Hi Clayton, Thank you for your reply.
The link that you indicate is for a later version that I have. My version is 1.1.1.1 The version of ansible that I use to deploy does not have the “openshift_certificate_expiry” role. There is not “redeploy-certificates.yml” playbook. Could I use the current version of openshift-ansible [1] with my openshift version? Moreover, I have been researching and I've seen this link [2]. The solution seems to be the following: “move expired certificates to another location and then re-run the ansible playbook”. Is it safe to do this? [1] – https://github.com/openshift/openshift-ansible [2] – https://github.com/openshift/openshift-ansible/issues/1260 Best regards. De: Clayton Coleman [mailto:[email protected]] Enviado el: jueves, 16 de marzo de 2017 14:08 Para: Francisco Pérez Fernández CC: [email protected] Asunto: Re: openshift-master fails to start with ssl errors This should cover the rekey scenario, you may have to limit to the master https://docs.openshift.com/container-platform/3.3/install_config/redeploying_certificates.html On Mar 16, 2017, at 5:33 AM, Francisco Pérez Fernández <[email protected]<mailto:[email protected]>> wrote: Hi, My OpenShift cluster is down, on attempting to restart the master I got the following errors (see screenshot "openshift-master.log"). I note the etcd master cert is expired: [root@openshift-master1]# for i in /etc/origin/master/*.crt;do echo $i; openssl x509 -in $i -noout -enddate; done /etc/origin/master/admin.crt notAfter=Feb 7 13:52:14 2018 GMT /etc/origin/master/ca.crt notAfter=Feb 6 13:52:12 2021 GMT /etc/origin/master/etcd.server.crt notAfter=Feb 7 13:52:13 2018 GMT /etc/origin/master/master.etcd-ca.crt notAfter=Feb 7 13:50:29 2017 GMT /etc/origin/master/master.etcd-client.crt notAfter=Feb 7 13:51:41 2017 GMT /etc/origin/master/master.kubelet-client.crt notAfter=Feb 7 13:52:12 2018 GMT /etc/origin/master/master.proxy-client.crt notAfter=Feb 7 13:52:13 2018 GMT /etc/origin/master/master.server.crt notAfter=Feb 7 13:52:13 2018 GMT /etc/origin/master/openshift-master.crt notAfter=Feb 7 13:52:13 2018 GMT /etc/origin/master/openshift-registry.crt notAfter=Feb 7 13:52:16 2018 GMT /etc/origin/master/openshift-router.crt notAfter=Feb 7 13:52:15 2018 GMT How can I regenerate this certificate without affecting others? Our Openshift infrastructure is: - 1 load balancer: openshift-lb - 2 master: openshift-master1 and openshift-master2 - 2 nodes: openshift-node1 and openshift-node2 - Version: 1.1.1.1 I do not know if this question has been solved before, since searching in the list is not easy :) Thank you so much. Best regards. P Please consider the environment before printing this e-mail. ________________________________ This message including any attachments may contain confidential information, according to our Information Security Management System, and intended solely for a specific individual to whom they are addressed. Any unauthorised copy, disclosure or distribution of this message is strictly forbidden. If you have received this transmission in error, please notify the sender immediately and delete it. Thank you. ________________________________ Este mensaje, y en su caso, cualquier fichero anexo al mismo, puede contener información clasificada por su emisor como confidencial en el marco de su Sistema de Gestión de Seguridad de la Información siendo para uso exclusivo del destinatario, quedando prohibida su divulgación copia o distribución a terceros sin la autorización expresa del remitente. Si Vd. ha recibido este mensaje erróneamente, se ruega lo notifique al remitente y proceda a su borrado. Gracias por su colaboración. ________________________________ Esta mensagem, incluindo qualquer ficheiro anexo, pode conter informação confidencial, de acordo com nosso Sistema de Gestão de Segurança da Informação, sendo para uso exclusivo do destinatário e estando proibida a sua divulgação, cópia ou distribuição a terceiros sem autorização expressa do remetente da mesma. Se recebeu esta mensagem por engano, por favor avise de imediato o remetente e apague-a. Obrigado pela sua colaboração. ________________________________ <openshift-master.log> _______________________________________________ users mailing list [email protected]<mailto:[email protected]> http://lists.openshift.redhat.com/openshiftmm/listinfo/users P Please consider the environment before printing this e-mail. ______________________ This message including any attachments may contain confidential information, according to our Information Security Management System, and intended solely for a specific individual to whom they are addressed. Any unauthorised copy, disclosure or distribution of this message is strictly forbidden. If you have received this transmission in error, please notify the sender immediately and delete it. ______________________ Este mensaje, y en su caso, cualquier fichero anexo al mismo, puede contener informacion clasificada por su emisor como confidencial en el marco de su Sistema de Gestion de Seguridad de la Informacion siendo para uso exclusivo del destinatario, quedando prohibida su divulgacion copia o distribucion a terceros sin la autorizacion expresa del remitente. Si Vd. ha recibido este mensaje erroneamente, se ruega lo notifique al remitente y proceda a su borrado. Gracias por su colaboracion. ______________________
_______________________________________________ users mailing list [email protected] http://lists.openshift.redhat.com/openshiftmm/listinfo/users
