Magnum

  1. Series rocky
  2. Bug #1751027
  3. Activity log

Activity log for bug #1751027

Date Who What changed Old value New value Message
2018-02-22 11:17:55 Jack Ivanov bug added bug
2018-02-22 11:18:32 Jack Ivanov description Hello, Faced the issue during the provisioning of a k8s cluster. In case of provisioning a k8s cluster only in a private network without floating IPs, it appears impossible to generate the certificates because of a bug in make-cert.sh https://github.com/openstack/magnum/blob/master/magnum/drivers/common/templates/kubernetes/fragments/make-cert.sh#L33-L35 public-ipv4 is not available in the metadata if no floating ip attached. As the outcome we got openssl command failed, because of the empty value for an IP statement in the subjectAltName + openssl req -new -days 1000 -key /etc/kubernetes/certs/server.key -out /etc/kubernetes/certs/server.csr -reqexts req_ext -config /etc/kubernetes/certs/server.conf Error Loading request extension section req_ext 139869997266808:error:2206D06D:X509 V3 routines:X509V3_parse_list:invalid null value:v3_utl.c:336: 139869997266808:error:22097069:X509 V3 routines:DO_EXT_NCONF:invalid extension string:v3_conf.c:140:name=subjectAltName,section=IP:,IP:10.10.10.16,IP:127.0.0.1,IP:10.254.0.1,DNS:kubernetes,DNS:kubernetes.default,DNS:kubernetes.default.svc,DNS:kubernetes.default.svc.cluster.local 139869997266808:error:22098080:X509 V3 routines:X509V3_EXT_nconf:error in extension:v3_conf.c:95:name=subjectAltName, value=IP:,IP:10.10.10.16,IP:127.0.0.1,IP:10.254.0.1,DNS:kubernetes,DNS:kubernetes.default,DNS:kubernetes.default.svc,DNS:kubernetes.default.svc.cluster.local We should add a condition for this statement. Hello, Faced the issue during the provisioning of a k8s cluster. In case of provisioning a k8s cluster only in a private network without floating IPs, it appears impossible to generate the certificates because of a bug in make-cert.sh https://github.com/openstack/magnum/blob/master/magnum/drivers/common/templates/kubernetes/fragments/make-cert.sh#L33-L35 public-ipv4 is not available in the metadata if no floating ip attached. As the outcome we got openssl command failed, because of the empty value for an IP statement in the subjectAltName https://github.com/openstack/magnum/blob/master/magnum/drivers/common/templates/kubernetes/fragments/make-cert.sh#L40 + openssl req -new -days 1000 -key /etc/kubernetes/certs/server.key -out /etc/kubernetes/certs/server.csr -reqexts req_ext -config /etc/kubernetes/certs/server.conf Error Loading request extension section req_ext 139869997266808:error:2206D06D:X509 V3 routines:X509V3_parse_list:invalid null value:v3_utl.c:336: 139869997266808:error:22097069:X509 V3 routines:DO_EXT_NCONF:invalid extension string:v3_conf.c:140:name=subjectAltName,section=IP:,IP:10.10.10.16,IP:127.0.0.1,IP:10.254.0.1,DNS:kubernetes,DNS:kubernetes.default,DNS:kubernetes.default.svc,DNS:kubernetes.default.svc.cluster.local 139869997266808:error:22098080:X509 V3 routines:X509V3_EXT_nconf:error in extension:v3_conf.c:95:name=subjectAltName, value=IP:,IP:10.10.10.16,IP:127.0.0.1,IP:10.254.0.1,DNS:kubernetes,DNS:kubernetes.default,DNS:kubernetes.default.svc,DNS:kubernetes.default.svc.cluster.local We should add a condition for this statement.
2018-03-25 17:44:23 Spyros Trigazis magnum: status New Triaged
2018-03-25 17:44:31 Spyros Trigazis nominated for series magnum/queens
2018-03-25 17:44:31 Spyros Trigazis bug task added magnum/queens
2018-03-25 17:44:31 Spyros Trigazis nominated for series magnum/rocky
2018-03-25 17:44:31 Spyros Trigazis bug task added magnum/rocky
2018-03-25 17:44:42 Spyros Trigazis magnum/queens: status New Triaged
2018-06-26 07:06:51 OpenStack Infra magnum: status Triaged In Progress
2018-06-26 07:06:51 OpenStack Infra magnum: assignee Kien Nguyen (kiennt2609)