Setting host level vars for openshift_ip and openshift_public_ip ensures that both get added to master certificate subject alt names. 149.xx.xx.xx is automatically being used as the internal and public IP since it's likely the default route.
[masters] 172.16.0.xx openshift_ip='172.16.xx.xx' openshift_public_ip='148.xx.xx.xx' If you intend to refer to the cluster using only these IP addresses I'd recommend setting openshift_master_cluster_hostname and openshift_master_cluster_public_hostname. We may stop adding master IP addresses to certificate SANs unless they're explicitly set as the cluster hostnames since IP addresses can change frequently in cloud environments or otherwise. [OSEv3:vars] ... openshift_master_cluster_hostname='172.16.xx.xx' openshift_master_cluster_public_hostname='148.xx.xx.xx' On Mon, Jun 20, 2016 at 5:04 PM, Den Cowboy <[email protected]> wrote: > I've 2 Centos instances. They both have a public IP on eth0 (148.xx.xx.xx) > and both have an internal IP (172.16.xx.xx) on eth1. > I'm able to create my cluster with my private IP inside my > /etc/ansible/hosts file. > > But when I try to login internally: > oc login https://172.xx.xx:8443 > Unable to connect to the server: x509: certificate is valid for > 149.xx.xx.xx, 172.30.0.1, not 172.16.xxxx > I'm only able to authenticate with my public IP. What am I doing wrong? > > This is my /etc/ansible/hosts file > # Create an OSEv3 group that contains the masters, nodes, and etcd groups > [OSEv3:children] > masters > nodes > etcd > > # Set variables common for all OSEv3 hosts > [OSEv3:vars] > ansible_ssh_user=root > deployment_type=origin > > > # uncomment the following to enable htpasswd authentication; defaults to > DenyAllPasswordIdentityProvider > openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': > 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider', > 'filename': '/etc/origin/master/htpasswd'}] > > # host group for masters > [masters] > 172.16.0.xx > > # host group for etcd > [etcd] > > # host group for nodes, includes region info > [nodes] > 172.16.0.ww openshift_node_labels="{'region': 'primary', 'zone': 'east'}" > > > Thanks > > _______________________________________________ > users mailing list > [email protected] > http://lists.openshift.redhat.com/openshiftmm/listinfo/users > >
_______________________________________________ users mailing list [email protected] http://lists.openshift.redhat.com/openshiftmm/listinfo/users
