[kubic-bugs] [Bug 1136246] New: Invalid certificate with Admin node. build 20190521
http://bugzilla.suse.com/show_bug.cgi?id=1136246 Bug ID: 1136246 Summary: Invalid certificate with Admin node. build 20190521 Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Kubic Assignee: kubic-bugs@opensuse.org Reporter: jason.evans@suse.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- Issue: Unable to initialize certificates or kubicctl admin:~ # kubicctl certificates initialize Error invoking certstrap: exit status 1 CA with specified name "Kubic-Control-CA" already exists! Error creating CA: exit status 1 admin:~ # kubicctl init --pod-network cilium Initializing kubernetes master can take several minutes, please be patient. Could not initialize: rpc error: code = Unavailable desc = all SubConns are in TransientFailure, latest connection error: connection error: desc = "transport: authentication handshake failed: x509: certificate has expired or is not yet valid" -- You are receiving this mail because: You are the assignee for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1136246 http://bugzilla.suse.com/show_bug.cgi?id=1136246#c1 --- Comment #1 from Jason Evans <jason.evans@suse.com> --- I also confirmed that the date is correct: admin:~ # date Fri 24 May 2019 02:59:42 PM UTC This is the same as my local machine: jsevans@work:~> date Fri May 24 17:00:23 CEST 2019 -- You are receiving this mail because: You are the assignee for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1136246 http://bugzilla.suse.com/show_bug.cgi?id=1136246#c2 Thorsten Kukuk <kukuk@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |jason.evans@suse.com Assignee|kubic-bugs@opensuse.org |kukuk@suse.com Flags| |needinfo?(jason.evans@suse. | |com) --- Comment #2 from Thorsten Kukuk <kukuk@suse.com> --- systemctl is-enabled kubicd-init Is that enabled? If you look at the timestamp of the certificates in /etc/kubicd/pki, looks the time of the files correct? What is the validy timeframe if you run: openssl x509 -in /etc/kubicd/pki/Kubic-Control-CA.crt -text -noout I could only imagine, that either the systemd service to create the certificates did run before the time was set correct, ~/.config/kubicctl/user.* does not match /etc/kubicd/pki/admin.*, or something broke the files in /etc/kubicd/pki -- You are receiving this mail because: You are the assignee for the bug.
participants (1)
-
bugzilla_noreply@novell.com