Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-52178

[IBU] Seed image fails to generate

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done-Errata
    • Icon: Undefined Undefined
    • None
    • 4.16.z
    • LCA operator
    • Quality / Stability / Reliability
    • False
    • Hide

      None

      Show
      None
    • None
    • Critical
    • No
    • None
    • None
    • None
    • None
    • None
    • None
    • None
    • None
    • None
    • None

      Description of problem:

         Seed image is failing to generate, giving errors about cert regeneration. The environment is using OCP 4.16.34, with LCA 4.16.2 and OADP 1.4.3. These are the only operators used:

      oc get operators.operators.coreos.com

      NAME                                        AGE

      lifecycle-agent.openshift-lifecycle-agent   46h

      redhat-oadp-operator.openshift-adp          19h

      Version-Release number of selected component (if applicable):

      How reproducible:

          Easily reproducible

      Steps to Reproduce:

          1.Create cluster (using GitOps) with the appropriate partitions for LCA
    2.Create secret for Quay (also patch Quay certificate in oc proxy as cluster has self-signed certificate by default)
    3.Create the seedgenerator CR

      Actual results:

          oc get seedgenerators.lca.openshift.io -o wide
NAME        AGE   STATE               DETAILS
seedimage   12h   SeedGenInProgress   Seed generation failed: imager container status check failed: expected container status 0, found: 1

      Expected results:

          Seed image should have been created

      Additional info:

          Recert logs:

2025-03-03 16:41:40 - WARN - src/cluster_crypto.rs:226: no signing cert found for cert in [file:backup/etc/kubernetes/static-pod-resources/kube-apiserver-certs/secrets/external-loadbalancer-serving-certkey/tls.crt:in PEM bundle at i
ndex 0, k8s:Secret/openshift-kube-apiserver:external-loadbalancer-serving-certkey:/data/tls.crt, encoded as a byte array, in PEM bundle at index 0, ]
2025-03-03 16:41:41 - WARN - src/cluster_crypto.rs:226: no signing cert found for cert in [file:backup/etc/kubernetes/static-pod-resources/kube-apiserver-certs/secrets/internal-loadbalancer-serving-certkey/tls.crt:in PEM bundle at i
ndex 0, k8s:Secret/openshift-kube-apiserver:internal-loadbalancer-serving-certkey:/data/tls.crt, encoded as a byte array, in PEM bundle at index 0, ]
2025-03-03 16:41:42 - WARN - src/cluster_crypto.rs:226: no signing cert found for cert in [k8s:Secret/openshift-kube-apiserver:service-network-serving-certkey:/data/tls.crt, encoded as a byte array, in PEM bundle at index 0, file:ba
ckup/etc/kubernetes/static-pod-resources/kube-apiserver-certs/secrets/service-network-serving-certkey/tls.crt:in PEM bundle at index 0, ]
2025-03-03 16:41:47 - WARN - src/cluster_crypto.rs:226: no signing cert found for cert in [file:backup/etc/kubernetes/static-pod-resources/kube-apiserver-certs/secrets/localhost-serving-cert-certkey/tls.crt:in PEM bundle at index 0,
 k8s:Secret/openshift-kube-apiserver:localhost-serving-cert-certkey:/data/tls.crt, encoded as a byte array, in PEM bundle at index 0, ]
2025-03-03 16:41:48 - INFO - src/cluster_crypto.rs:511: Established relationships between crypto objects
Error: scanning and recertification

Caused by:
    0: processing discovered objects
    1: regenerating crypto
    2: re-signing cert with subject CN=172.30.0.1
    3: could not find matching akid key identifier in chain

              mresvani@redhat.com Michail Resvanis
              shassan@redhat.com Syed Hassan
              None
              None
              Bahaa Azem Bahaa Azem
              None
              Votes:
              0 Vote for this issue
              Watchers:
              12 Start watching this issue

                Created:
                Updated:
                Resolved: