-
Bug
-
Resolution: Won't Do
-
Major
-
None
-
4.14.0, 4.14.z
-
Quality / Stability / Reliability
-
False
-
-
None
-
Moderate
-
No
-
None
-
Rejected
-
None
-
In Progress
-
Release Note Not Required
-
None
-
None
-
None
-
None
-
None
Description of problem:
Following the documentation to setup the certificate, https://64835--docspreview.netlify.app/openshift-enterprise/latest/networking/ovn_kubernetes_network_provider/configuring-ipsec-ovn#configuring-ipsec-ovn-external-traffic-ipsec As per the document, left_server.p12 needs to be generated to used as server cert for ipsec. The script fails when there are multiple certs as the user procures certs with hostname as DNS name in the SAN entry. This makes it harder to use the machine-config to target the certificate on the host.
Version-Release number of selected component (if applicable):
How reproducible:
Setup the 4.14 cluster for ipsec encryption. Enable the ipsec extension and get the certificate generated.
Steps to Reproduce:
1. Procure certificate for each host with hostname as SAN entry openssl req -new -text -extensions v3_req -addext "subjectAltName = DNS:<ocp_node1_hostname>" -subj "/C=US/O=ovnkubernetes/OU=kind/CN=<ocp_node1_hostname>" -key /etc/openvswitch/keys/ipsec-privkey.pem -out /etc/openvswitch/keys/ipsec-req.pem
Actual results:
Expected results:
Additional info:
