfernandez gmv com> wrote:

Hi,

 

My OpenShift cluster is down, on attempting to restart the master I got the following errors (see screenshot "openshift-master.log").

 

I note the etcd master cert is expired:

 

[root openshift-master1]# for i in /etc/origin/master/*.crt;do echo $i; openssl x509 -in $i -noout -enddate; done

/etc/origin/master/admin.crt

notAfter=Feb  7 13:52:14 2018 GMT

/etc/origin/master/ca.crt

notAfter=Feb  6 13:52:12 2021 GMT

/etc/origin/master/etcd.server.crt

notAfter=Feb  7 13:52:13 2018 GMT

/etc/origin/master/master.etcd-ca.crt

notAfter=Feb  7 13:50:29 2017 GMT

/etc/origin/master/master.etcd-client.crt

notAfter=Feb  7 13:51:41 2017 GMT

/etc/origin/master/master.kubelet-client.crt

notAfter=Feb  7 13:52:12 2018 GMT

/etc/origin/master/master.proxy-client.crt

notAfter=Feb  7 13:52:13 2018 GMT

/etc/origin/master/master.server.crt

notAfter=Feb  7 13:52:13 2018 GMT

/etc/origin/master/openshift-master.crt

notAfter=Feb  7 13:52:13 2018 GMT

/etc/origin/master/openshift-registry.crt

notAfter=Feb  7 13:52:16 2018 GMT

/etc/origin/master/openshift-router.crt

notAfter=Feb  7 13:52:15 2018 GMT

 

How can I regenerate this certificate without affecting others?

 

Our Openshift infrastructure is:

- 1 load balancer: openshift-lb

- 2 master: openshift-master1 and openshift-master2

- 2 nodes: openshift-node1 and openshift-node2

- Version: 1.1.1.1

 

I do not know if this question has been solved before, since searching in the list is not easy :)

 

Thank you so much.

 

Best regards.

 

 


P Please consider the environment before printing this e-mail.


This message including any attachments may contain confidential information, according to our Information Security Management System, and intended solely for a specific individual to whom they are addressed. Any unauthorised copy, disclosure or distribution of this message is strictly forbidden. If you have received this transmission in error, please notify the sender immediately and delete it. Thank you.


Este mensaje, y en su caso, cualquier fichero anexo al mismo, puede contener información clasificada por su emisor como confidencial en el marco de su Sistema de Gestión de Seguridad de la Información siendo para uso exclusivo del destinatario, quedando prohibida su divulgación copia o distribución a terceros sin la autorización expresa del remitente. Si Vd. ha recibido este mensaje erróneamente, se ruega lo notifique al remitente y proceda a su borrado. Gracias por su colaboración.


Esta mensagem, incluindo qualquer ficheiro anexo, pode conter informação confidencial, de acordo com nosso Sistema de Gestão de Segurança da Informação, sendo para uso exclusivo do destinatário e estando proibida a sua divulgação, cópia ou distribuição a terceiros sem autorização expressa do remetente da mesma. Se recebeu esta mensagem por engano, por favor avise de imediato o remetente e apague-a. Obrigado pela sua colaboração.


<openshift-master.log>

_______________________________________________
users mailing list
users lists openshift redhat com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users


P Please consider the environment before printing this e-mail.


This message including any attachments may contain confidential information, according to our Information Security Management System, and intended solely for a specific individual to whom they are addressed. Any unauthorised copy, disclosure or distribution of this message is strictly forbidden. If you have received this transmission in error, please notify the sender immediately and delete it. Thank you.


Este mensaje, y en su caso, cualquier fichero anexo al mismo, puede contener información clasificada por su emisor como confidencial en el marco de su Sistema de Gestión de Seguridad de la Información siendo para uso exclusivo del destinatario, quedando prohibida su divulgación copia o distribución a terceros sin la autorización expresa del remitente. Si Vd. ha recibido este mensaje erróneamente, se ruega lo notifique al remitente y proceda a su borrado. Gracias por su colaboración.


Esta mensagem, incluindo qualquer ficheiro anexo, pode conter informaão confidencial, de acordo com nosso Sistema de Gestão de Segurança da Informaão, sendo para uso exclusivo do destinatário e estando proibida a sua divulgaão, cópia ou distribuião a terceiros sem autorizaão expressa do remetente da mesma. Se recebeu esta mensagem por engano, por favor avise de imediato o remetente e apague-a. Obrigado pela sua colaboraão.


 


P Please consider the environment before printing this e-mail.


This message including any attachments may contain confidential information, according to our Information Security Management System, and intended solely for a specific individual to whom they are addressed. Any unauthorised copy, disclosure or distribution of this message is strictly forbidden. If you have received this transmission in error, please notify the sender immediately and delete it. Thank you.
Este mensaje, y en su caso, cualquier fichero anexo al mismo, puede contener informacin clasificada por su emisor como confidencial en el marco de su Sistema de Gestin de Seguridad de la Informacin siendo para uso exclusivo del destinatario, quedando prohibida su divulgacin copia o distribucin a terceros sin la autorizacin expresa del remitente. Si Vd. ha recibido este mensaje errneamente, se ruega lo notifique al remitente y proceda a su borrado.
Gracias por su colaboracin.
Esta mensagem, incluindo qualquer ficheiro anexo, pode conter informao confidencial, de acordo com nosso Sistema de Gesto de Segurana da Informao, sendo para uso exclusivo do destinatrio e estando proibida a sua divulgao, cpia ou distribuio a terceiros sem autorizao expressa do remetente da mesma. Se recebeu esta mensagem por engano, por favor avise de imediato o remetente e apague-a.
Obrigado pela sua colaborao.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]