1ecec95b8c
In the current release, cert-api-manager runs on kubecluster.yaml [1], but in the kubemaster.yaml [2] the script [3] expects the existance of the ca.key file (if the cert_api_manager_enabled=true), otherwise it gets blocked. This file (ca.key), in turn, it's created only when enable-cert-api-manager.sh runs [4] So, we have a dead lock... So we need to change the call enable-cert-api-manager.sh into the kubemaster.yaml [1] https://github.com/openstack/magnum/blob/master/magnum/drivers/k8s_fedora_atomic_v1/templates/kubecluster.yaml#L1158-L1161 [2] https://github.com/openstack/magnum/blob/master/magnum/drivers/k8s_fedora_atomic_v1/templates/kubemaster.yaml#L760 [3] https://github.com/openstack/magnum/blob/master/magnum/drivers/common/templates/kubernetes/fragments/enable-services-master.sh#L12-L16 [4] https://github.com/openstack/magnum/blob/master/magnum/drivers/common/templates/kubernetes/fragments/enable-cert-api-manager.sh#L11 On other issue, the chown of this file (ca.key) it's not working. Moving the call of this file into kubemaster.yaml makes cluster creation FAILS because of an error [7] in [5]. If we check a cluster created in stein [6] we notice that the file is owned by root:root. Knowing this we can comment [5] for now. [5] https://github.com/openstack/magnum/blob/master/magnum/drivers/common/templates/kubernetes/fragments/enable-cert-api-manager.sh#L13 [6] http://paste.openstack.org/show/788534/ [7] http://paste.openstack.org/show/788537/ Change-Id: Ibee2df435c3f7c34bff74e9146fb28d8367124b1 Signed-off-by: Diogo Guerra <diogo.filipe.tomas.guerra@cern.ch> |
||
|---|---|---|
| .. | ||
| api | ||
| cmd | ||
| common | ||
| conductor | ||
| conf | ||
| db | ||
| drivers | ||
| hacking | ||
| objects | ||
| service | ||
| servicegroup | ||
| tests | ||
| __init__.py | ||
| i18n.py | ||
| version.py | ||