SUSE CaaS Platform/Issues

From MicroFocusInternationalWiki
Revision as of 09:48, 9 March 2018 by Cduch (Talk | contribs)

Jump to: navigation, search

Quick Links

This site is for documentation purposes only. If you ran into any problems with your subscribed SUSE CaaS Platform please contact the SUSE support!

This site lists workaround for issues which needs to be fixed within SUSE CaaS Platform.


Outdated Certificates

It sometimes might happen that a certificate gets outdated and is not renewed properly. To fix this issue do the following steps: SSH on to the Admin Node and move the expired certs out of the way:

  mv /etc/pki/{velum,ldap,salt-api}.crt /root

2) Regenerate the set of certs moved in step 1:

  /usr/share/caasp-container-manifests/gen-certs.sh

3) On a master node, backup and delete the dex-tls secret:

  kubectl -n kube-system get secret dex-tls -o yaml > /root/dex-tls
  kubectl -n kube-system delete secret dex-tls

4) On a master node, find and delete the dex pods (bsc#1082996):

This *will* prevent new authentications requests succeeding against the cluster. However, the static credentials located on the master nodes will continue to function.

  kubectl -n kube-system get pods | grep dex
  kubectl -n kube-system delete pods <Dex Pod 1> <Dex Pod 3> <Dex Pod 3>

They will *NOT* start back up by themselves until the dex-tls secret is recreated as part of step 5.

5) Manually run the salt orchestration, this may take some time:

  docker exec -it $(docker ps | grep salt-master | awk '{print $1}') bash -c "salt-run state.orchestrate orch.kubernetes" 2&>1 > salt-run.log

6) Check the tail of salt-run.log to see if the orchestration succeeded

  tail -n 50 salt-run.log

7) On a master node, validate the dex pods are running:

  kubectl -n kube-system get pods | grep dex

8) Test and validate the cluster is still functional