Newline at the end of CA cert in security.tls.certificateAuthorities breaks OCP 4 Installation with "Unable to parse CA"

Solution In Progress - Updated -

Issue

  • When using a CA certificate file (ca.pem) that contains a newline at the end in the ignition shim as security.tls.certificateAuthorities (as described in the OpenShift on OpenStack UPI documentation), the ignition of the bootstrap machine aborts with:
Ignition has failed. Please ensure your config is valid. Note that only
Ignition spec v3.0.0+ configs are accepted.

A CLI validation tool to check this called ignition-validate can be
downloaded from GitHub:
    https://github.com/coreos/ignition/releases

Environment

  • Red Hat OpenShift Container Platform 4.6

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content