Hey Julio,
Setting openshift_ip as a host level variable within inventory will
override the IP that is selected by default for etcd hosts (IP of the
default route).
playbooks/byo/openshift-cluster/redeploy-etcd-certificates.yml can be used
to replace the etcd certificates with the overridden IP va
more clues
etcd nodes have two ips, public an private
for some reason open shift is creating the certificates using de public ip
instead of private
so connecting to etcd gives me and error saying certificate is generated to
this IP and not to that IP
so it fails for that reason after re gener
more info
i managed to connect with curl to the etcd server and queried about controller
keys
{"action":"get","node":{"key":"/openshift.io/leases/controllers","value":"master-lyy7bxfg","expiration":"2017-05-31T10:26:28.833756573Z","ttl":-1128220,"modifiedIndex":20547532,"createdIndex":18120566}
sorry about wget
connecting to etcd nodes using openssl and passing client certs looks good
openssl s_client -cert master.etcd-client.crt -key master.etcd-client.key
-connect etcd-node1:2379 -debug
connects without problem
but api service does not
Jun 13 15:25:04 openshift-master01 origin-m
Hello
i have a problem in a 1.2.0 cluster with etcd ca and certificates, mainly they
did expire
i followed the doc regarding this and after update my openshift-ansible i got
the needed playbook
after running em i see etcd certs and ca are updated on my nodes, and dumping
them with openssl loo