Loading...

XML

Word

Printable

Type: Bug
Resolution: Done-Errata
Priority: Major
Fix Version/s: 4.16.0
Affects Version/s: 4.15, 4.16
Component/s: Installer / Agent based installation
Labels:
None

Severity:
Important
Regression:
No
Sprint:
Sprint 252
sprint_count:
1
Release Blocker:
Proposed
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Release Note Text:

Hide
* Previously, when using the Agent-based installation program in a disconnected environment, unnecessary certificates were added to the CA trust bundle. With this update, the CA bundle ConfigMap only contains CAs explicitly specified by the user. (link:https://issues.redhat.com/browse/OCPBUGS-32042[*~~OCPBUGS-32042~~*])

Show
* Previously, when using the Agent-based installation program in a disconnected environment, unnecessary certificates were added to the CA trust bundle. With this update, the CA bundle ConfigMap only contains CAs explicitly specified by the user. (link: https://issues.redhat.com/browse/OCPBUGS-32042 [* OCPBUGS-32042 *])
Release Note Type:
Bug Fix
Release Note Status:
Done
Target Version:

4.16.0

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Description of problem:

When the user configures the install-config.yaml additionalTrustBundle field (for example, in a disconnected installation using a local registry),
the user-ca-bundle configmap gets populated with more content than strictly required

Version-Release number of selected component (if applicable):

How reproducible:

Always

Steps to Reproduce:

    1. Setup a local registry and mirror the content of an ocp release
    2. Configure the install-config.yaml for a mirrored installation. In particular, configure the additionalTrustBundle field with the registry cert
    3. Create the agent ISO, boot the nodes and wait for the installation to complete

Actual results:

    The user-ca-bundle cm does not contain onyl the registry cert

Expected results:

user-ca-bundle configmap with just the content of the install-config additionalTrustBundle field

Additional info:

blocks

OCPBUGS-34721 Incorrect usage of install-config.yaml additionalTrustBundle field

Closed

is caused by

OCPBUGS-16666 Move the setting of additionalTrustBundle to InfraEnv

Closed

is cloned by

OCPBUGS-34721 Incorrect usage of install-config.yaml additionalTrustBundle field

Closed

is related to

OCPBUGS-43990 Work around excess CA certs in additionalTrustBundle

links to

openshift/installer#8253: OCPBUGS-32042: fix usage of addtionalTrustBundle field

RHEA-2024:0041 OpenShift Container Platform 4.16.z bug fix update

(1 links to)

Assignee:: Andrea Fasano

Reporter:: Andrea Fasano

QA Contact:: Biagio Manzari

Votes:: 0 Vote for this issue

Watchers:: 8 Start watching this issue

Created:: 2024/04/10 2:33 PM

Updated:: 2024/09/18 11:05 PM

Resolved:: 2024/06/27 11:44 AM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates