multi master cluster creation fails with ETCD LB
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Magnum |
Fix Released
|
Undecided
|
Kevin Lefevre |
Bug Description
For Kubernetes, when using TLS (which is not the case in Jenkins I think, also we are not testing multi master). Both Kubernetes Load balancer and ETCD LB must be set to TCP.
curl -v --cacert /srv/kubernetes
* Trying 10.0.0.4...
* TCP_NODELAY set
* Connected to 10.0.0.4 (10.0.0.4) port 2379 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* CAfile: /srv/kubernetes
CApath: none
* NSS error -12263 (SSL_ERROR_
* SSL received a record that exceeded the maximum permissible length.
* Curl_http_done: called premature == 1
* stopped the pause stream!
* Closing connection 0
curl: (35) SSL received a record that exceeded the maximum permissible length.
This is not the case for ETCD which is hardcoded in TCP. I already proposed a fix https:/
But there is another issue during TLS certs generation because we are not adding the IP of the Neutron LB to the ALT-NAME when generating certs.
Changed in magnum: | |
assignee: | nobody → Kevin Lefevre (archifleks) |
status: | New → In Progress |
Reviewed: https:/ /review. openstack. org/450841 /git.openstack. org/cgit/ openstack/ magnum/ commit/ ?id=ecfe6ac183e ffaafa110b3c635 9c6c9c697647f7
Committed: https:/
Submitter: Jenkins
Branch: master
commit ecfe6ac183effaa fa110b3c6359c6c 9c697647f7
Author: ArchiFleKs <email address hidden>
Date: Tue Mar 28 17:16:05 2017 +0200
Fix CoreOS multi master with LB cluster creation
Cluster that uses ETCD like swarm and K8s failed with LB and TLS enable
because ETCD LB protocol is HTTP but SSL termination in on the ETCD
node. ETCD LB protocol should be the same as K8s with TLS enable
Partial-Bug: #1679724
Change-Id: Ie8c8a7e4609c0e 2e63095d4c18af8 4cc653654e1