[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

missing /etc/etcd/ca/openssl.cnf on extra etcd nodes



Hi!

Posting my issue here, which I posted on github a week ago (https://github.com/openshift/openshift-ansible/issues/9018)

For my first try at openshift, I'm trying a 3 node install, 3 nodes that combine master, etc, and nodes roles, and consistently get an error when deploying the etcd certificates:

TASK [etcd : Create the server csr] *********************************************************************************************************************************************************************************
Thursday 28 June 2018  15:16:16 +0200 (0:00:00.940)       0:01:01.306 *********
changed: [oso1 -> {{ inventory_hostname }}]
fatal: [oso2 -> {{ inventory_hostname }}]: FAILED! => {"changed": true, "cmd": ["openssl", "req", "-new", "-keyout", "server.key", "-config", "/etc/etcd/ca/openssl.cnf", "-out", "server.csr", "-reqexts", "etcd_v3_req", "-batch", "-nodes", "-subj", "/CN=oso2"], "delta": "0:00:00.007129", "end": "2018-06-28 13:16:17.019700", "msg": "non-zero return code", "rc": 1, "start": "2018-06-28 13:16:17.012571", "stderr": "error on line -1 of /etc/etcd/ca/openssl.cnf\n140377274333072:error:02001002:system library:fopen:No such file or directory:bss_file.c:175:fopen('/etc/etcd/ca/openssl.cnf','rb')\n140377274333072:error:2006D080:BIO routines:BIO_new_file:no such file:bss_file.c:182:\n140377274333072:error:0E078072:configuration file routines:DEF_LOAD:no such file:conf_def.c:195:", "stderr_lines": ["error on line -1 of /etc/etcd/ca/openssl.cnf", "140377274333072:error:02001002:system library:fopen:No such file or directory:bss_file.c:175:fopen('/etc/etcd/ca/openssl.cnf','rb')", "140377274333072:error:2006D080:BIO routines:BIO_new_file:no such file:bss_file.c:182:", "140377274333072:error:0E078072:configuration file routines:DEF_LOAD:no such file:conf_def.c:195:"], "stdout": "", "stdout_lines": []}
fatal: [oso3 -> {{ inventory_hostname }}]: FAILED! => {"changed": true, "cmd": ["openssl", "req", "-new", "-keyout", "server.key", "-config", "/etc/etcd/ca/openssl.cnf", "-out", "server.csr", "-reqexts", "etcd_v3_req", "-batch", "-nodes", "-subj", "/CN=oso3"], "delta": "0:00:00.015550", "end": "2018-06-28 13:16:17.053198", "msg": "non-zero return code", "rc": 1, "start": "2018-06-28 13:16:17.037648", "stderr": "error on line -1 of /etc/etcd/ca/openssl.cnf\n139793236567952:error:02001002:system library:fopen:No such file or directory:bss_file.c:175:fopen('/etc/etcd/ca/openssl.cnf','rb')\n139793236567952:error:2006D080:BIO routines:BIO_new_file:no such file:bss_file.c:182:\n139793236567952:error:0E078072:configuration file routines:DEF_LOAD:no such file:conf_def.c:195:", "stderr_lines": ["error on line -1 of /etc/etcd/ca/openssl.cnf", "139793236567952:error:02001002:system library:fopen:No such file or directory:bss_file.c:175:fopen('/etc/etcd/ca/openssl.cnf','rb')", "139793236567952:error:2006D080:BIO routines:BIO_new_file:no such file:bss_file.c:182:", "139793236567952:error:0E078072:configuration file routines:DEF_LOAD:no such file:conf_def.c:195:"], "stdout": "", "stdout_lines": []}


The part where that openssl.cnf file is created, indeed only happened before that on the first node:

TASK [etcd : template] **********************************************************************************************************************************************************************************************
Thursday 28 June 2018  15:16:00 +0200 (0:00:00.768)       0:00:45.234 ********* 
ok: [oso1.do.ginsys.net -> {{ inventory_hostname }}]

TASK [etcd : assemble] **********************************************************************************************************************************************************************************************
Thursday 28 June 2018  15:16:01 +0200 (0:00:01.360)       0:00:46.594 ********* 
ok: [oso1.do.ginsys.net -> {{ inventory_hostname }}]

As far as i can tell, this looks like a bug, but I can't imagine this wouldn't have been detected earlier.
Perhaps I'm trying an unsupported configuration, or am I missing something?


Serge van Ginderachter


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]