openshift-ansible install on openstack-ansible stack: cannot validate certificate because it doesn't contain any IP SANs
cake99 opened this issue · 8 comments
Description
Provide a brief description of your issue here. For example:
I have installed a openstack cloud with the help of openstack-ansible. Everything is running like it should.
The install creates a self-sign certificate while using the external IP as IP SANs.
While trying to install openshift with openshift-ansible, the installer complains about the lack of SANs in the certificate
I don't know how to get pass that error.
Version
ansible 2.10.5
config file = None
configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /openstack/venv/lib64/python3.6/site-packages/ansible
executable location = /openstack/venv/bin/ansible
python version = 3.6.8 (default, Aug 24 2020, 17:57:11) [GCC 8.3.1 20191121 (Red Hat 8.3.1-5)]
If you're operating from a git clone:
- unreleased-master-4119-g8a70e974b
Steps To Reproduce
- configure the initial dir with the openstack config and auth (successful)
- running with a configured config file (bin/openshift-install --dir=initial create cluster)
Expected Results
Should continue with the install.
(venv) (venv) [root@osmgmt openshift-installer]# bin/openshift-install --dir=initial create cluster INFO Creating infrastructure resources... ERROR ERROR Error: Unable to query images: Get "https://[external IP]:9292/v2/images?name=oc1-4kxjd-rhcos&sort_dir=asc&sort_key=name&status=active": OpenStack connection error, retries exhausted. Aborting. Last error was: x509: cannot validate certificate for [external IP] because it doesn't contain any IP SANs ERROR ERROR on ../../tmp/openshift-install-036080045/main.tf line 87, in data "openstack_images_image_v2" "base_image": ERROR 87: data "openstack_images_image_v2" "base_image" { ERROR ERROR ERROR ERROR Error: Unable to query OpenStack flavors: Get "https://[external IP]:8774/v2.1/flavors/detail?is_public=None": OpenStack connection error, retries exhausted. Aborting. Last error was: x509: cannot validate certificate for [external IP] because it doesn't contain any IP SANs ... ERROR Failed to read tfstate: open /tmp/openshift-install-036080045/terraform.tfstate: no such file or directory FATAL failed to fetch Cluster: failed to generate asset "Cluster": failed to create cluster: failed to apply Terraform: failed to complete the change
Observed Results
The command returns that it doesn't see the list of SANs, but the certificate clearly shows the SANs configured:
---
Server certificate
subject=C = US, ST = Texas, L = San Antonio, O = IT, CN = [external IP], subjectAltName = IP.1=[external IP]
issuer=C = US, ST = Texas, L = San Antonio, O = IT, CN = [external IP], subjectAltName = IP.1=[external IP]
Additional Information
- Management machine (running openshift-ansible): centos 8
- Openstack servers: Ubuntu 20.04.1 LTS
clouds.yaml:
clouds:
shiftstack:
cacert: "/etc/pki/ca-trust/source/anchors/ca-certificates.crt"
auth:
auth_url: http://[internal IP]:5000/v3
project_name: shiftstack
username: ***
password: ***
user_domain_name: Default
project_domain_name: Default
verify: false
Issues go stale after 90d of inactivity.
Mark the issue as fresh by commenting /remove-lifecycle stale
.
Stale issues rot after an additional 30d of inactivity and eventually close.
Exclude this issue from closing by commenting /lifecycle frozen
.
If this issue is safe to close now please do so with /close
.
/lifecycle stale
Stale issues rot after 30d of inactivity.
Mark the issue as fresh by commenting /remove-lifecycle rotten
.
Rotten issues close after an additional 30d of inactivity.
Exclude this issue from closing by commenting /lifecycle frozen
.
If this issue is safe to close now please do so with /close
.
/lifecycle rotten
/remove-lifecycle stale
I still have the issue. Seems like I'm the only one installing openshift-ansible on top of openstack-ansible.
/remove-lifecycle rotten
Issues go stale after 90d of inactivity.
Mark the issue as fresh by commenting /remove-lifecycle stale
.
Stale issues rot after an additional 30d of inactivity and eventually close.
Exclude this issue from closing by commenting /lifecycle frozen
.
If this issue is safe to close now please do so with /close
.
/lifecycle stale
Stale issues rot after 30d of inactivity.
Mark the issue as fresh by commenting /remove-lifecycle rotten
.
Rotten issues close after an additional 30d of inactivity.
Exclude this issue from closing by commenting /lifecycle frozen
.
If this issue is safe to close now please do so with /close
.
/lifecycle rotten
/remove-lifecycle stale
Rotten issues close after 30d of inactivity.
Reopen the issue by commenting /reopen
.
Mark the issue as fresh by commenting /remove-lifecycle rotten
.
Exclude this issue from closing again by commenting /lifecycle frozen
.
/close
@openshift-bot: Closing this issue.
In response to this:
Rotten issues close after 30d of inactivity.
Reopen the issue by commenting
/reopen
.
Mark the issue as fresh by commenting/remove-lifecycle rotten
.
Exclude this issue from closing again by commenting/lifecycle frozen
./close
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.