more info
i managed to connect with curl to the etcd server and queried about controller
keys
{"action":"get","node":{"key":"/openshift.io/leases/controllers","value":"master-lyy7bxfg","expiration":"2017-05-31T10:26:28.833756573Z","ttl":-1128220,"modifiedIndex":20547532,"createdIndex":18120566}
looks that what is expired is the key on the etcd BBDD..
how can i solve this?
best regards
> El 13 jun 2017, a las 13:46, Julio Saura <jsa...@hiberus.com> escribió:
>
> sorry about wget
>
> connecting to etcd nodes using openssl and passing client certs looks good
>
> openssl s_client -cert master.etcd-client.crt -key master.etcd-client.key
> -connect etcd-node1:2379 -debug
>
> connects without problem
>
> but api service does not
>
>
> Jun 13 15:25:04 openshift-master01 origin-master-controllers: E0613
> 15:25:04.997861 2391 leaderlease.go:69] unable to check lease
> openshift.io/leases/controllers: <http://openshift.io/leases/controllers:>
> 501: All the given peers are not reachable (failed to propose on members
> [https://etcd-node02l:2379 https:/etcd-node01:2379 <https://etcd-node02l:2379
> https:/etcd-node01:2379>] twice [last error: Put
> https://etcd-node02:2379/v2/keys/openshift.io/leases/controllers?prevExist=false:
>
> <https://etcd-node02:2379/v2/keys/openshift.io/leases/controllers?prevExist=false:>
> remote error: bad certificate
>
>
> Julio Saura Alejandre
> Responsable Servicios Gestionados
> hiberus TRAVEL
> Tel.: + 34 902 87 73 92 Ext. 659
> Parque Empresarial PLAZA
> Edificio EXPOINNOVACIÓN
> C/. Bari 25 Duplicado, Escalera 1, Planta 2ª. 50197 Zaragoza
> www.hiberus.com <http://www.hiberus.com/>
> Crecemos contigo
>
> Este mensaje se envía desde la plataforma de correo de Hiberus Este mensaje y
> los documentos que, en su caso, lleve anexos, se dirigen exclusivamente a su
> destinatario y pueden contener información privilegiada o confidencial. Si tú
> no eres el destinatario indicado, queda notificado de que la utilización,
> divulgación y/o copia sin autorización está prohibida en virtud de la
> legislación vigente. Por ello, se informa a quien lo reciba por error, que la
> información contenida en el mismo es reservada y su uso no autorizado está
> prohibido legalmente, por lo que en tal caso te rogamos que nos lo comuniques
> vía e-mail o teléfono, te abstengas de realizar copias del mensaje o
> remitirlo o entregarlo a terceras personas y procedas a devolverlo a su
> emisor y/o destruirlo de inmediato.
>
>> El 13 jun 2017, a las 13:28, Julio Saura <jsa...@hiberus.com
>> <mailto:jsa...@hiberus.com>> escribió:
>>
>> Hello
>>
>> i have a problem in a 1.2.0 cluster with etcd ca and certificates, mainly
>> they did expire
>>
>> i followed the doc regarding this and after update my openshift-ansible i
>> got the needed playbook
>>
>> after running em i see etcd certs and ca are updated on my nodes, and
>> dumping them with openssl looks good.
>>
>> ansible-playbook -v -i /etc/ansible/hosts
>> ./playbooks/byo/openshift-cluster/redeploy-certificates.yml
>>
>> i see the ca and certs have been updates nicely on my etcd nodes, they do
>> start but i still get bad certificate when api/master tries to connect to
>> ectd
>>
>> i did check connecting with wget for example but it says bad certificate
>>
>> OpenSSL: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad
>> certificate
>>
>> any clue? my cluster is down right now :/
>>
>> best regards
>>
>
_______________________________________________
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users
