Magnum

Cert generation fails is no public ipv4 specified

  1. Series rocky
  2. Bug #1751027
Bug #1751027 reported by Jack Ivanov
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Magnum
Status tracked in Rocky
Queens
Triaged
Undecided
Unassigned
Rocky
In Progress
Undecided
Kien Nguyen

Bug Description

Hello,

Faced the issue during the provisioning of a k8s cluster.

In case of provisioning a k8s cluster only in a private network without floating IPs, it appears impossible to generate the certificates because of a bug in make-cert.sh
https://github.com/openstack/magnum/blob/master/magnum/drivers/common/templates/kubernetes/fragments/make-cert.sh#L33-L35

public-ipv4 is not available in the metadata if no floating ip attached. As the outcome we got openssl command failed, because of the empty value for an IP statement in the subjectAltName

https://github.com/openstack/magnum/blob/master/magnum/drivers/common/templates/kubernetes/fragments/make-cert.sh#L40

+ openssl req -new -days 1000 -key /etc/kubernetes/certs/server.key -out /etc/kubernetes/certs/server.csr -reqexts req_ext -config /etc/kubernetes/certs/server.conf
Error Loading request extension section req_ext
139869997266808:error:2206D06D:X509 V3 routines:X509V3_parse_list:invalid null value:v3_utl.c:336:
139869997266808:error:22097069:X509 V3 routines:DO_EXT_NCONF:invalid extension string:v3_conf.c:140:name=subjectAltName,section=IP:,IP:10.10.10.16,IP:127.0.0.1,IP:10.254.0.1,DNS:kubernetes,DNS:kubernetes.default,DNS:kubernetes.default.svc,DNS:kubernetes.default.svc.cluster.local
139869997266808:error:22098080:X509 V3 routines:X509V3_EXT_nconf:error in extension:v3_conf.c:95:name=subjectAltName, value=IP:,IP:10.10.10.16,IP:127.0.0.1,IP:10.254.0.1,DNS:kubernetes,DNS:kubernetes.default,DNS:kubernetes.default.svc,DNS:kubernetes.default.svc.cluster.local

We should add a condition for this statement.

See original description
Jack Ivanov (gunph1ld)
description: updated
Revision history for this message
Spyros Trigazis (strigazi) wrote :

In which magnum release you have this problem?

Changed in magnum:
status: New → Triaged
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to magnum (master)

Fix proposed to branch: master
Review: https://review.openstack.org/578005

Changed in magnum:
assignee: nobody → Kien Nguyen (kiennt2609)
status: Triaged → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Change abandoned on magnum (master)

Change abandoned by Kien Nguyen (<email address hidden>) on branch: master
Review: https://review.openstack.org/578005

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.