1

I am following the installation docs for the new IPI install of OpenShift 4.5 on vCenter and running into a snag when trying to connect to the vCenter. I am running the installer from a CentOS 7 box.

[root@lb ocp45_install_2]# openshift-install create install-config

[...]

INFO Connecting to vCenter [myvcenterhere] FATAL failed to fetch Install Config: failed to fetch dependency of "Install Config": failed to fetch dependency of "Base Domain": failed to generate asset "Platform": unable to connect to vCenter [myvcenterhere]. Ensure provided information is correct and client certs have been added to system trust.: Post https://[myvcenterhere]/sdk: context deadline exceeded

I have added the root certs for my vcenter into /etc/pki/ca-trust/source/anchors/ per the documentation and I am able to reach it over 443 when using netcat. I also verified all login info was correct. I have previously used this machine to do a UPI install of 4.3 in the same vCenter and did have success connecting. The vCenter uses a self-signed certificate.

Does anyone know if I need to include anything special to allow it to use the self-signed certificates when creating the install-config.yaml after adding the certs to the system trust?

Eliza
  • 11
  • 3

1 Answers1

0

You can try inserting that self-signed certificate into your nodes trust store.

This can be done editing your install-config.yaml, adding an additionalTrustBundle definition. Doc mentions:

apiVersion: v1
baseDomain: my.domain.com
additionalTrustBundle: | 
    -----BEGIN CERTIFICATE-----
    <MY_TRUSTED_CA_CERT>
    -----END CERTIFICATE-----
...
SYN
  • 4,476
  • 1
  • 20
  • 22