Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Certificate validation issues when provisioning with version > v1.10.18 of this cookbook #32
As promised in #29 (comment) , here is the bug report for the issue I'm having with this cookbook since v1.10.19. This is becoming critical, since I now have to chose between staying on v1.10.18 (and backporting my fixes by hand) and enjoying the new features added since v1.10.20.
I have a Vagrantfile featuring several VMs (master and minion); the ipaddress of the openshift master and nodes are stored in role attributes as needed by this cookbook (see demo project Vagrantfile below). Before v1.10.18, I could provision just fine (even if the first run would fail because origin-master service not restarted yet after configuring, a second chef-run finishes the job). Since v1.10.19, I run into certificate validation issues which makes the origin-node service on the master VM fail forever with the following message in the journal:
The origin-master journal is spammed with messages like this:
This problem is 100% reproducible. I have prepared a demo project to reproduce the issue here: https://github.com/PerfectMemory/origin-provision-bug-demo .. Just git clone and then run
I also included a full log of
Thank you in advance.
Thanks very much @jperville
In addition to the fix we put in 1.10.22, I do believe your main issues were wrong run_list + bad options
Thanks for investigating my issue @IshentRas .
After merging your PR, I tried to provision my VM and still ran into the certificate issue, then I found a suspicious line in my squid log (TCP_REFRESH_FAIL_OLD for http://192.168.33.220:9999/node/generated-configs/master.tgz ) which made me add 192.168.33.220 to
After making sure that chef is not passing through the proxy to talk to the master VM, I was able to provision both master and minions, without having to manually restart the chef-run in between.
Thank you very much again for the quick and efficient troubleshooting.