openshift m5 sample-app self-signed certificate errors

Question

I'm trying to follow the directions for the openshift 3 v0.3.3 sample-app on centos 6.6 as per https://github.com/openshift/origin/tree/v0.3.3 . When i run

openshift ex policy add-user view anypassword:test-admin

i get complaints from add_user.go:43

Get https://localhost:8443/osapi/v1beta1/policyBindings/master?namespace=default: x509: certificate signed by unknown authority

I didn't know how to get around it so i commented out the Fatal() call. This allowed execution to continue and i can login to the web administrator console. The next step worked but then i hit

openshift ex registry --create --credentials="${KUBECONFIG}"

which produces the error

registry.go:145] Can't check for existing docker-registry "docker-registry": Get https://localhost:8443/api/v1beta1/services/docker-registry?namespace=default: x509: certificate signed by unknown authority

There are LOTS of registry.go files in openshift and i don't like kludging through these errors in any case. Perhaps it's just a case of finding the right .pem file so i can follow this procedure: https://www.happyassassin.net/2015/01/14/trusting-additional-cas-in-fedora-rhel-centos-dont-append-to-etcpkitlscertsca-bundle-crt-or-etcpkitlscert-pem/. Does anyone have experience with this?

thanks!

Answer 1

Had the same problem and taharqa on the #openshift-dev IRC had the answer. The problem is that optional step 1 in the directions has to be executed in the sample subdirectory but step 4 assumes that you are in the origin subdirectory. You have to execute the commands in the correct subdirectory or the certificates aren't located properly.