kube-rootca_sync_status is in-sync after rehoming a subcloud, despite kubernetes root_ca cert issuer is different

Bug #2009827 reported by Christopher de Oliveira Souza
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
StarlingX
Fix Released
Low
Christopher de Oliveira Souza

Bug Description

Brief Description
-----------------
When a subcloud is rehomed to a different system controller, kube-rootca_sync_status shows that it is "in-sync", whereas, the issuer of kubernetes rootca of new system controller and rehomed subcloud are different.

Severity
--------
Minor

Steps to Reproduce
------------------
Rehome a subcloud to different System controller.

Expected Behavior
------------------
the issuer of kubernetes rootca of new system controller and rehomed subcloud should be the same.

Actual Behavior
----------------
the issuer of kubernetes rootca of new system controller and rehomed subcloud are different.

System Configuration
--------------------
DC

Last Pass
---------
N/A

Timestamp/Logs
--------------
N/A

Changed in starlingx:
assignee: nobody → Christopher de Oliveira Souza (cdeolive)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to ansible-playbooks (master)
Changed in starlingx:
status: New → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to ansible-playbooks (master)

Reviewed: https://review.opendev.org/c/starlingx/ansible-playbooks/+/876964
Committed: https://opendev.org/starlingx/ansible-playbooks/commit/6a6d3064d71b00fc0be98d27885058443ded0e8c
Submitter: "Zuul (22348)"
Branch: master

commit 6a6d3064d71b00fc0be98d27885058443ded0e8c
Author: Christopher Souza <email address hidden>
Date: Thu Mar 9 08:47:55 2023 -0300

    Update rehome subcloud playbook to update rootca cert

    In this commit, the rehoming playbook is updated
    to ensure the subcloud will have the same k8s
    rootca cert as the new central cloud
    post rehoming.

    Test Plan:
    PASS: Rehome a subcloud.
    dcmanager subcloud add --migrate
    --bootstrap-address <controller-0-oam-address>
    --bootstrap-values <bootstrap_values>
    --sysadmin-password <subcloud password>
    PASS: open the /etc/kubernetes/pki/ca.crt of the
    subcloud and verify that the cert is
    the same cert of the central controller.
    PASS: create a strategy
    - sw-manager fw-update-strategy create
    - sw-manager kube-rootca-update-strategy creat
    - sw-manager kube-upgrade-strategy create
    - sw-manager patch-strategy create
    - sw-manager upgrade-strategy create
    then rehome a subcloud and verify that the subcloud
    has the same k8s rootca cert as the central
    controller.

    Closes-Bug: 2009827

    Signed-off-by: Christopher Souza <email address hidden>
    Change-Id: Ia116dcbcd1f02c6b3d56a0529e16617853ba3b08

Changed in starlingx:
status: In Progress → Fix Released
Ghada Khalil (gkhalil)
Changed in starlingx:
importance: Undecided → Low
tags: added: stx.9.0 stx.distcloud
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.