From 7567901fc347b5b09de6c20de5665ed16bf67b41 Mon Sep 17 00:00:00 2001 From: Sukanta Dash Date: Tue, 8 Oct 2024 16:48:22 -0700 Subject: [PATCH 1/2] Added Certificate Issue troubleshooting steps for Disconnected Environment --- documentation/disconnected-notes/README.md | 27 ++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/documentation/disconnected-notes/README.md b/documentation/disconnected-notes/README.md index d05934ad..c33f0698 100644 --- a/documentation/disconnected-notes/README.md +++ b/documentation/disconnected-notes/README.md @@ -387,3 +387,30 @@ spec: The ai-accelerator uses Red Hat GitOps (ArgoCD) to define what to install. As such, you'll need a git repo that ArgoCD can dial out to. For this Proof of Concept, we utilized Gitea as described by RHPDS - [Gitea Operator](https://github.com/rhpds/gitea-operator) +### Certificate Issue + +You may see below certificate error while downloading models from model storage or external storage. This error comes when the certificates to be trusted are missing from clusterwide certificate authority bundle. + +``` + +2024-10-01714:55:39Z +Failed to pull model from storage +{"model_id": "fraud_", "error": "rc +error: +code = Unknown desc = Failed to pull model from storage due to error: unable to list objects in bucket +'my-storage': RequestError: send request failedincaused by: Get \"htts://xxxxxxx\": *509: certificate signed by unknown authority"} + +``` + +Please follow the below steps to fix the issue + +``` +$ oc get secret -n openshift-ingress-operator router-ca -o jsonpath='{.data.tls\.crt}' | base64 -d > openshift-ca-bundle.pem +$ oc get configmap -n openshift-config openshift-service-ca.crt -o jsonpath='{.data.service-ca\.crt}' >> openshift-ca-bundle.pem +$ CA_BUNDLE_FILE=./openshift-ca-bundle.pem +$ oc patch dscinitialization default-dsci --type='json' -p='[{"op":"replace","path":"/spec/trustedCABundle/customCABundle","value":"'"$(awk '{printf "%s\\n", $0}' $CA_BUNDLE_FILE)"'"}]' + +``` +For more information see below link + +https://docs.redhat.com/en/documentation/red_hat_openshift_ai_self-managed/2.13/html/installing_and_uninstalling_openshift_ai_self-managed/working-with-certificates_certs From 9b096621fae73306f2c20fc33f47a8b612774919 Mon Sep 17 00:00:00 2001 From: Sukanta Dash Date: Wed, 9 Oct 2024 07:04:15 -0700 Subject: [PATCH 2/2] Added Certificate Issue troubleshooting steps for Disconnected Environment --- documentation/disconnected-notes/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/documentation/disconnected-notes/README.md b/documentation/disconnected-notes/README.md index c33f0698..00dc43a2 100644 --- a/documentation/disconnected-notes/README.md +++ b/documentation/disconnected-notes/README.md @@ -389,7 +389,7 @@ The ai-accelerator uses Red Hat GitOps (ArgoCD) to define what to install. As s ArgoCD can dial out to. For this Proof of Concept, we utilized Gitea as described by RHPDS - [Gitea Operator](https://github.com/rhpds/gitea-operator) ### Certificate Issue -You may see below certificate error while downloading models from model storage or external storage. This error comes when the certificates to be trusted are missing from clusterwide certificate authority bundle. +You may see below certificate error while downloading models from model storage or external storage. This error comes when the certificates to be trusted are missing from cluster wide certificate authority bundle. ```