Magnum

k8s cluster won't be created when floating_ip_enabled=False

Bug #1744097 reported by Grzegorz Bialas
24
This bug affects 5 people
Affects Status Importance Assigned to Milestone
Magnum
New
Undecided
Unassigned

Bug Description

k8s cluser won't be created when floating_ip_enabled=False

Problem is in script : /var/lib/cloud/instance/scripts/part-008

Variable $sans has assigned value from openstack metadata public-ipv4. When floating_ip_enabled=False public-ipv4 is empty.
$sans is used as subjectAltName in server's csr, and when it is empty creation of certificate fails.

Output from /var/lib/cloud/instance/scripts/part-008

# /var/lib/cloud/instance/scripts/part-008
  % Total % Received % Xferd Average Speed Time Time Time Current
                                 Dload Upload Total Spent Left Speed
100 1433 100 1433 0 0 252 0 0:00:05 0:00:05 --:--:-- 414
Generating RSA private key, 4096 bit long modulus
........................................................................................................................++
.......................................................................................................................++
e is 65537 (0x010001)
Error Loading request extension section req_ext
140564528531200:error:2206D06D:X509 V3 routines:X509V3_parse_list:invalid null value:crypto/x509v3/v3_utl.c:294:
140564528531200:error:22097069:X509 V3 routines:do_ext_nconf:invalid extension string:crypto/x509v3/v3_conf.c:93:name=subjectAltName,section=IP:,IP:192.168.3.25,IP:146.213.170.34,IP:192.168.3.24,IP:192.168.3.11,IP:127.0.0.1,IP:10.254.0.1,DNS:kubernetes,DNS:kubernetes.default,DNS:kubernetes.default.svc,DNS:kubernetes.default.svc.cluster.local
140564528531200:error:22098080:X509 V3 routines:X509V3_EXT_nconf:error in extension:crypto/x509v3/v3_conf.c:47:name=subjectAltName, value=IP:,IP:192.168.3.25,IP:146.213.170.34,IP:192.168.3.24,IP:192.168.3.11,IP:127.0.0.1,IP:10.254.0.1,DNS:kubernetes,DNS:kubernetes.default,DNS:kubernetes.default.svc,DNS:kubernetes.default.svc.cluster.local

Revision history for this message
Christian Zunker (christian-zunker) wrote :

I had the same problem and tried to work around it by disabling TLS, but that just got me another problem:
error creating self-signed certificates: open /var/run/kubernetes/apiserver.crt: read-only file system

Revision history for this message
Christian Zunker (christian-zunker) wrote :

I think this got fixed with:
https://github.com/openstack/magnum/commit/393e70f0b0b12fe45b0271f2c2e53391d462076d#diff-07f834394f6e5c442202c71ea8e9e0c3

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.