Bug 1428711 - [IntService_public_324] ES pod is unable to read searchguard.truststore after upgarde logging from 3.3.1 to 3.5.0 #3616
Conversation
…guard.truststore after upgarde logging from 3.3.1 to 3.5.0 https://bugzilla.redhat.com/show_bug.cgi?id=1428711 The list of secrets for elasticsearch was missing searchguard.truststore
|
aos-ci-test |
|
@richm it doesn't pull from the current secret, but it does reuse the cert chain if it exists on the first master node. It should |
|
bc3042f - State: success - All Test Contexts: aos-ci-jenkins/OS_unit_tests - Logs: https://aos-ci.s3.amazonaws.com/openshift/openshift-ansible/jenkins-openshift-ansible-2-unit-tests-1093/bc3042fbb66f6a231056d665f2f82cdc6f6d4a3b.txt |
|
bc3042f - State: success - All Test Contexts: "aos-ci-jenkins/OS_3.4_NOT_containerized, aos-ci-jenkins/OS_3.4_NOT_containerized_e2e_tests" - Logs: https://aos-ci.s3.amazonaws.com/openshift/openshift-ansible/jenkins-openshift-ansible-3-test-matrix-CONTAINERIZED=_NOT_containerized,OSE_VER=3.4,PYTHON=System-CPython-2.7,TOPOLOGY=openshift-cluster,TargetBranch=master,nodes=openshift-ansible-slave-1097/bc3042fbb66f6a231056d665f2f82cdc6f6d4a3b.txt |
|
bc3042f - State: success - All Test Contexts: "aos-ci-jenkins/OS_3.4_containerized, aos-ci-jenkins/OS_3.4_containerized_e2e_tests" - Logs: https://aos-ci.s3.amazonaws.com/openshift/openshift-ansible/jenkins-openshift-ansible-3-test-matrix-CONTAINERIZED=_containerized,OSE_VER=3.4,PYTHON=System-CPython-2.7,TOPOLOGY=openshift-cluster-containerized,TargetBranch=master,nodes=openshift-ansible-slave-1097/bc3042fbb66f6a231056d665f2f82cdc6f6d4a3b.txt |
|
bc3042f - State: success - All Test Contexts: "aos-ci-jenkins/OS_3.5_NOT_containerized, aos-ci-jenkins/OS_3.5_NOT_containerized_e2e_tests" - Logs: https://aos-ci.s3.amazonaws.com/openshift/openshift-ansible/jenkins-openshift-ansible-3-test-matrix-CONTAINERIZED=_NOT_containerized,OSE_VER=3.5,PYTHON=System-CPython-2.7,TOPOLOGY=openshift-cluster,TargetBranch=master,nodes=openshift-ansible-slave-1097/bc3042fbb66f6a231056d665f2f82cdc6f6d4a3b.txt |
|
bc3042f - State: success - All Test Contexts: "aos-ci-jenkins/OS_3.5_containerized, aos-ci-jenkins/OS_3.5_containerized_e2e_tests" - Logs: https://aos-ci.s3.amazonaws.com/openshift/openshift-ansible/jenkins-openshift-ansible-3-test-matrix-CONTAINERIZED=_containerized,OSE_VER=3.5,PYTHON=System-CPython-2.7,TOPOLOGY=openshift-cluster-containerized,TargetBranch=master,nodes=openshift-ansible-slave-1097/bc3042fbb66f6a231056d665f2f82cdc6f6d4a3b.txt |
|
[merge] |
|
continuous-integration/openshift-jenkins/merge SUCCESS (https://ci.openshift.redhat.com/jenkins/job/test_pull_request_openshift_ansible_extended_conformance_install/12/) (Base Commit: 32d20e7) |
|
Evaluated for openshift ansible merge up to bc3042f |
|
[test]ing while waiting on the merge queue |
|
Evaluated for openshift ansible test up to bc3042f |
|
continuous-integration/openshift-jenkins/test SUCCESS (https://ci.openshift.redhat.com/jenkins/job/test_pull_request_openshift_ansible_extended_conformance_install/12/) (Base Commit: 32d20e7) |
https://bugzilla.redhat.com/show_bug.cgi?id=1428711
The list of secrets for elasticsearch was missing searchguard.truststore
@jcantrill @ewolinetz ptal
How does upgrading secrets work? Does it pull the existing secrets, write
them to {{generated_certs_dir}}/{{secretname}}, and re-use them?
Specifically in the case of this bz - where does the value of
searchguard.truststore come from? I think it should be the same as the
value of truststore. That is, when upgrading from 3.3 to 3.5, the ansible
code should pull the secret value of truststore, and use that value for
both truststore and searchguard.truststore. Is this how it works?