Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-30100

IPSec - ovn-ipsec-containerized ds typo

XMLWordPrintable

    • No
    • False
    • Hide

      None

      Show
      None

      This is a clone of issue OCPBUGS-29390. The following is the description of the original issue:

      This is a clone of issue OCPBUGS-29305. The following is the description of the original issue:

      Description of problem:

      There's a typo in the openssl commands within the ovn-ipsec-containerized/ovn-ipsec-host daemonsets. The correct parameter is "-checkend", not "-checkedn".

      Version-Release number of selected component (if applicable):

      # oc get clusterversion
      NAME      VERSION   AVAILABLE   PROGRESSING   SINCE   STATUS
      version   4.14.10   True        False         7s      Cluster version is 4.14.10

      How reproducible:

      Steps to Reproduce:

      1. Enable IPsec encryption

      # oc patch networks.operator.openshift.io cluster --type=merge -p '{"spec": 
       {"defaultNetwork":{"ovnKubernetesConfig":{"ipsecConfig":{ }}}}}'
      

      Actual results:

      Examining the initContainer (ovn-keys) logs

      # oc logs ovn-ipsec-containerized-7bcd2 -c ovn-keys
      ...
      + openssl x509 -noout -dates -checkedn 15770000 -in /etc/openvswitch/keys/ipsec-cert.pem
      x509: Use -help for summary.
      # oc get ds
      NAME                      DESIRED   CURRENT   READY   UP-TO-DATE   AVAILABLE   NODE SELECTOR                 AGE
      ovn-ipsec-containerized   1         1         0       1            0           beta.kubernetes.io/os=linux   159m
      ovn-ipsec-host            1         1         1       1            1           beta.kubernetes.io/os=linux   159m
      ovnkube-node              1         1         1       1            1           beta.kubernetes.io/os=linux   3h44m
      # oc get ds ovn-ipsec-containerized -o yaml | grep edn
      if ! openssl x509 -noout -dates -checkedn 15770000 -in $cert_pem; then     
      
      # oc get ds ovn-ipsec-host -o yaml | grep edn
      if ! openssl x509 -noout -dates -checkedn 15770000 -in $cert_pem; then

              ykashtan Yuval Kashtan
              openshift-crt-jira-prow OpenShift Prow Bot
              Huiran Wang Huiran Wang
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated:
                Resolved: