Describe the bug
I am a new user of OKD. I am trying to setup OKD on a couple of mini PC's to see what it is all about as we are looking to start using openshift in work. New install 4.20.0-okd-scos.8 with some pods failing.
install-config.yaml has:
baremetal:
apiVIP: 192.168.2.250
ingressVIP: 192.168.2.251
provisioningNetworkCIDR: disabled
the cluster of 3 bootstraps and comes up with keepalived correctly configuring the VIP's but i end up with pods crashlooping / erroring.
openshift-kube-controller-manager installer pod status: error - logs below
openshift-machine-api metal3 pod status: crashloop - logs below
Is this a bug? Any known workarounds ? any help would be greatly appreciated
Version
4.20.0-okd-scos.8
Reproducibility
Installl OKD 4.20 on a home lab with nodes that do not have BMC. Use baremetal to apply VIP's.
Log Bundle
openshift-kube-controller-manager installer pod status: error
I1127 23:23:22.838331 1 cmd.go:95] &{ true {false} installer true map[cert-configmaps:0xc0007a12c0 cert-dir:0xc0007a14a0 cert-secrets:0xc0007a1220 configmaps:0xc0007a0dc0 namespace:0xc0007a0be0 optional-cert-configmaps:0xc0007a1400 optional-configmaps:0xc0007a0f00 optional-secrets:0xc0007a0e60 pod:0xc0007a0c80 pod-manifest-dir:0xc0007a1040 resource-dir:0xc0007a0fa0 revision:0xc0007a0b40 secrets:0xc0007a0d20 v:0xc0007a1ea0] [0xc0007a1ea0 0xc0007a0b40 0xc0007a0be0 0xc0007a0c80 0xc0007a0fa0 0xc0007a1040 0xc0007a0dc0 0xc0007a0f00 0xc0007a0d20 0xc0007a0e60 0xc0007a14a0 0xc0007a12c0 0xc0007a1400 0xc0007a1220] [] map[cert-configmaps:0xc0007a12c0 cert-dir:0xc0007a14a0 cert-secrets:0xc0007a1220 configmaps:0xc0007a0dc0 help:0xc0005e70e0 kubeconfig:0xc0007a0aa0 log-flush-frequency:0xc0007a1e00 namespace:0xc0007a0be0 optional-cert-configmaps:0xc0007a1400 optional-cert-secrets:0xc0007a1360 optional-configmaps:0xc0007a0f00 optional-secrets:0xc0007a0e60 pod:0xc0007a0c80 pod-manifest-dir:0xc0007a1040 pod-manifests-lock-file:0xc0007a1180 resource-dir:0xc0007a0fa0 revision:0xc0007a0b40 secrets:0xc0007a0d20 timeout-duration:0xc0007a10e0 v:0xc0007a1ea0 vmodule:0xc0005e6c80] [0xc0007a0aa0 0xc0007a0b40 0xc0007a0be0 0xc0007a0c80 0xc0007a0d20 0xc0007a0dc0 0xc0007a0e60 0xc0007a0f00 0xc0007a0fa0 0xc0007a1040 0xc0007a10e0 0xc0007a1180 0xc0007a1220 0xc0007a12c0 0xc0007a1360 0xc0007a1400 0xc0007a14a0 0xc0007a1e00 0xc0007a1ea0 0xc0005e6c80 0xc0005e70e0] [0xc0007a12c0 0xc0007a14a0 0xc0007a1220 0xc0007a0dc0 0xc0005e70e0 0xc0007a0aa0 0xc0007a1e00 0xc0007a0be0 0xc0007a1400 0xc0007a1360 0xc0007a0f00 0xc0007a0e60 0xc0007a0c80 0xc0007a1040 0xc0007a1180 0xc0007a0fa0 0xc0007a0b40 0xc0007a0d20 0xc0007a10e0 0xc0007a1ea0 0xc0005e6c80] map[104:0xc0005e70e0 118:0xc0007a1ea0] [] -1 0 0xc00016d3b0 true 0x77e700 []}
I1127 23:23:22.838434 1 cmd.go:96] (*installerpod.InstallOptions)(0xc0003de340)({
KubeConfig: (string) "",
KubeClient: (kubernetes.Interface) ,
Revision: (string) (len=1) "5",
NodeName: (string) "",
Namespace: (string) (len=33) "openshift-kube-controller-manager",
Clock: (clock.RealClock) {
},
PodConfigMapNamePrefix: (string) (len=27) "kube-controller-manager-pod",
SecretNamePrefixes: ([]string) (len=2 cap=2) {
(string) (len=27) "service-account-private-key",
(string) (len=31) "localhost-recovery-client-token"
},
OptionalSecretNamePrefixes: ([]string) (len=1 cap=1) {
(string) (len=12) "serving-cert"
},
ConfigMapNamePrefixes: ([]string) (len=8 cap=8) {
(string) (len=27) "kube-controller-manager-pod",
(string) (len=6) "config",
(string) (len=32) "cluster-policy-controller-config",
(string) (len=29) "controller-manager-kubeconfig",
(string) (len=38) "kube-controller-cert-syncer-kubeconfig",
(string) (len=17) "serviceaccount-ca",
(string) (len=10) "service-ca",
(string) (len=15) "recycler-config"
},
OptionalConfigMapNamePrefixes: ([]string) (len=1 cap=1) {
(string) (len=12) "cloud-config"
},
CertSecretNames: ([]string) (len=2 cap=2) {
(string) (len=39) "kube-controller-manager-client-cert-key",
(string) (len=10) "csr-signer"
},
OptionalCertSecretNamePrefixes: ([]string) ,
CertConfigMapNamePrefixes: ([]string) (len=2 cap=2) {
(string) (len=20) "aggregator-client-ca",
(string) (len=9) "client-ca"
},
OptionalCertConfigMapNamePrefixes: ([]string) (len=1 cap=1) {
(string) (len=17) "trusted-ca-bundle"
},
CertDir: (string) (len=66) "/etc/kubernetes/static-pod-resources/kube-controller-manager-certs",
ResourceDir: (string) (len=36) "/etc/kubernetes/static-pod-resources",
PodManifestDir: (string) (len=25) "/etc/kubernetes/manifests",
Timeout: (time.Duration) 2m0s,
StaticPodManifestsLockFile: (string) "",
PodMutationFns: ([]installerpod.PodMutationFunc) ,
KubeletVersion: (string) ""
})
I1127 23:23:22.838627 1 envvar.go:172] "Feature gate default state" feature="WatchListClient" enabled=false
I1127 23:23:22.838635 1 envvar.go:172] "Feature gate default state" feature="ClientsAllowCBOR" enabled=false
I1127 23:23:22.838639 1 envvar.go:172] "Feature gate default state" feature="ClientsPreferCBOR" enabled=false
I1127 23:23:22.838642 1 envvar.go:172] "Feature gate default state" feature="InformerResourceVersion" enabled=false
I1127 23:23:22.838645 1 envvar.go:172] "Feature gate default state" feature="InOrderInformers" enabled=true
I1127 23:23:22.838905 1 cmd.go:413] Getting controller reference for node m2
I1127 23:23:22.844166 1 cmd.go:426] Waiting for installer revisions to settle for node m2
I1127 23:23:22.845584 1 cmd.go:506] Pod container: installer state for node m2 is not terminated, waiting
I1127 23:23:32.849245 1 cmd.go:506] Pod container: installer state for node m2 is not terminated, waiting
I1127 23:23:42.847941 1 cmd.go:518] Waiting additional period after revisions have settled for node m2
I1127 23:24:12.848337 1 cmd.go:524] Getting installer pods for node m2
I1127 23:24:12.851130 1 cmd.go:542] Latest installer revision for node m2 is: 5
I1127 23:24:12.851138 1 cmd.go:431] Querying kubelet version for node m2
I1127 23:24:12.852260 1 cmd.go:444] Got kubelet version 1.33.5 on target node m2
I1127 23:24:12.852286 1 cmd.go:293] Creating target resource directory "/etc/kubernetes/static-pod-resources/kube-controller-manager-pod-5" ...
I1127 23:24:12.852467 1 cmd.go:221] Creating target resource directory "/etc/kubernetes/static-pod-resources/kube-controller-manager-pod-5" ...
I1127 23:24:12.852480 1 cmd.go:229] Getting secrets ...
I1127 23:24:12.853403 1 copy.go:32] Got secret openshift-kube-controller-manager/localhost-recovery-client-token-5
I1127 23:24:12.854976 1 copy.go:32] Got secret openshift-kube-controller-manager/service-account-private-key-5
I1127 23:24:12.856041 1 copy.go:32] Got secret openshift-kube-controller-manager/serving-cert-5
I1127 23:24:12.856078 1 cmd.go:242] Getting config maps ...
I1127 23:24:12.857042 1 copy.go:60] Got configMap openshift-kube-controller-manager/cluster-policy-controller-config-5
I1127 23:24:12.857839 1 copy.go:60] Got configMap openshift-kube-controller-manager/config-5
I1127 23:24:12.858548 1 copy.go:60] Got configMap openshift-kube-controller-manager/controller-manager-kubeconfig-5
I1127 23:24:12.859823 1 copy.go:60] Got configMap openshift-kube-controller-manager/kube-controller-cert-syncer-kubeconfig-5
I1127 23:24:12.860884 1 copy.go:60] Got configMap openshift-kube-controller-manager/kube-controller-manager-pod-5
I1127 23:24:13.050601 1 copy.go:60] Got configMap openshift-kube-controller-manager/recycler-config-5
I1127 23:24:13.250604 1 copy.go:60] Got configMap openshift-kube-controller-manager/service-ca-5
I1127 23:24:13.450452 1 copy.go:60] Got configMap openshift-kube-controller-manager/serviceaccount-ca-5
I1127 23:24:13.650207 1 copy.go:52] Failed to get config map openshift-kube-controller-manager/cloud-config-5: configmaps "cloud-config-5" not found
I1127 23:24:13.650224 1 cmd.go:261] Creating directory "/etc/kubernetes/static-pod-resources/kube-controller-manager-pod-5/secrets/localhost-recovery-client-token" ...
I1127 23:24:13.650327 1 cmd.go:639] Writing secret manifest "/etc/kubernetes/static-pod-resources/kube-controller-manager-pod-5/secrets/localhost-recovery-client-token/token" ...
I1127 23:24:13.650451 1 cmd.go:639] Writing secret manifest "/etc/kubernetes/static-pod-resources/kube-controller-manager-pod-5/secrets/localhost-recovery-client-token/ca.crt" ...
I1127 23:24:13.650514 1 cmd.go:639] Writing secret manifest "/etc/kubernetes/static-pod-resources/kube-controller-manager-pod-5/secrets/localhost-recovery-client-token/namespace" ...
I1127 23:24:13.650577 1 cmd.go:261] Creating directory "/etc/kubernetes/static-pod-resources/kube-controller-manager-pod-5/secrets/service-account-private-key" ...
I1127 23:24:13.650614 1 cmd.go:639] Writing secret manifest "/etc/kubernetes/static-pod-resources/kube-controller-manager-pod-5/secrets/service-account-private-key/service-account.key" ...
I1127 23:24:13.650674 1 cmd.go:261] Creating directory "/etc/kubernetes/static-pod-resources/kube-controller-manager-pod-5/secrets/serving-cert" ...
I1127 23:24:13.650717 1 cmd.go:639] Writing secret manifest "/etc/kubernetes/static-pod-resources/kube-controller-manager-pod-5/secrets/serving-cert/tls.crt" ...
I1127 23:24:13.650774 1 cmd.go:639] Writing secret manifest "/etc/kubernetes/static-pod-resources/kube-controller-manager-pod-5/secrets/serving-cert/tls.key" ...
I1127 23:24:13.650833 1 cmd.go:277] Creating directory "/etc/kubernetes/static-pod-resources/kube-controller-manager-pod-5/configmaps/cluster-policy-controller-config" ...
I1127 23:24:13.650893 1 cmd.go:629] Writing config file "/etc/kubernetes/static-pod-resources/kube-controller-manager-pod-5/configmaps/cluster-policy-controller-config/config.yaml" ...
I1127 23:24:13.650950 1 cmd.go:277] Creating directory "/etc/kubernetes/static-pod-resources/kube-controller-manager-pod-5/configmaps/config" ...
I1127 23:24:13.650984 1 cmd.go:629] Writing config file "/etc/kubernetes/static-pod-resources/kube-controller-manager-pod-5/configmaps/config/config.yaml" ...
I1127 23:24:13.651045 1 cmd.go:277] Creating directory "/etc/kubernetes/static-pod-resources/kube-controller-manager-pod-5/configmaps/controller-manager-kubeconfig" ...
I1127 23:24:13.651080 1 cmd.go:629] Writing config file "/etc/kubernetes/static-pod-resources/kube-controller-manager-pod-5/configmaps/controller-manager-kubeconfig/kubeconfig" ...
I1127 23:24:13.651144 1 cmd.go:277] Creating directory "/etc/kubernetes/static-pod-resources/kube-controller-manager-pod-5/configmaps/kube-controller-cert-syncer-kubeconfig" ...
I1127 23:24:13.651180 1 cmd.go:629] Writing config file "/etc/kubernetes/static-pod-resources/kube-controller-manager-pod-5/configmaps/kube-controller-cert-syncer-kubeconfig/kubeconfig" ...
I1127 23:24:13.651239 1 cmd.go:277] Creating directory "/etc/kubernetes/static-pod-resources/kube-controller-manager-pod-5/configmaps/kube-controller-manager-pod" ...
I1127 23:24:13.651271 1 cmd.go:629] Writing config file "/etc/kubernetes/static-pod-resources/kube-controller-manager-pod-5/configmaps/kube-controller-manager-pod/forceRedeploymentReason" ...
I1127 23:24:13.651321 1 cmd.go:629] Writing config file "/etc/kubernetes/static-pod-resources/kube-controller-manager-pod-5/configmaps/kube-controller-manager-pod/pod.yaml" ...
I1127 23:24:13.651385 1 cmd.go:629] Writing config file "/etc/kubernetes/static-pod-resources/kube-controller-manager-pod-5/configmaps/kube-controller-manager-pod/version" ...
I1127 23:24:13.651443 1 cmd.go:277] Creating directory "/etc/kubernetes/static-pod-resources/kube-controller-manager-pod-5/configmaps/recycler-config" ...
I1127 23:24:13.651519 1 cmd.go:629] Writing config file "/etc/kubernetes/static-pod-resources/kube-controller-manager-pod-5/configmaps/recycler-config/recycler-pod.yaml" ...
I1127 23:24:13.651578 1 cmd.go:277] Creating directory "/etc/kubernetes/static-pod-resources/kube-controller-manager-pod-5/configmaps/service-ca" ...
I1127 23:24:13.651616 1 cmd.go:629] Writing config file "/etc/kubernetes/static-pod-resources/kube-controller-manager-pod-5/configmaps/service-ca/ca-bundle.crt" ...
I1127 23:24:13.651674 1 cmd.go:277] Creating directory "/etc/kubernetes/static-pod-resources/kube-controller-manager-pod-5/configmaps/serviceaccount-ca" ...
I1127 23:24:13.651708 1 cmd.go:629] Writing config file "/etc/kubernetes/static-pod-resources/kube-controller-manager-pod-5/configmaps/serviceaccount-ca/ca-bundle.crt" ...
I1127 23:24:13.651760 1 cmd.go:221] Creating target resource directory "/etc/kubernetes/static-pod-resources/kube-controller-manager-certs" ...
I1127 23:24:13.651795 1 cmd.go:229] Getting secrets ...
I1127 23:24:13.850727 1 copy.go:32] Got secret openshift-kube-controller-manager/csr-signer
I1127 23:24:14.050451 1 copy.go:32] Got secret openshift-kube-controller-manager/kube-controller-manager-client-cert-key
I1127 23:24:14.050473 1 cmd.go:242] Getting config maps ...
I1127 23:24:14.250390 1 copy.go:60] Got configMap openshift-kube-controller-manager/aggregator-client-ca
I1127 23:24:14.450427 1 copy.go:52] Failed to get config map openshift-kube-controller-manager/client-ca: configmaps "client-ca" not found
F1127 23:24:14.651050 1 cmd.go:109] failed to copy: configmaps "client-ca" not found
openshift-machine-api metal3 pod status: crashloop
``++` export IRONIC_IP=
++ IRONIC_IP=
++ PROVISIONING_INTERFACE=
++ PROVISIONING_IP=192.168.2.12
++ PROVISIONING_MACS=84:47:09:66:d0:a1,84:47:09:66:de:9e,84:47:09:66:df:0d
++ IPXE_CUSTOM_FIRMWARE_DIR=/shared/custom_ipxe_firmware
++ CUSTOM_CONFIG_DIR=/conf
++ CUSTOM_DATA_DIR=/data
++ export DNSMASQ_CONF_DIR=/conf/dnsmasq
++ DNSMASQ_CONF_DIR=/conf/dnsmasq
++ export DNSMASQ_DATA_DIR=/data/dnsmasq
++ DNSMASQ_DATA_DIR=/data/dnsmasq
++ export DNSMASQ_TEMP_DIR=/conf/dnsmasq
++ DNSMASQ_TEMP_DIR=/conf/dnsmasq
++ export HTTPD_DIR=/conf/httpd
++ HTTPD_DIR=/conf/httpd
++ export HTTPD_CONF_DIR=/conf/httpd/conf
++ HTTPD_CONF_DIR=/conf/httpd/conf
++ export HTTPD_CONF_DIR_D=/conf/httpd/conf.d
++ HTTPD_CONF_DIR_D=/conf/httpd/conf.d
++ export IRONIC_CONF_DIR=/conf/ironic
++ IRONIC_CONF_DIR=/conf/ironic
++ export IRONIC_DB_DIR=/data/db
++ IRONIC_DB_DIR=/data/db
++ export IRONIC_GEN_CERT_DIR=/data/auto_gen_certs
++ IRONIC_GEN_CERT_DIR=/data/auto_gen_certs
++ export IRONIC_TMP_DATA_DIR=/data/tmp
++ IRONIC_TMP_DATA_DIR=/data/tmp
++ export PROBE_CONF_DIR=/conf/probes
++ PROBE_CONF_DIR=/conf/probes
++ export HTTP_PORT=6180
++ HTTP_PORT=6180
++ export IRONIC_JSON_RPC_PORT=6189
++ IRONIC_JSON_RPC_PORT=6189
++ set +e
++ mkdir -p /conf/ironic /conf/probes /conf/httpd/conf /conf/httpd/conf.d /conf/dnsmasq /conf/dnsmasq /data/db /data/auto_gen_certs /data/dnsmasq /data/tmp
++ set -e
++ export HTPASSWD_FILE=/conf/ironic/htpasswd
++ HTPASSWD_FILE=/conf/ironic/htpasswd
++ export LOCAL_DB_URI=sqlite:////data/db/ironic.sqlite
++ LOCAL_DB_URI=sqlite:////data/db/ironic.sqlite
++ export IRONIC_USE_MARIADB=false
++ IRONIC_USE_MARIADB=false
+++ get_provisioning_interface
+++ [[ -n '' ]]
+++ local interface=provisioning
+++ [[ -n 192.168.2.12 ]]
+++ ip -br addr show
+++ grep -i ' 192.168.2.12/'
++++ ip -br addr show
++++ grep -i ' 192.168.2.12/'
++++ cut -f 1 -d ' '
++++ cut -f 1 -d @
+++ interface=br-ex
+++ for mac in ${PROVISIONING_MACS//,/ }
+++ ip -br link show up
+++ grep -i 84:47:09:66:d0:a1
+++ for mac in ${PROVISIONING_MACS//,/ }
+++ ip -br link show up
+++ grep -i 84:47:09:66:de:9e
+++ for mac in ${PROVISIONING_MACS//,/ }
+++ ip -br link show up
+++ grep -i 84:47:09:66:df:0d
++++ ip -br link show up
++++ grep -i 84:47:09:66:df:0d
++++ cut -f 1 -d ' '
++++ cut -f 1 -d @
+++ interface='enp1s0
enp1s0.3
enp1s0.2
enp1s0.4
br-ex'
+++ break
+++ echo 'enp1s0
enp1s0.3
enp1s0.2
enp1s0.4
br-ex'
++ PROVISIONING_INTERFACE='enp1s0
enp1s0.3
enp1s0.2
enp1s0.4
br-ex'
++ export PROVISIONING_INTERFACE
++ export LISTEN_ALL_INTERFACES=true
++ LISTEN_ALL_INTERFACES=true
++ export IRONIC_PRIVATE_PORT=unix
++ IRONIC_PRIVATE_PORT=unix
++ export IRONIC_ACCESS_PORT=6385
++ IRONIC_ACCESS_PORT=6385
++ export IRONIC_LISTEN_PORT=6388
++ IRONIC_LISTEN_PORT=6388
++ export IRONIC_ENABLE_DISCOVERY=false
++ IRONIC_ENABLE_DISCOVERY=false
- . /bin/auth-common.sh
++ set -euxo pipefail
++ export IRONIC_REVERSE_PROXY_SETUP=true
++ IRONIC_REVERSE_PROXY_SETUP=true
++ CUSTOM_CONFIG_DIR=/conf
++ IRONIC_CONF_DIR=/conf/ironic
++ [[ '' == \C\o\n\d\u\c\t\o\r ]]
++ export IRONIC_EXPOSE_JSON_RPC=false
++ IRONIC_EXPOSE_JSON_RPC=false
++ IRONIC_HTPASSWD_FILE=/conf/ironic/htpasswd
++ export IRONIC_RPC_HTPASSWD_FILE=/conf/ironic/htpasswd-rpc
++ IRONIC_RPC_HTPASSWD_FILE=/conf/ironic/htpasswd-rpc
++ [[ -f /auth/ironic/htpasswd ]]
++ IRONIC_HTPASSWD='ironic-user:$2y$05$.WpnKLfwx5jGPXHm7byCLu1xcEeDdwGINY8OEw8F1BxLEfgnoRMRW'
++ [[ -f /auth/ironic-rpc/htpasswd ]]
++ export 'IRONIC_HTPASSWD=ironic-user:$2y$05$.WpnKLfwx5jGPXHm7byCLu1xcEeDdwGINY8OEw8F1BxLEfgnoRMRW'
++ IRONIC_HTPASSWD='ironic-user:$2y$05$.WpnKLfwx5jGPXHm7byCLu1xcEeDdwGINY8OEw8F1BxLEfgnoRMRW'
++ export 'IRONIC_RPC_HTPASSWD=ironic-user:$2y$05$.WpnKLfwx5jGPXHm7byCLu1xcEeDdwGINY8OEw8F1BxLEfgnoRMRW'
++ IRONIC_RPC_HTPASSWD='ironic-user:$2y$05$.WpnKLfwx5jGPXHm7byCLu1xcEeDdwGINY8OEw8F1BxLEfgnoRMRW'
++ [[ -n '' ]]
++ [[ -f /auth/mariadb/password ]]
++ [[ -z '' ]]
++ [[ -f /auth/mariadb/username ]]
++ IRONIC_CONFIG=/conf/ironic/ironic.conf
- export HTTP_PORT=6180
- HTTP_PORT=6180
- export VMEDIA_TLS_PORT=6183
- VMEDIA_TLS_PORT=6183
- export IRONIC_REVERSE_PROXY_SETUP=true
- IRONIC_REVERSE_PROXY_SETUP=true
- export HTTPD_SERVE_NODE_IMAGES=true
- HTTPD_SERVE_NODE_IMAGES=true
- IRONIC_FAST_TRACK=true
- HTTPD_ENABLE_SENDFILE=false
- export IRONIC_IPA_COLLECTORS=default,logs
- IRONIC_IPA_COLLECTORS=default,logs
- wait_for_interface_or_ip
- [[ -n 192.168.2.12 ]]
++ ipcalc 192.168.2.12
++ grep '^Address:'
++ awk '{print $2}'
- IRONIC_IP=192.168.2.12
- export IRONIC_IP
- grep -F ' 192.168.2.12/' /dev/fd/63
++ ip -br addr show
br-ex UNKNOWN 192.168.2.12/24 169.254.0.2/17 192.168.2.250/32
- [[ 192.168.2.12 =~ .:. ]]
- export IPV=4
- IPV=4
- export IRONIC_URL_HOST=192.168.2.12
- IRONIC_URL_HOST=192.168.2.12
- export IRONIC_HTTP_URL=http://192.168.2.12:6180
- IRONIC_HTTP_URL=http://192.168.2.12:6180
- export IRONIC_TFTP_URL=tftp://192.168.2.12
- IRONIC_TFTP_URL=tftp://192.168.2.12
- export IRONIC_BASE_URL=https://192.168.2.12:6385
- IRONIC_BASE_URL=https://192.168.2.12:6385
- mkdir -p /shared/html
- chmod 0777 /shared/html
- INSPECTOR_EXTRA_ARGS=' ipa-inspection-callback-url=https://192.168.2.12:6385/v1/continue_inspection'
- [[ true == \t\r\u\e ]]
- INSPECTOR_EXTRA_ARGS+=' ipa-api-url=https://192.168.2.12:6385'
- export INSPECTOR_EXTRA_ARGS
- . /bin/coreos-ipa-common.sh
++ ROOTFS_FILE=/shared/html/images/ironic-python-agent.rootfs
++ IGNITION_FILE=/shared/html/ironic-python-agent.ign
++ ISO_FILE=/shared/html/images/ironic-python-agent.iso
++ use_coreos_ipa
++ [[ -f /shared/html/images/ironic-python-agent.rootfs ]]
++ return 0
+++ coreos_kernel_params
+++ echo -n coreos.live.rootfs_url=http://192.168.2.12:6180/images/ironic-python-agent.rootfs
+++ [[ -f /shared/html/ironic-python-agent.ign ]]
+++ echo ' ignition.firstboot ignition.platform.id=metal'
++ IRONIC_KERNEL_PARAMS=' coreos.live.rootfs_url=http://192.168.2.12:6180/images/ironic-python-agent.rootfs ignition.firstboot ignition.platform.id=metal'
++ export IRONIC_KERNEL_PARAMS
- render_j2_config /templates/inspector.ipxe.j2 /shared/html/inspector.ipxe
- python3.12 -c 'import os; import sys; import jinja2; sys.stdout.write(jinja2.Template(sys.stdin.read()).render(env=os.environ))'
- [[ -f /conf/httpd/conf/httpd.conf ]]
- render_j2_config /etc/httpd/conf/httpd.conf.j2 /conf/httpd/conf/httpd.conf
- python3.12 -c 'import os; import sys; import jinja2; sys.stdout.write(jinja2.Template(sys.stdin.read()).render(env=os.environ))'
- [[ true == \t\r\u\e ]]
- [[ true == \t\r\u\e ]]
- render_j2_config /templates/httpd-ironic-api.conf.j2 /conf/httpd/conf.d/ironic.conf
- python3.12 -c 'import os; import sys; import jinja2; sys.stdout.write(jinja2.Template(sys.stdin.read()).render(env=os.environ))'
- write_htpasswd_files
- [[ -n ironic-user:$2y$05$.WpnKLfwx5jGPXHm7byCLu1xcEeDdwGINY8OEw8F1BxLEfgnoRMRW ]]
- printf '%s\n' 'ironic-user:$2y$05$.WpnKLfwx5jGPXHm7byCLu1xcEeDdwGINY8OEw8F1BxLEfgnoRMRW'
- [[ true == \t\r\u\e ]]
- render_j2_config /templates/httpd-vmedia.conf.j2 /conf/httpd/conf.d/vmedia.conf
- python3.12 -c 'import os; import sys; import jinja2; sys.stdout.write(jinja2.Template(sys.stdin.read()).render(env=os.environ))'
- [[ false == \t\r\u\e ]]
- configure_restart_on_certificate_update true httpd /certs/ironic/tls.crt
- local enabled=true
- local service=httpd
- local cert_file=/certs/ironic/tls.crt
- local signal=TERM
- [[ true == \t\r\u\e ]]
- [[ false == \t\r\u\e ]]
- configure_restart_on_certificate_update true httpd /certs/vmedia/tls.crt
- local enabled=true
- local service=httpd
- local cert_file=/certs/vmedia/tls.crt
- local signal=TERM
- [[ true == \t\r\u\e ]]
- [[ false == \t\r\u\e ]]
- exec /usr/sbin/httpd -DFOREGROUND -f /conf/httpd/conf/httpd.conf
[Thu Nov 27 23:39:29.389175 2025] [ssl:info] [pid 1:tid 1] AH01914: Configuring server 192-168-2-12.machine-config-daemon.openshift-machine-config-operator.svc.cluster.local:6183 for SSL protocol
[Thu Nov 27 23:39:29.390975 2025] [ssl:debug] [pid 1:tid 1] ssl_engine_init.c(536): AH01893: Configuring TLS extension handling
[Thu Nov 27 23:39:29.391963 2025] [ssl:debug] [pid 1:tid 1] ssl_util_ssl.c(451): AH02412: [192-168-2-12.machine-config-daemon.openshift-machine-config-operator.svc.cluster.local:6183] Cert does not match for name '192-168-2-12.machine-config-daemon.openshift-machine-config-operator.svc.cluster.local' [subject: CN=localhost / issuer: CN=metal3-ironic / serial: 3FAE37F57048CB21 / notbefore: Nov 27 23:25:46 2025 GMT / notafter: Nov 27 23:25:47 2027 GMT]
[Thu Nov 27 23:39:29.391972 2025] [ssl:warn] [pid 1:tid 1] AH01909: 192-168-2-12.machine-config-daemon.openshift-machine-config-operator.svc.cluster.local:6183:0 server certificate does NOT include an ID which matches the server name
[Thu Nov 27 23:39:29.391977 2025] [ssl:info] [pid 1:tid 1] AH02568: Certificate and private key 192-168-2-12.machine-config-daemon.openshift-machine-config-operator.svc.cluster.local:6183:0 configured from /certs/vmedia/tls.crt and /certs/vmedia/tls.key
[Thu Nov 27 23:39:29.392221 2025] [ssl:info] [pid 1:tid 1] AH01914: Configuring server 192-168-2-12.machine-config-daemon.openshift-machine-config-operator.svc.cluster.local:6388 for SSL protocol
[Thu Nov 27 23:39:29.392632 2025] [ssl:debug] [pid 1:tid 1] ssl_engine_init.c(536): AH01893: Configuring TLS extension handling
[Thu Nov 27 23:39:29.392881 2025] [ssl:debug] [pid 1:tid 1] ssl_util_ssl.c(451): AH02412: [192-168-2-12.machine-config-daemon.openshift-machine-config-operator.svc.cluster.local:6388] Cert does not match for name '192-168-2-12.machine-config-daemon.openshift-machine-config-operator.svc.cluster.local' [subject: CN=localhost / issuer: CN=metal3-ironic / serial: 3FAE37F57048CB21 / notbefore: Nov 27 23:25:46 2025 GMT / notafter: Nov 27 23:25:47 2027 GMT]
[Thu Nov 27 23:39:29.392888 2025] [ssl:warn] [pid 1:tid 1] AH01909: 192-168-2-12.machine-config-daemon.openshift-machine-config-operator.svc.cluster.local:6388:0 server certificate does NOT include an ID which matches the server name
[Thu Nov 27 23:39:29.392892 2025] [ssl:info] [pid 1:tid 1] AH02568: Certificate and private key 192-168-2-12.machine-config-daemon.openshift-machine-config-operator.svc.cluster.local:6388:0 configured from /certs/ironic/tls.crt and /certs/ironic/tls.key
[Thu Nov 27 23:39:29.407595 2025] [ssl:warn] [pid 1:tid 1] AH01873: Init: Session Cache is not configured [hint: SSLSessionCache]
[Thu Nov 27 23:39:29.407607 2025] [ssl:info] [pid 1:tid 1] AH01914: Configuring server 192-168-2-12.machine-config-daemon.openshift-machine-config-operator.svc.cluster.local:6183 for SSL protocol
[Thu Nov 27 23:39:29.408233 2025] [ssl:debug] [pid 1:tid 1] ssl_engine_init.c(536): AH01893: Configuring TLS extension handling
[Thu Nov 27 23:39:29.408600 2025] [ssl:debug] [pid 1:tid 1] ssl_util_ssl.c(451): AH02412: [192-168-2-12.machine-config-daemon.openshift-machine-config-operator.svc.cluster.local:6183] Cert does not match for name '192-168-2-12.machine-config-daemon.openshift-machine-config-operator.svc.cluster.local' [subject: CN=localhost / issuer: CN=metal3-ironic / serial: 3FAE37F57048CB21 / notbefore: Nov 27 23:25:46 2025 GMT / notafter: Nov 27 23:25:47 2027 GMT]
[Thu Nov 27 23:39:29.408610 2025] [ssl:warn] [pid 1:tid 1] AH01909: 192-168-2-12.machine-config-daemon.openshift-machine-config-operator.svc.cluster.local:6183:0 server certificate does NOT include an ID which matches the server name
[Thu Nov 27 23:39:29.408614 2025] [ssl:info] [pid 1:tid 1] AH02568: Certificate and private key 192-168-2-12.machine-config-daemon.openshift-machine-config-operator.svc.cluster.local:6183:0 configured from /certs/vmedia/tls.crt and /certs/vmedia/tls.key
[Thu Nov 27 23:39:29.408751 2025] [ssl:info] [pid 1:tid 1] AH01914: Configuring server 192-168-2-12.machine-config-daemon.openshift-machine-config-operator.svc.cluster.local:6388 for SSL protocol
[Thu Nov 27 23:39:29.409210 2025] [ssl:debug] [pid 1:tid 1] ssl_engine_init.c(536): AH01893: Configuring TLS extension handling
[Thu Nov 27 23:39:29.409462 2025] [ssl:debug] [pid 1:tid 1] ssl_util_ssl.c(451): AH02412: [192-168-2-12.machine-config-daemon.openshift-machine-config-operator.svc.cluster.local:6388] Cert does not match for name '192-168-2-12.machine-config-daemon.openshift-machine-config-operator.svc.cluster.local' [subject: CN=localhost / issuer: CN=metal3-ironic / serial: 3FAE37F57048CB21 / notbefore: Nov 27 23:25:46 2025 GMT / notafter: Nov 27 23:25:47 2027 GMT]
[Thu Nov 27 23:39:29.409470 2025] [ssl:warn] [pid 1:tid 1] AH01909: 192-168-2-12.machine-config-daemon.openshift-machine-config-operator.svc.cluster.local:6388:0 server certificate does NOT include an ID which matches the server name
[Thu Nov 27 23:39:29.409474 2025] [ssl:info] [pid 1:tid 1] AH02568: Certificate and private key 192-168-2-12.machine-config-daemon.openshift-machine-config-operator.svc.cluster.local:6388:0 configured from /certs/ironic/tls.crt and /certs/ironic/tls.key
[Thu Nov 27 23:39:29.412040 2025] [mpm_event:notice] [pid 1:tid 1] AH00489: Apache/2.4.62 (CentOS Stream) OpenSSL/3.5.1 configured -- resuming normal operations
[Thu Nov 27 23:39:29.412077 2025] [core:notice] [pid 1:tid 1] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND -f /conf/httpd/conf/httpd.conf'
[Thu Nov 27 23:39:29.414605 2025] [proxy:debug] [pid 43:tid 43] proxy_util.c(2252): AH00925: initializing worker unix:/shared/ironic.sock|http://127.0.0.1/ shared
[Thu Nov 27 23:39:29.414632 2025] [proxy:debug] [pid 44:tid 44] proxy_util.c(2252): AH00925: initializing worker unix:/shared/ironic.sock|http://127.0.0.1/ shared
[Thu Nov 27 23:39:29.414639 2025] [proxy:debug] [pid 43:tid 43] proxy_util.c(2323): AH00927: initializing worker unix:/shared/ironic.sock|http://127.0.0.1/ local
[Thu Nov 27 23:39:29.414673 2025] [proxy:debug] [pid 43:tid 43] proxy_util.c(2354): AH00930: initialized pool in child 43 for (127.0.0.1:80) min=0 max=25 smax=25
[Thu Nov 27 23:39:29.414691 2025] [proxy:debug] [pid 44:tid 44] proxy_util.c(2323): AH00927: initializing worker unix:/shared/ironic.sock|http://127.0.0.1/ local
[Thu Nov 27 23:39:29.414730 2025] [proxy:debug] [pid 44:tid 44] proxy_util.c(2354): AH00930: initialized pool in child 44 for (127.0.0.1:80) min=0 max=25 smax=25
[Thu Nov 27 23:39:29.415100 2025] [proxy:debug] [pid 45:tid 45] proxy_util.c(2252): AH00925: initializing worker unix:/shared/ironic.sock|http://127.0.0.1/ shared
[Thu Nov 27 23:39:29.415143 2025] [proxy:debug] [pid 45:tid 45] proxy_util.c(2323): AH00927: initializing worker unix:/shared/ironic.sock|http://127.0.0.1/ local
[Thu Nov 27 23:39:29.415176 2025] [proxy:debug] [pid 45:tid 45] proxy_util.c(2354): AH00930: initialized pool in child 45 for (127.0.0.1:80) min=0 max=25 smax=25
`
Describe the bug
I am a new user of OKD. I am trying to setup OKD on a couple of mini PC's to see what it is all about as we are looking to start using openshift in work. New install 4.20.0-okd-scos.8 with some pods failing.
install-config.yaml has:
baremetal:
apiVIP: 192.168.2.250
ingressVIP: 192.168.2.251
provisioningNetworkCIDR: disabled
the cluster of 3 bootstraps and comes up with keepalived correctly configuring the VIP's but i end up with pods crashlooping / erroring.
openshift-kube-controller-manager installer pod status: error - logs below
openshift-machine-api metal3 pod status: crashloop - logs below
Is this a bug? Any known workarounds ? any help would be greatly appreciated
Version
4.20.0-okd-scos.8
Reproducibility
Installl OKD 4.20 on a home lab with nodes that do not have BMC. Use baremetal to apply VIP's.
Log Bundle
openshift-kube-controller-manager installer pod status: error
openshift-machine-api metal3 pod status: crashloop
``++` export IRONIC_IP=
++ IRONIC_IP=
++ PROVISIONING_INTERFACE=
++ PROVISIONING_IP=192.168.2.12
++ PROVISIONING_MACS=84:47:09:66:d0:a1,84:47:09:66:de:9e,84:47:09:66:df:0d
++ IPXE_CUSTOM_FIRMWARE_DIR=/shared/custom_ipxe_firmware
++ CUSTOM_CONFIG_DIR=/conf
++ CUSTOM_DATA_DIR=/data
++ export DNSMASQ_CONF_DIR=/conf/dnsmasq
++ DNSMASQ_CONF_DIR=/conf/dnsmasq
++ export DNSMASQ_DATA_DIR=/data/dnsmasq
++ DNSMASQ_DATA_DIR=/data/dnsmasq
++ export DNSMASQ_TEMP_DIR=/conf/dnsmasq
++ DNSMASQ_TEMP_DIR=/conf/dnsmasq
++ export HTTPD_DIR=/conf/httpd
++ HTTPD_DIR=/conf/httpd
++ export HTTPD_CONF_DIR=/conf/httpd/conf
++ HTTPD_CONF_DIR=/conf/httpd/conf
++ export HTTPD_CONF_DIR_D=/conf/httpd/conf.d
++ HTTPD_CONF_DIR_D=/conf/httpd/conf.d
++ export IRONIC_CONF_DIR=/conf/ironic
++ IRONIC_CONF_DIR=/conf/ironic
++ export IRONIC_DB_DIR=/data/db
++ IRONIC_DB_DIR=/data/db
++ export IRONIC_GEN_CERT_DIR=/data/auto_gen_certs
++ IRONIC_GEN_CERT_DIR=/data/auto_gen_certs
++ export IRONIC_TMP_DATA_DIR=/data/tmp
++ IRONIC_TMP_DATA_DIR=/data/tmp
++ export PROBE_CONF_DIR=/conf/probes
++ PROBE_CONF_DIR=/conf/probes
++ export HTTP_PORT=6180
++ HTTP_PORT=6180
++ export IRONIC_JSON_RPC_PORT=6189
++ IRONIC_JSON_RPC_PORT=6189
++ set +e
++ mkdir -p /conf/ironic /conf/probes /conf/httpd/conf /conf/httpd/conf.d /conf/dnsmasq /conf/dnsmasq /data/db /data/auto_gen_certs /data/dnsmasq /data/tmp
++ set -e
++ export HTPASSWD_FILE=/conf/ironic/htpasswd
++ HTPASSWD_FILE=/conf/ironic/htpasswd
++ export LOCAL_DB_URI=sqlite:////data/db/ironic.sqlite
++ LOCAL_DB_URI=sqlite:////data/db/ironic.sqlite
++ export IRONIC_USE_MARIADB=false
++ IRONIC_USE_MARIADB=false
+++ get_provisioning_interface
+++ [[ -n '' ]]
+++ local interface=provisioning
+++ [[ -n 192.168.2.12 ]]
+++ ip -br addr show
+++ grep -i ' 192.168.2.12/'
++++ ip -br addr show
++++ grep -i ' 192.168.2.12/'
++++ cut -f 1 -d ' '
++++ cut -f 1 -d @
+++ interface=br-ex
+++ for mac in ${PROVISIONING_MACS//,/ }
+++ ip -br link show up
+++ grep -i 84:47:09:66:d0:a1
+++ for mac in ${PROVISIONING_MACS//,/ }
+++ ip -br link show up
+++ grep -i 84:47:09:66:de:9e
+++ for mac in ${PROVISIONING_MACS//,/ }
+++ ip -br link show up
+++ grep -i 84:47:09:66:df:0d
++++ ip -br link show up
++++ grep -i 84:47:09:66:df:0d
++++ cut -f 1 -d ' '
++++ cut -f 1 -d @
+++ interface='enp1s0
enp1s0.3
enp1s0.2
enp1s0.4
br-ex'
+++ break
+++ echo 'enp1s0
enp1s0.3
enp1s0.2
enp1s0.4
br-ex'
++ PROVISIONING_INTERFACE='enp1s0
enp1s0.3
enp1s0.2
enp1s0.4
br-ex'
++ export PROVISIONING_INTERFACE
++ export LISTEN_ALL_INTERFACES=true
++ LISTEN_ALL_INTERFACES=true
++ export IRONIC_PRIVATE_PORT=unix
++ IRONIC_PRIVATE_PORT=unix
++ export IRONIC_ACCESS_PORT=6385
++ IRONIC_ACCESS_PORT=6385
++ export IRONIC_LISTEN_PORT=6388
++ IRONIC_LISTEN_PORT=6388
++ export IRONIC_ENABLE_DISCOVERY=false
++ IRONIC_ENABLE_DISCOVERY=false
++ set -euxo pipefail
++ export IRONIC_REVERSE_PROXY_SETUP=true
++ IRONIC_REVERSE_PROXY_SETUP=true
++ CUSTOM_CONFIG_DIR=/conf
++ IRONIC_CONF_DIR=/conf/ironic
++ [[ '' == \C\o\n\d\u\c\t\o\r ]]
++ export IRONIC_EXPOSE_JSON_RPC=false
++ IRONIC_EXPOSE_JSON_RPC=false
++ IRONIC_HTPASSWD_FILE=/conf/ironic/htpasswd
++ export IRONIC_RPC_HTPASSWD_FILE=/conf/ironic/htpasswd-rpc
++ IRONIC_RPC_HTPASSWD_FILE=/conf/ironic/htpasswd-rpc
++ [[ -f /auth/ironic/htpasswd ]]
++ IRONIC_HTPASSWD='ironic-user:$2y$05$.WpnKLfwx5jGPXHm7byCLu1xcEeDdwGINY8OEw8F1BxLEfgnoRMRW'
++ [[ -f /auth/ironic-rpc/htpasswd ]]
++ export 'IRONIC_HTPASSWD=ironic-user:$2y$05$.WpnKLfwx5jGPXHm7byCLu1xcEeDdwGINY8OEw8F1BxLEfgnoRMRW'
++ IRONIC_HTPASSWD='ironic-user:$2y$05$.WpnKLfwx5jGPXHm7byCLu1xcEeDdwGINY8OEw8F1BxLEfgnoRMRW'
++ export 'IRONIC_RPC_HTPASSWD=ironic-user:$2y$05$.WpnKLfwx5jGPXHm7byCLu1xcEeDdwGINY8OEw8F1BxLEfgnoRMRW'
++ IRONIC_RPC_HTPASSWD='ironic-user:$2y$05$.WpnKLfwx5jGPXHm7byCLu1xcEeDdwGINY8OEw8F1BxLEfgnoRMRW'
++ [[ -n '' ]]
++ [[ -f /auth/mariadb/password ]]
++ [[ -z '' ]]
++ [[ -f /auth/mariadb/username ]]
++ IRONIC_CONFIG=/conf/ironic/ironic.conf
++ ipcalc 192.168.2.12
++ grep '^Address:'
++ awk '{print $2}'
++ ip -br addr show
br-ex UNKNOWN 192.168.2.12/24 169.254.0.2/17 192.168.2.250/32
++ ROOTFS_FILE=/shared/html/images/ironic-python-agent.rootfs
++ IGNITION_FILE=/shared/html/ironic-python-agent.ign
++ ISO_FILE=/shared/html/images/ironic-python-agent.iso
++ use_coreos_ipa
++ [[ -f /shared/html/images/ironic-python-agent.rootfs ]]
++ return 0
+++ coreos_kernel_params
+++ echo -n coreos.live.rootfs_url=http://192.168.2.12:6180/images/ironic-python-agent.rootfs
+++ [[ -f /shared/html/ironic-python-agent.ign ]]
+++ echo ' ignition.firstboot ignition.platform.id=metal'
++ IRONIC_KERNEL_PARAMS=' coreos.live.rootfs_url=http://192.168.2.12:6180/images/ironic-python-agent.rootfs ignition.firstboot ignition.platform.id=metal'
++ export IRONIC_KERNEL_PARAMS
[Thu Nov 27 23:39:29.389175 2025] [ssl:info] [pid 1:tid 1] AH01914: Configuring server 192-168-2-12.machine-config-daemon.openshift-machine-config-operator.svc.cluster.local:6183 for SSL protocol
[Thu Nov 27 23:39:29.390975 2025] [ssl:debug] [pid 1:tid 1] ssl_engine_init.c(536): AH01893: Configuring TLS extension handling
[Thu Nov 27 23:39:29.391963 2025] [ssl:debug] [pid 1:tid 1] ssl_util_ssl.c(451): AH02412: [192-168-2-12.machine-config-daemon.openshift-machine-config-operator.svc.cluster.local:6183] Cert does not match for name '192-168-2-12.machine-config-daemon.openshift-machine-config-operator.svc.cluster.local' [subject: CN=localhost / issuer: CN=metal3-ironic / serial: 3FAE37F57048CB21 / notbefore: Nov 27 23:25:46 2025 GMT / notafter: Nov 27 23:25:47 2027 GMT]
[Thu Nov 27 23:39:29.391972 2025] [ssl:warn] [pid 1:tid 1] AH01909: 192-168-2-12.machine-config-daemon.openshift-machine-config-operator.svc.cluster.local:6183:0 server certificate does NOT include an ID which matches the server name
[Thu Nov 27 23:39:29.391977 2025] [ssl:info] [pid 1:tid 1] AH02568: Certificate and private key 192-168-2-12.machine-config-daemon.openshift-machine-config-operator.svc.cluster.local:6183:0 configured from /certs/vmedia/tls.crt and /certs/vmedia/tls.key
[Thu Nov 27 23:39:29.392221 2025] [ssl:info] [pid 1:tid 1] AH01914: Configuring server 192-168-2-12.machine-config-daemon.openshift-machine-config-operator.svc.cluster.local:6388 for SSL protocol
[Thu Nov 27 23:39:29.392632 2025] [ssl:debug] [pid 1:tid 1] ssl_engine_init.c(536): AH01893: Configuring TLS extension handling
[Thu Nov 27 23:39:29.392881 2025] [ssl:debug] [pid 1:tid 1] ssl_util_ssl.c(451): AH02412: [192-168-2-12.machine-config-daemon.openshift-machine-config-operator.svc.cluster.local:6388] Cert does not match for name '192-168-2-12.machine-config-daemon.openshift-machine-config-operator.svc.cluster.local' [subject: CN=localhost / issuer: CN=metal3-ironic / serial: 3FAE37F57048CB21 / notbefore: Nov 27 23:25:46 2025 GMT / notafter: Nov 27 23:25:47 2027 GMT]
[Thu Nov 27 23:39:29.392888 2025] [ssl:warn] [pid 1:tid 1] AH01909: 192-168-2-12.machine-config-daemon.openshift-machine-config-operator.svc.cluster.local:6388:0 server certificate does NOT include an ID which matches the server name
[Thu Nov 27 23:39:29.392892 2025] [ssl:info] [pid 1:tid 1] AH02568: Certificate and private key 192-168-2-12.machine-config-daemon.openshift-machine-config-operator.svc.cluster.local:6388:0 configured from /certs/ironic/tls.crt and /certs/ironic/tls.key
[Thu Nov 27 23:39:29.407595 2025] [ssl:warn] [pid 1:tid 1] AH01873: Init: Session Cache is not configured [hint: SSLSessionCache]
[Thu Nov 27 23:39:29.407607 2025] [ssl:info] [pid 1:tid 1] AH01914: Configuring server 192-168-2-12.machine-config-daemon.openshift-machine-config-operator.svc.cluster.local:6183 for SSL protocol
[Thu Nov 27 23:39:29.408233 2025] [ssl:debug] [pid 1:tid 1] ssl_engine_init.c(536): AH01893: Configuring TLS extension handling
[Thu Nov 27 23:39:29.408600 2025] [ssl:debug] [pid 1:tid 1] ssl_util_ssl.c(451): AH02412: [192-168-2-12.machine-config-daemon.openshift-machine-config-operator.svc.cluster.local:6183] Cert does not match for name '192-168-2-12.machine-config-daemon.openshift-machine-config-operator.svc.cluster.local' [subject: CN=localhost / issuer: CN=metal3-ironic / serial: 3FAE37F57048CB21 / notbefore: Nov 27 23:25:46 2025 GMT / notafter: Nov 27 23:25:47 2027 GMT]
[Thu Nov 27 23:39:29.408610 2025] [ssl:warn] [pid 1:tid 1] AH01909: 192-168-2-12.machine-config-daemon.openshift-machine-config-operator.svc.cluster.local:6183:0 server certificate does NOT include an ID which matches the server name
[Thu Nov 27 23:39:29.408614 2025] [ssl:info] [pid 1:tid 1] AH02568: Certificate and private key 192-168-2-12.machine-config-daemon.openshift-machine-config-operator.svc.cluster.local:6183:0 configured from /certs/vmedia/tls.crt and /certs/vmedia/tls.key
[Thu Nov 27 23:39:29.408751 2025] [ssl:info] [pid 1:tid 1] AH01914: Configuring server 192-168-2-12.machine-config-daemon.openshift-machine-config-operator.svc.cluster.local:6388 for SSL protocol
[Thu Nov 27 23:39:29.409210 2025] [ssl:debug] [pid 1:tid 1] ssl_engine_init.c(536): AH01893: Configuring TLS extension handling
[Thu Nov 27 23:39:29.409462 2025] [ssl:debug] [pid 1:tid 1] ssl_util_ssl.c(451): AH02412: [192-168-2-12.machine-config-daemon.openshift-machine-config-operator.svc.cluster.local:6388] Cert does not match for name '192-168-2-12.machine-config-daemon.openshift-machine-config-operator.svc.cluster.local' [subject: CN=localhost / issuer: CN=metal3-ironic / serial: 3FAE37F57048CB21 / notbefore: Nov 27 23:25:46 2025 GMT / notafter: Nov 27 23:25:47 2027 GMT]
[Thu Nov 27 23:39:29.409470 2025] [ssl:warn] [pid 1:tid 1] AH01909: 192-168-2-12.machine-config-daemon.openshift-machine-config-operator.svc.cluster.local:6388:0 server certificate does NOT include an ID which matches the server name
[Thu Nov 27 23:39:29.409474 2025] [ssl:info] [pid 1:tid 1] AH02568: Certificate and private key 192-168-2-12.machine-config-daemon.openshift-machine-config-operator.svc.cluster.local:6388:0 configured from /certs/ironic/tls.crt and /certs/ironic/tls.key
[Thu Nov 27 23:39:29.412040 2025] [mpm_event:notice] [pid 1:tid 1] AH00489: Apache/2.4.62 (CentOS Stream) OpenSSL/3.5.1 configured -- resuming normal operations
[Thu Nov 27 23:39:29.412077 2025] [core:notice] [pid 1:tid 1] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND -f /conf/httpd/conf/httpd.conf'
[Thu Nov 27 23:39:29.414605 2025] [proxy:debug] [pid 43:tid 43] proxy_util.c(2252): AH00925: initializing worker unix:/shared/ironic.sock|http://127.0.0.1/ shared
[Thu Nov 27 23:39:29.414632 2025] [proxy:debug] [pid 44:tid 44] proxy_util.c(2252): AH00925: initializing worker unix:/shared/ironic.sock|http://127.0.0.1/ shared
[Thu Nov 27 23:39:29.414639 2025] [proxy:debug] [pid 43:tid 43] proxy_util.c(2323): AH00927: initializing worker unix:/shared/ironic.sock|http://127.0.0.1/ local
[Thu Nov 27 23:39:29.414673 2025] [proxy:debug] [pid 43:tid 43] proxy_util.c(2354): AH00930: initialized pool in child 43 for (127.0.0.1:80) min=0 max=25 smax=25
[Thu Nov 27 23:39:29.414691 2025] [proxy:debug] [pid 44:tid 44] proxy_util.c(2323): AH00927: initializing worker unix:/shared/ironic.sock|http://127.0.0.1/ local
[Thu Nov 27 23:39:29.414730 2025] [proxy:debug] [pid 44:tid 44] proxy_util.c(2354): AH00930: initialized pool in child 44 for (127.0.0.1:80) min=0 max=25 smax=25
[Thu Nov 27 23:39:29.415100 2025] [proxy:debug] [pid 45:tid 45] proxy_util.c(2252): AH00925: initializing worker unix:/shared/ironic.sock|http://127.0.0.1/ shared
[Thu Nov 27 23:39:29.415143 2025] [proxy:debug] [pid 45:tid 45] proxy_util.c(2323): AH00927: initializing worker unix:/shared/ironic.sock|http://127.0.0.1/ local
[Thu Nov 27 23:39:29.415176 2025] [proxy:debug] [pid 45:tid 45] proxy_util.c(2354): AH00930: initialized pool in child 45 for (127.0.0.1:80) min=0 max=25 smax=25
`