StarlingX

CN for server certificate file for local registry

Bug #1997489 reported by Juanita-Balaraj
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
StarlingX
Fix Released
Low
Juanita-Balaraj

Bug Description

Brief Description
-----------------

In the manual, https://docs.starlingx.io/security/kubernetes/create-certificates-locally-using-openssl.html, it says,

Create the Server certificate signing request (csr).
Specify CN=<WRCP-OAM-Floating-IP> and do not specify a challenge password.
But, the default server certificate for local registry which is created during bootstrap, "registry.local" is used as CN.
controller-0:~$ sudo openssl x509 -noout -text -in /etc/ssl/private/registry-cert.crt
Password:
Certificate:

    Data:

        Version: 3 (0x2)

        Serial Number:

            94:2e:bd:ff:e1:f9:80:5a

    Signature Algorithm: sha256WithRSAEncryption

        Issuer: CN=registry.local <- Here

        Validity

            Not Before: Sep 27 14:39:33 2022 GMT

            Not After : Sep 27 14:39:33 2023 GMT

        Subject: CN=registry.local

        Subject Public Key Info:

            Public Key Algorithm: rsaEncryption

                Public-Key: (2048 bit)

                Modulus:

The correct value is:
Specify CN=registry.local and do not specify a challenge password.

Severity
--------
<Minor: System/Feature is usable with minor issue>

Steps to Reproduce
------------------
-

Expected Behavior
------------------
-

Actual Behavior
----------------
-

Reproducibility
---------------
<Reproducible/Intermittent/Seen once>
State if the issue is 100% reproducible, intermittent or seen once. If it is intermittent, state the frequency of occurrence

System Configuration
--------------------
<One node system, Two node system, Multi-node system, Dedicated storage, https, IPv4, IPv6 etc.>

Branch/Pull Time/Commit
-----------------------
Branch and the time when code was pulled or git commit or cengn load info

Last Pass
---------
Did this test scenario pass previously? If so, please indicate the load/pull time info of the last pass.
Use this section to also indicate if this is a new test scenario.

Timestamp/Logs
--------------
Attach the logs for debugging (use attachments in Launchpad or for large collect files use: https://files.starlingx.kube.cengn.ca/)
Provide a snippet of logs here and the timestamp when issue was seen.
Please indicate the unique identifier in the logs to highlight the problem

Test Activity
-------------
[Sanity, Feature Testing, Regression Testing, Developer Testing, Evaluation, Other - Please specify]

Workaround
----------
Describe workaround if available

Tags: stx.docs
Juanita-Balaraj (balaraj)
Changed in starlingx:
assignee: nobody → Juanita-Balaraj (balaraj)
OpenStack Infra (hudson-openstack)
Changed in starlingx:
status: New → In Progress
Juanita-Balaraj (balaraj)
tags: added: stx.docs
Changed in starlingx:
importance: Undecided → Low
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to docs (master)

Reviewed: https://review.opendev.org/c/starlingx/docs/+/865196
Committed: https://opendev.org/starlingx/docs/commit/35021e03fe819ebd85179ace67b0f90d853764ae
Submitter: "Zuul (22348)"
Branch: master

commit 35021e03fe819ebd85179ace67b0f90d853764ae
Author: Juanita-Balaraj <email address hidden>
Date: Mon Nov 21 15:16:46 2022 -0500

    Updated CN to "CN=registry.local" (r6, dsr6, r7, dsr7)

    Closes-Bug:1997489

    Signed-off-by: Juanita-Balaraj <email address hidden>
    Change-Id: Ia119e8d8cf8db3a277b04cf3620f68129707f4dd

Changed in starlingx:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to docs (r/stx.6.0)

Fix proposed to branch: r/stx.6.0
Review: https://review.opendev.org/c/starlingx/docs/+/866892

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to docs (r/stx.7.0)

Fix proposed to branch: r/stx.7.0
Review: https://review.opendev.org/c/starlingx/docs/+/866893

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to docs (r/stx.6.0)

Reviewed: https://review.opendev.org/c/starlingx/docs/+/866892
Committed: https://opendev.org/starlingx/docs/commit/0c6aa63e08d2bd522e117116a8df42a6e291e3b3
Submitter: "Zuul (22348)"
Branch: r/stx.6.0

commit 0c6aa63e08d2bd522e117116a8df42a6e291e3b3
Author: Juanita-Balaraj <email address hidden>
Date: Mon Nov 21 15:16:46 2022 -0500

    Updated CN to "CN=registry.local" (r6, dsr6, r7, dsr7)

    Closes-Bug:1997489

    Signed-off-by: Juanita-Balaraj <email address hidden>
    Change-Id: Ia119e8d8cf8db3a277b04cf3620f68129707f4dd
    (cherry picked from commit 35021e03fe819ebd85179ace67b0f90d853764ae)

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to docs (r/stx.7.0)

Reviewed: https://review.opendev.org/c/starlingx/docs/+/866893
Committed: https://opendev.org/starlingx/docs/commit/ced1892d689917629fc65d7344e11f0706cb5564
Submitter: "Zuul (22348)"
Branch: r/stx.7.0

commit ced1892d689917629fc65d7344e11f0706cb5564
Author: Juanita-Balaraj <email address hidden>
Date: Mon Nov 21 15:16:46 2022 -0500

    Updated CN to "CN=registry.local" (r6, dsr6, r7, dsr7)

    Closes-Bug:1997489

    Signed-off-by: Juanita-Balaraj <email address hidden>
    Change-Id: Ia119e8d8cf8db3a277b04cf3620f68129707f4dd
    (cherry picked from commit 35021e03fe819ebd85179ace67b0f90d853764ae)

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.