I tend to use the ansible installer instead of `oc cluster up`, but, have you tried following the documented procedures [0][1] and specifically, the one for the masters [2]? May have to add a CA run as well [3].
[0] https://docs.openshift.org/latest/install_config/certificate_customization.html [1] https://docs.openshift.org/latest/install_config/redeploying_certificates.html [2] https://docs.openshift.org/latest/install_config/redeploying_certificates.html#redeploying-master-certificates [3] https://docs.openshift.org/latest/install_config/redeploying_certificates.html#redeploying-new-custom-ca ___________________________________________________ LOUIS P. SANTILLAN SENIOR CONSULTANT, OPENSHIFT, MIDDLEWARE & DEVOPS Red Hat Consulting, NA US WEST <https://www.redhat.com/> [email protected] M: 3236334854 <https://red.ht/sig> TRIED. TESTED. TRUSTED. <https://redhat.com/trusted> On Fri, Jul 28, 2017 at 6:28 AM, Tim Dudgeon <[email protected]> wrote: > So I found the reason whey the server wasn't starting - the certs need to > be copied to the directory where the configurations are. I was pointing to > them from a different location. > > But I'm still not able to get the custom certs working. > If I define them in the assetConfig.ServingInfo section then the server > starts, but the web console doesn't use them. > If I define them in the servingInfo section (just change the certFile, > clientCA and keyFile props) then the server doesn't start. > > Is there a description of what all these certificates are used for and how > to use custom certificates anywhere? > > Tim > > > > On 28/07/2017 13:30, Cesar Wong wrote: > >> Hi Tim, >> >> You may want to enable additional logging by running 'oc cluster up >> --loglevel=5 --server-loglevel=5 >> >> If the origin container can't start, there's something wrong with the >> master-config.yaml (could be as simple as a formatting issue) >> >> On Jul 28, 2017, at 6:17 AM, Tim Dudgeon <[email protected]> wrote: >>> >>> I'm trying to work out how to deploy custom certificates so that the OS >>> console doesn't complain about untrested certs. >>> I've obtained certificates using Let's Encrypt, so have the following >>> files: >>> cert.pem chain.pem fullchaim.pem privkey.pem >>> >>> Now I try to update my master-config.yaml to use these. >>> I was thinking that the minimum needed would be to edit: >>> >>> assetConfig.ServingInfo.certFile to point to fullchain.pem >>> >>> assetConfig.ServingInfo.keyFile to point to privkey.pem >>> >>> and leave assetConfig.ServingInfo.clientCA as empty. >>> >>> I made no other changes. >>> >>> Unfortunately this does not work. oc cluster up fails badly without >>> saying much that is useful: >>> >>> >>> Starting OpenShift using openshift/origin:v3.6.0-rc.0 ... >>> -- Checking OpenShift client ... OK >>> -- Checking Docker client ... OK >>> -- Checking Docker version ... OK >>> -- Checking for existing OpenShift container ... >>> Deleted existing OpenShift container >>> -- Checking for openshift/origin:v3.6.0-rc.0 image ... OK >>> -- Checking Docker daemon configuration ... OK >>> -- Checking for available ports ... OK >>> -- Checking type of volume mount ... >>> Using nsenter mounter for OpenShift volumes >>> -- Creating host directories ... OK >>> -- Finding server IP ... >>> Using 127.0.0.1 as the server IP >>> -- Starting OpenShift container ... >>> Starting OpenShift using container 'origin' >>> FAIL >>> Error: could not start OpenShift container "origin" >>> Details: >>> No log available from "origin" container >>> >>> Any pointers to how to do this correctly? >>> >>> Thanks >>> Tim >>> >>> _______________________________________________ >>> users mailing list >>> [email protected] >>> http://lists.openshift.redhat.com/openshiftmm/listinfo/users >>> >> > _______________________________________________ > users mailing list > [email protected] > http://lists.openshift.redhat.com/openshiftmm/listinfo/users >
_______________________________________________ users mailing list [email protected] http://lists.openshift.redhat.com/openshiftmm/listinfo/users
