Hi Harald,
I've been struggling with this issue for couple of months now.
We have OpenShift deployed on AWS, an elastic load-balancer of type NLB
(network load balancer) is distributing the traffic over the three
master nodes. We have a firewall doing man-in-the-middle decryption on
the traff
Hi folks,
On 3/26/19 4:48 PM, Harald Dunkel wrote:
Problem is: I see all certificates in /etc/origin/master and
especially /etc/origin/master/named_certificates, but apparently
the web interface doesn't use it. openssl tells me:
% openssl s_client -connect okd01.example.com:8443
depth=1 CN = o
On 3/29/19 10:09 AM, Harald Dunkel wrote:
On 3/27/19 6:09 PM, Nikolas Philips wrote:
That's great to hear. So everything is now working for you?
Still testing, but I found the reason for a few arbitrary test
results I had by now: openshift can't handle IPv6. The cluster host
name has a DNS map
On 3/27/19 6:09 PM, Nikolas Philips wrote:
That's great to hear. So everything is now working for you?
Still testing, but I found the reason for a few arbitrary test
results I had by now: openshift can't handle IPv6. The cluster host
name has a DNS mapping for both IPv4 and IPv6.
Why does the
That's great to hear. So everything is now working for you?
The differences between cluster_hostname and public_hostname ist nicely
described in this reddit comment:
https://www.reddit.com/r/openshift/comments/8w7edz/openshift_master_cluster_hostname_vs_openshift/e1tbr1t?utm_source=share&utm_medium
Hi Nikolas,
Good news first: I have setup 2 new kvm hosts okd02a and okd02b,
created new certificates (using different key files, as you suggested),
derived a new inventory file from the old one, and gave it a try:
This time it worked. "openssl s_client" shows me the expected certificate
chains f
*Resending, as I forgot the User List as CC:*
Ok, I remember that I got this warning too and it seems to be unrelated to
the master API certificate.
As James already mentioned, maybe it's a problem that you set the public,
internal and subdomain var to the same hostname:
openshift_master_cluster
PS: The ansible problem has been resolved: It seems that systemd got
confused. After manually running "systemctl daemon-reload" the playbook
succeeded.
The certificate for okd01.aixigo.de is still bad. There were no
warnings for redeploy-certificates, except for
:
TASK [Evaluate oo_etcd_to_migra
Hi Niklas,
lets drop "example.com" and switch to the actual host and domain
names. Inventory file and master-config.yaml are attached.
On 3/26/19 5:29 PM, Nikolas Philips wrote:
Hi Harri,
as far as I can tell your inventory config looks ok.
Is in the certificate "/work/okd01/ssl/okd01.cert.pem"
Hi Harri,
as far as I can tell your inventory config looks ok.
Is in the certificate "/work/okd01/ssl/okd01.cert.pem" the hostname/CN "
okd01.example.com" listed? For example '*.okd01.example.com' wouldn't work.
I remember having a similar issue...
Did you get any warnings while running the redeplo
On Tue, Mar 26, 2019, at 11:49 AM, Harald Dunkel wrote:
> Hi folks,
>
> I am running okd 3.11 on Centos 7.6. The inventory file registers
> 2 certificate chains (based upon a common, private CA), as described on
> https://docs.openshift.com/container-platform/3.11/install_config/certificate_custom
Hi folks,
I am running okd 3.11 on Centos 7.6. The inventory file registers
2 certificate chains (based upon a common, private CA), as described on
https://docs.openshift.com/container-platform/3.11/install_config/certificate_customization.html
:
openshift_master_overwrite_named_certificates=tru
12 matches
Mail list logo
