Loading...

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: Critical
Fix Version/s: fuse-7.13-GA, fuse-7.12.1-GA
Affects Version/s: fuse-7.12-GA
Component/s: Fuse Console, Operator
Labels:
None

Blocked:
False
Blocked Reason:
None
Ready:
False
Fuse Progress Bar:

% %
GSS Priority:
Regression Test:
Todo
Target Release:

fuse-7.13-GA
Workaround Description:

Hide

As per KCS https://access.redhat.com/solutions/5751001, the workaround is to perform a manual by performing a one-time manual rotation of the service CA, following instructions:

https://docs.openshift.com/container-platform/4.6/security/certificates/service-serving-certificate.html#manually-rotate-service-ca_service-serving-certificate

After the one-time manual rotation, please also consider deleting and recreating the Hawtio Custom Resource guided on this knowledge.
Fuse Console not able to connect to container with the right jolokia configuration and no duplicate certificate issue

Show
As per KCS https://access.redhat.com/solutions/5751001 , the workaround is to perform a manual by performing a one-time manual rotation of the service CA, following instructions: https://docs.openshift.com/container-platform/4.6/security/certificates/service-serving-certificate.html#manually-rotate-service-ca_service-serving-certificate After the one-time manual rotation, please also consider deleting and recreating the Hawtio Custom Resource guided on this knowledge. Fuse Console not able to connect to container with the right jolokia configuration and no duplicate certificate issue
Git Pull Request:
https://github.com/jboss-fuse/fuse-java-openshift/pull/27, https://github.com/jboss-fuse/fuse-java-openshift/pull/28, https://github.com/jboss-fuse/fuse-java-openshift/pull/29, https://github.com/jboss-fuse/fuse-java-openshift/pull/30, https://github.com/jboss-fuse/fuse-java-openshift/pull/31, https://github.com/jboss-fuse/fuse-java-openshift/pull/32, https://github.com/jboss-fuse/fuse-karaf-openshift/pull/28, https://github.com/jboss-fuse/fuse-karaf-openshift/pull/29, https://github.com/jboss-fuse/fuse-karaf-openshift/pull/30, https://github.com/jboss-fuse/fuse-karaf-openshift/pull/31, https://github.com/jboss-fuse/fuse-karaf-openshift/pull/32, https://github.com/jboss-fuse/fuse-karaf-openshift/pull/33, https://github.com/jboss-fuse/fuse-eap-openshift/pull/43, https://github.com/jboss-fuse/fuse-eap-openshift/pull/44, https://github.com/jboss-fuse/fuse-eap-openshift/pull/45, https://github.com/jboss-fuse/fuse-eap-openshift/pull/46, https://github.com/jboss-fuse/fuse-eap-openshift/pull/47, https://github.com/jboss-fuse/fuse-eap-openshift/pull/48, https://github.com/jboss-fuse/karaf/pull/601, https://github.com/jboss-fuse/karaf/pull/602, https://github.com/jboss-fuse/docker-maven-plugin/pull/17, https://github.com/jboss-fuse/docker-maven-plugin/pull/18, https://github.com/jboss-fuse/arquillian-cube/pull/21, https://github.com/jboss-fuse/arquillian-cube/pull/22, https://github.com/jboss-fuse/camel/pull/2271, https://github.com/jboss-fuse/camel/pull/2272, https://github.com/jboss-fuse/hawtio/pull/592, https://github.com/jboss-fuse/hawtio/pull/593, https://github.com/jboss-fuse/redhat-fuse/pull/338, https://github.com/jboss-fuse/redhat-fuse/pull/339
Intelligence Requested:
Market:

Severity:
Critical
Risk Probability:
Very Likely

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

After the Fuse Console deployment is installed by the operator, its certificate has to be renewed each year, as it cannot access the pods, as described in this KB article [1]

Initially, it was associated with a Openshift bug [2], it is also discused on this jira report [3], but the Openshift Engineering team denied it was something
on the platform itself, and closed the ticket

So, after reviewing this issue, we decided to have a look, from the Fuse Console side, as the certificate that is duplicated is generated by the Operator itself,
and this is not responsability of the Openshift team.

This note [4] should also be considered

[1] https://access.redhat.com/solutions/5751001
[2] https://bugzilla.redhat.com/show_bug.cgi?id=1920974
[3] https://issues.redhat.com/browse/OCPBUGS-14666
[4] https://access.redhat.com/solutions/6961450

- - Sort By Name
  - Sort By Date
  - Ascending
  - Descending
  - Thumbnails
  - List
  - Download All

screenshot-1.png
35 kB
2023/09/05 8:59 AM

account is impacted by

ENTMQBR-8609 Incorporate the fix of ENTESB-21742 to AMQ Broker Image

Closed

relates to

ENTESB-17779 Fuse console client auth fails when multiple cert authorities are present in jolokia caCert file

Closed

links to

jolokia/jolokia#570 – CA certificate override on OpenShift

Assignee:: Grzegorz Grzybek

Reporter:: Alfredo Narvaez

Tester:: Juri Solovjov

Votes:: 2 Vote for this issue

Watchers:: 13 Start watching this issue

Created:: 2023/07/07 11:35 PM

Updated:: 2024/04/12 10:08 AM

Resolved:: 2023/10/06 1:07 PM

Details

Description

Attachments

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates