[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Cannot retrieve ignition config from machine-config-server - expired certs



On Mon, Sep 30, 2019 at 4:50 PM Jon Stanley wrote:
> Attached the logs.

./bootstrap/journals/bootkube.log has loops like:

Sep 30 23:32:55 localhost.localdomain bootkube.sh[1605]:
https://etcd-1.openshift4poc.example.local:2379 is unhealthy: failed
to connect: dial tcp 172.16.1.11:2379: connect: no route to host
Sep 30 23:32:55 localhost.localdomain bootkube.sh[1605]:
https://etcd-2.openshift4poc.example.local:2379 is unhealthy: failed
to connect: dial tcp 172.16.1.13:2379: connect: no route to host
Sep 30 23:32:55 localhost.localdomain bootkube.sh[1605]:
https://etcd-0.openshift4poc.example.local:2379 is unhealthy: failed
to connect: dial tcp 172.16.1.10:2379: connect: connection refused
Sep 30 23:32:55 localhost.localdomain bootkube.sh[1605]: Error:
unhealthy cluster
Sep 30 23:32:56 localhost.localdomain bootkube.sh[1605]: etcdctl
failed. Retrying in 5 seconds...

so you never formed an etcd cluster.  ./control-plane/ has no
meaningful content, so we were unable to SSH in and gather logs on
that side.  ./bootstrap/containers/machine-config-server-dc163e7947214728da3d0d83183e525d87121ebbab42650c472406a4ef68677b.log
has lots of:

2019/09/30 22:55:31 http: TLS handshake error from 172.16.1.2:37280:
remote error: tls: bad certificate

so we can see the TLS issues you're reporting in the server logs.
Checking the cert:

$ openssl x509 -in
./rendered-assets/openshift/tls/machine-config-server.crt -noout -text
| grep 'Validity\|Not Before\|Not After\|example.local'
        Validity
            Not Before: Sep 30 22:46:23 2019 GMT
            Not After : Sep 27 22:46:24 2029 GMT
        Subject: CN=api-int.openshift4poc.example.local
                DNS:api-int.openshift4poc.example.local

So everything looks reasonable on this side.  Grab the console logs
from the control-plane machines?

Cheers,
Trevor


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]