Re: okd web console custom SSL certificate

[mcom]

Hi,

You mean that using OpenShift 4.x it would be easier to change web
console certificates even if that would be installed from binaries?
Or it's just advise to use latest version + installation using ansible
playbooks?

> Hi,
>
> If you can I'd recommend OpenShift 4.x, however, if you want to stay
> on 3.11, then I'd recommend an ansible based install. It is much more
> configurable than oc cluster up.  
>
> There is an "all-in-one" inventory where it's just a single
> node. 
> https://github.com/openshift/openshift-ansible/blob/release-3.11/inventory/hosts.localhost
>
> That way you can let ansible install the certificates and configure
> the master-config for you, and it will be a lot more repeatable.
>
> Cheers,
>
> Joel
>
> On Tue, 24 Mar 2020 at 02:33, mcom  > wrote:
>
> Hello,
>
> Maybe you can give me some hint as I've just stucked with okd web
> console custom SSL certificate.I have all in one openshift cluster
> (ubuntu 18, downloaded
> 
> https://github.com/openshift/origin/releases/download/v3.11.0/openshift-origin-server-v3.11.0-0cbc58b-linux-64bit.tar.gz
> and started by oc cluster up --public-hostname="myip" ); I was
> trying to
> follow 
> 
> https://docs.openshift.com/container-platform/3.11/install_config/certificate_customization.html
> by making changes (in my case) in
> openshift.local.clusterup/kube-apiserver/master-config.yaml but so for
> with no luck (despite that it's not logical if I change
> certificate for
> API then it load my certificate but whole cluster cannot start
> which is
> logical as certificate doesn't include 127.0.0.1; when I change
> certificate for web console (which should be correct) nothing happen -
> cluster starts but with it's own self-generated certificate instead of
> my own); I don't have inventory file so I could run ansible playbooks
> but as far I'm concern working directly on master-config should be
> also
> possible (or maybe I'm wrong) - could you give me some hint (my OS is
> ubuntu - not centos so many documentation cannot be directly applied
> along with ansible playbooks as even paths are not the same)
>
> -- 
> MCOM Wojciech Matys
> Doradztwo IT & Rozwiazania Sieciowe
> tel. +48 604915987
> e-mail: m...@mcompany.pl 
>
> ___
> users mailing list
> users@lists.openshift.redhat.com
> 
> http://lists.openshift.redhat.com/openshiftmm/listinfo/users
>
>

-- 
MCOM Wojciech Matys
Doradztwo IT & Rozwiazania Sieciowe
tel. +48 604915987
e-mail: m...@mcompany.pl

___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Re: okd web console custom SSL certificate

[Damir Dezeljin]

Hello,

Apropos the *ansible install* vs *oc cluster up*.  Is there a way to
convert one to another?  I'm asking this as I ran in a web console cert
issue as well - I send a post about this a few days ago.  For now we're
living with CLI only and are planning to setup a new 4.x cluster.  Still,
fixing a web console would help enormously.

Actually, what I need is adding a custom CA cert to the web console as it
doesn't trust the API for the API - I tested this by opening an interactive
shell in the web console POD and used curl to confirm the issue I saw in
the logs.  This was working in the past, but it doesn't anymore and I don't
know why.
Also a dirty hack to open a root shell in the web console POD would work
for the time being - using  *kubectl exec*  I was able to open a user shell
only.

Thanks,
 Damir
___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Re: okd web console custom SSL certificate

[Joel Pearson]

Hi,

If you can I'd recommend OpenShift 4.x, however, if you want to stay on
3.11, then I'd recommend an ansible based install. It is much more
configurable than oc cluster up.

There is an "all-in-one" inventory where it's just a single node.
https://github.com/openshift/openshift-ansible/blob/release-3.11/inventory/hosts.localhost

That way you can let ansible install the certificates and configure the
master-config for you, and it will be a lot more repeatable.

Cheers,

Joel

On Tue, 24 Mar 2020 at 02:33, mcom  wrote:

> Hello,
>
> Maybe you can give me some hint as I've just stucked with okd web
> console custom SSL certificate.I have all in one openshift cluster
> (ubuntu 18, downloaded
>
> https://github.com/openshift/origin/releases/download/v3.11.0/openshift-origin-server-v3.11.0-0cbc58b-linux-64bit.tar.gz
> and started by oc cluster up --public-hostname="myip" ); I was trying to
> follow
>
> https://docs.openshift.com/container-platform/3.11/install_config/certificate_customization.html
> by making changes (in my case) in
> openshift.local.clusterup/kube-apiserver/master-config.yaml but so for
> with no luck (despite that it's not logical if I change certificate for
> API then it load my certificate but whole cluster cannot start which is
> logical as certificate doesn't include 127.0.0.1; when I change
> certificate for web console (which should be correct) nothing happen -
> cluster starts but with it's own self-generated certificate instead of
> my own); I don't have inventory file so I could run ansible playbooks
> but as far I'm concern working directly on master-config should be also
> possible (or maybe I'm wrong) - could you give me some hint (my OS is
> ubuntu - not centos so many documentation cannot be directly applied
> along with ansible playbooks as even paths are not the same)
>
> --
> MCOM Wojciech Matys
> Doradztwo IT & Rozwiazania Sieciowe
> tel. +48 604915987
> e-mail: m...@mcompany.pl
>
> ___
> users mailing list
> users@lists.openshift.redhat.com
> http://lists.openshift.redhat.com/openshiftmm/listinfo/users
>
>
___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

okd web console custom SSL certificate

[mcom]

Hello,

Maybe you can give me some hint as I've just stucked with okd web
console custom SSL certificate.I have all in one openshift cluster
(ubuntu 18, downloaded
https://github.com/openshift/origin/releases/download/v3.11.0/openshift-origin-server-v3.11.0-0cbc58b-linux-64bit.tar.gz
and started by oc cluster up --public-hostname="myip" ); I was trying to
follow 
https://docs.openshift.com/container-platform/3.11/install_config/certificate_customization.html
by making changes (in my case) in
openshift.local.clusterup/kube-apiserver/master-config.yaml but so for
with no luck (despite that it's not logical if I change certificate for
API then it load my certificate but whole cluster cannot start which is
logical as certificate doesn't include 127.0.0.1; when I change
certificate for web console (which should be correct) nothing happen -
cluster starts but with it's own self-generated certificate instead of
my own); I don't have inventory file so I could run ansible playbooks
but as far I'm concern working directly on master-config should be also
possible (or maybe I'm wrong) - could you give me some hint (my OS is
ubuntu - not centos so many documentation cannot be directly applied
along with ansible playbooks as even paths are not the same)

-- 
MCOM Wojciech Matys
Doradztwo IT & Rozwiazania Sieciowe
tel. +48 604915987
e-mail: m...@mcompany.pl

___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users