Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Done
Priority: Undefined
Fix Version/s: Logging 5.5.2
Affects Version/s: Logging 5.4.1
Component/s: Log Storage
Labels:
- devel_ack+
- rn-done-resolved

Blocked:
False
Blocked Reason:
None
Ready:
False
Docs QE Status:
NEW
QE Status:
VERIFIED
Release Note Text:
Before this update, the Kibana route was setting a `caCertificate` value without a certificate present. With this update, no `caCertificate` value is set.

Sprint:
Log Storage - Sprint 221, Log Storage - Sprint 222, Log Storage - Sprint 223, Log Storage - Sprint 224

SFDC Cases Links:
SFDC Cases Counter:

Description

Currently kibana is setting caCertificate without a cert/key which seems unnecessary.

https://github.com/openshift/elasticsearch-operator/blob/master/internal/kibana/route.go#L60

https://github.com/openshift/elasticsearch-operator/blob/master/internal/manifests/route/build.go#L49

This is causing issue with the VMWare NSX-T SDN as its trying to create a PEMfor their ingress with the CA + empty cert.

2022-05-25T19:24:29.866Z server NSX 6470 - [nsx@6876 audit="true" comp="nsx-manager" entId="lb_7a53a319-8827-42b1-87c2-eeafdb79d5d6_bmypv" level="INFO" reqId="90f3b8af-d28c-435e-871e-65d4946a2819" subcomp="policy" update="true" username="openshift"] UserName="openshift", ModuleName="PolicyCertificate", Operation="AddTlsCertificate", Operation status="success", New value=["lb_7a53a319-8827-42b1-87c2-eeafdb79d5d6_bmypv" {"pem_encoded":"None\n-----BEGIN CERTIFICATE-----\zybDTaKMvzvIluxvuOdDCjhnCnSKbHd87r\nLnemk5Jnf3SOm3dU/UVlt93BKDSICkCuxN6U12Rpzp7k5BTVHPHaqhgoYLeFmlD2\nIhvSKDVRPUqXitvtatKlQ4icBYseG/QPYDPsNXl4k2FqG5L50YHcJq1JjF2iPbmV\nW53V4kXQJ535pQs0U0KA3dcMjEmfPstYIyw2YU2D1/+WDzCT2t/PSVOaqcrEwu2/\npU2nDKkeqYIqfl7QDMoXy6h5cDfPzpL0c0ILylGsyHDhvkTnHpl+JsSE7g==\n-----END CERTIFICATE-----\n","resource_type":"TlsCertificate","id":"lb_7a53a319-8827-42b1-87c2-eeafdb79d5d6_bmypv","display_name":"lb-7a53a319-8827-42b1-87c2-eeafdb79d5d6","tags":[{"scope":"ncp/version","tag":"1.2.0"},{"scope":"ncp/cluster","tag":"OCP4KLAB2"},{"scope":"ncp/project","tag":"openshift-logging"},{"scope":"external_id","tag":"7a53a319-8827-42b1-87c2-eeafdb79d5d6"},{"scope":"ncp/l7_resource_uuid","tag":"7a53a319-8827-42b1-87c2-eeafdb79d5d6"}],"marked_for_delete":false,"overridden":false,"_protection":"UNKNOWN","_revision":-1}]


2022-05-25T19:24:29.924Z app-02.dmz NSX 9 - [nsx@6876 comp="nsx-container-ncp" subcomp="ncp" level="WARNING"] vmware_nsxlib.v3.client The HTTP request returned error code 400, whereas 201/200 response codes wereexpected. Response body {'httpStatus': 'BAD_REQUEST', 'error_code': 502001, 'module_name': 'Policy', 'error_message': 'Errors validating path=[[/infra/lb-virtual-servers/OCP4KLAB2_https_terminated]].', 'related_errors': [{'httpStatus': 'BAD_REQUEST', 'error_code': 502054, 'module_name': 'Policy', 'error_message': 'Service certificate ID /infra/certificates/lb_7a53a319-8827-42b1-87c2-eeafdb79d5d6_bmypv is invalid.'}]}

Attachments

Issue Links

links to

openshift/elasticsearch-operator#909: LOG-2661: Remove CA certificate from Kibana Route

mentioned on

Merge request - Updated 5 upstream sources

Merge request - Updated 6 upstream sources

Activity

People

Assignee:: Mohamed-Amine Bouqsimi (Inactive)

Reporter:: Matt Robson

QA Contact:: Anping Li

Votes:: 1 Vote for this issue

Watchers:: 7 Start watching this issue

Dates

Created:: 2022/05/26 6:39 PM

Updated:: 2022/09/27 3:51 PM

Resolved:: 2022/09/14 3:12 PM