-
Bug
-
Resolution: Done
-
Undefined
-
None
-
None
-
None
-
Quality / Stability / Reliability
-
False
-
-
None
-
None
-
None
-
None
-
Installer Sprint 267, Installer Sprint 268, Installer Sprint 269, Installer Sprint 270
-
None
-
None
-
None
A common use case for OpenShift installs is to run command separately like:
- openshift-install create manifests --dir=/tmp/cluster
- openshift-install create cluster --dir=/tmp/cluster
Another common use case, when a cluster install fails for some reason, is to reuse the same directory, /tmp/cluster in this case, after cleaning, or attempting to clean it out by running something like:
- openshift-install destroy cluster --dir/tmp/cluster
- rm -f /tmp/cluster/*
The installer maintains 2 hidden files inside the /tmp/cluster directory
- .openshift_install_state.json
- .openshift_install.log
These files are not deleted by a normal rm -f command. Either the entire directory must be deleted or the hidden files specified on the command line.
When a user attemps to try another cluster install, maybe the next day, like:
- openshift-install create cluster --dir=/tmp/cluster
The openshift-installer will not regenerate the certificate authorities that exist inside the .openshift_install_state.json file. Even if those CAs are now expired. Some are only valid for 24 hours. The net result is that the next cluster install is guaranteed to fail as the CAs are now expired.
The failure pattern is incredibly hard to diagnose. If you're lucky, you'll find an error about expired CAs somewhere in the cluster install logs. Even if you do, what would lead you to think the dirty directory is the issue.
The openshift-install command should validate or not reuse a CA in the state json file if it has expired.
Logs for initial run:
```
time="2024-08-13T00:15:36-04:00" level=debug msg="OpenShift Installer 4.15.8"
time="2024-08-13T00:15:36-04:00" level=debug msg="Built from commit f4f5d0ee0f7591fd9ddf03ac337c804608102919"
time="2024-08-13T00:15:36-04:00" level=debug msg="Fetching Kubeconfig Admin Client..."
time="2024-08-13T00:15:36-04:00" level=debug msg="Loading Kubeconfig Admin Client..."
time="2024-08-13T00:15:36-04:00" level=debug msg=" Loading Certificate (admin-kubeconfig-client)..."
time="2024-08-13T00:15:36-04:00" level=debug msg=" Loading Certificate (admin-kubeconfig-signer)..."
time="2024-08-13T00:15:36-04:00" level=debug msg=" Loading Certificate (kube-apiserver-complete-server-ca-bundle)..."
time="2024-08-13T00:15:36-04:00" level=debug msg=" Loading Certificate (kube-apiserver-localhost-ca-bundle)..."
time="2024-08-13T00:15:36-04:00" level=debug msg=" Loading Certificate (kube-apiserver-localhost-signer)..."
time="2024-08-13T00:15:36-04:00" level=debug msg=" Loading Certificate (kube-apiserver-service-network-ca-bundle)..."
time="2024-08-13T00:15:36-04:00" level=debug msg=" Loading Certificate (kube-apiserver-service-network-signer)..."
time="2024-08-13T00:15:36-04:00" level=debug msg=" Loading Certificate (kube-apiserver-lb-ca-bundle)..."
time="2024-08-13T00:15:36-04:00" level=debug msg=" Loading Certificate (kube-apiserver-lb-signer)..."
```
Second run
```
time="2024-08-13T00:17:37-04:00" level=debug msg="OpenShift Installer 4.15.8"
time="2024-08-13T00:17:37-04:00" level=debug msg="Built from commit f4f5d0ee0f7591fd9ddf03ac337c804608102919"
time="2024-08-13T00:17:37-04:00" level=debug msg="Fetching Kubeconfig Admin Client..."
time="2024-08-13T00:17:37-04:00" level=debug msg="Loading Kubeconfig Admin Client..."
time="2024-08-13T00:17:37-04:00" level=debug msg=" Loading Certificate (admin-kubeconfig-client)..."
time="2024-08-13T00:17:37-04:00" level=debug msg=" Loading Certificate (admin-kubeconfig-signer)..."
time="2024-08-13T00:17:37-04:00" level=debug msg=" Using Certificate (admin-kubeconfig-signer) loaded from state file"
time="2024-08-13T00:17:37-04:00" level=debug msg=" Using Certificate (admin-kubeconfig-client) loaded from state file"
time="2024-08-13T00:17:37-04:00" level=debug msg=" Loading Certificate (kube-apiserver-complete-server-ca-bundle)..."
time="2024-08-13T00:17:37-04:00" level=debug msg=" Loading Certificate (kube-apiserver-localhost-ca-bundle)..."
time="2024-08-13T00:17:37-04:00" level=debug msg=" Loading Certificate (kube-apiserver-localhost-signer)..."
time="2024-08-13T00:17:37-04:00" level=debug msg=" Using Certificate (kube-apiserver-localhost-signer) loaded from state file"
time="2024-08-13T00:17:37-04:00" level=debug msg=" Using Certificate (kube-apiserver-localhost-ca-bundle) loaded from state file"
time="2024-08-13T00:17:37-04:00" level=debug msg=" Loading Certificate (kube-apiserver-service-network-ca-bundle)..."
time="2024-08-13T00:17:37-04:00" level=debug msg=" Loading Certificate (kube-apiserver-service-network-signer)..."
time="2024-08-13T00:17:37-04:00" level=debug msg=" Using Certificate (kube-apiserver-service-network-signer) loaded from state file"
time="2024-08-13T00:17:37-04:00" level=debug msg=" Using Certificate (kube-apiserver-service-network-ca-bundle) loaded from state file"
time="2024-08-13T00:17:37-04:00" level=debug msg=" Loading Certificate (kube-apiserver-lb-ca-bundle)..."
time="2024-08-13T00:17:37-04:00" level=debug msg=" Loading Certificate (kube-apiserver-lb-signer)..."
time="2024-08-13T00:17:37-04:00" level=debug msg=" Using Certificate (kube-apiserver-lb-signer) loaded from state file"
time="2024-08-13T00:17:37-04:00" level=debug msg=" Using Certificate (kube-apiserver-lb-ca-bundle) loaded from state file"
time="2024-08-13T00:17:37-04:00" level=debug msg=" Using Certificate (kube-apiserver-complete-server-ca-bundle) loaded from state file"
```