Migrate playbook fails in 3.6 with certificate error
Issue
Playbook /usr/share/ansible/openshift-ansible/playbooks/byo/openshift-etcd/migrate.yml fails with the following error:
TASK [Add new etcd members to cluster] ******************************************************************************************************************************************************************************************************
Thursday 26 April 2018 12:43:15 +0200 (0:00:02.877) 0:05:46.601 ********
FAILED - RETRYING: Add new etcd members to cluster (12 retries left).
FAILED - RETRYING: Add new etcd members to cluster (11 retries left).
FAILED - RETRYING: Add new etcd members to cluster (10 retries left).
FAILED - RETRYING: Add new etcd members to cluster (9 retries left).
FAILED - RETRYING: Add new etcd members to cluster (8 retries left).
FAILED - RETRYING: Add new etcd members to cluster (7 retries left).
FAILED - RETRYING: Add new etcd members to cluster (6 retries left).
FAILED - RETRYING: Add new etcd members to cluster (5 retries left).
FAILED - RETRYING: Add new etcd members to cluster (4 retries left).
FAILED - RETRYING: Add new etcd members to cluster (3 retries left).
FAILED - RETRYING: Add new etcd members to cluster (2 retries left).
FAILED - RETRYING: Add new etcd members to cluster (1 retries left).
fatal: [master02.example.com -> master01.example.com]: FAILED! => {"attempts": 12, "changed": true, "cmd": ["/usr/bin/etcdctl", "--cert-file", "/etc/etcd/peer.crt", "--key-file", "/etc/etcd/peer.key", "--ca-file", "/etc/etcd/ca.crt", "-C", "https://master01.example.com:2379", "member", "add", "master02.example.com", "https://X.X.X.X:2380"], "delta": "0:00:00.030976", "end": "2018-04-26 12:45:20.315139", "failed_when_result": true, "msg": "non-zero return code", "rc": 1, "start": "2018-04-26 12:45:20.284163", "stderr": "client: etcd cluster is unavailable or misconfigured; error #0: x509: certificate is not valid for any names, but wanted to match master01.example.com", "stderr_lines": ["client: etcd cluster is unavailable or misconfigured; error #0: x509: certificate is not valid for any names, but wanted to match master01.example.com"], "stdout": "", "stdout_lines": []}
Environment
OCP 3.6
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.