SUSE CaaS Platform/Issues

From MicroFocusInternationalWiki
Revision as of 09:47, 9 March 2018 by Cduch (Talk | contribs) (Created page with "{{SUSE_CaaS_Platform_SideBar}} This site lists workaround for issues which needs to be fixed within SUSE CaaS Platform. __TOC__ == Outdated Certificates == It sometimes mi...")

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Quick Links

This site lists workaround for issues which needs to be fixed within SUSE CaaS Platform.

Outdated Certificates

It sometimes might happen that a certificate gets outdated and is not renewed properly. To fix this issue do the following steps: SSH on to the Admin Node and move the expired certs out of the way:

  mv /etc/pki/{velum,ldap,salt-api}.crt /root

2) Regenerate the set of certs moved in step 1:

  /usr/share/caasp-container-manifests/gen-certs.sh

3) On a master node, backup and delete the dex-tls secret:

  kubectl -n kube-system get secret dex-tls -o yaml > /root/dex-tls
  kubectl -n kube-system delete secret dex-tls

4) On a master node, find and delete the dex pods (bsc#1082996):

This *will* prevent new authentications requests succeeding against the cluster. However, the static credentials located on the master nodes will continue to function.

  kubectl -n kube-system get pods | grep dex
  kubectl -n kube-system delete pods <Dex Pod 1> <Dex Pod 3> <Dex Pod 3>

They will *NOT* start back up by themselves until the dex-tls secret is recreated as part of step 5.

5) Manually run the salt orchestration, this may take some time:

  docker exec -it $(docker ps | grep salt-master | awk '{print $1}') bash -c "salt-run state.orchestrate orch.kubernetes" 2&>1 > salt-run.log

6) Check the tail of salt-run.log to see if the orchestration succeeded

  tail -n 50 salt-run.log

7) On a master node, validate the dex pods are running:

  kubectl -n kube-system get pods | grep dex

8) Test and validate the cluster is still functional