Bug 1464977

Summary: Installation fails at metrics stage while performing installation with non-root user
Product: OpenShift Container Platform Reporter: Joel Rosental R. <jrosenta>
Component: InstallerAssignee: ewolinet
Status: CLOSED ERRATA QA Contact: Anping Li <anli>
Severity: high Docs Contact:
Priority: unspecified    
Version: 3.5.0CC: aos-bugs, erich, ewolinet, jokerman, jrosenta, mmccomas
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Cause: Sometimes metrics isn't able to install correctly when using a non-root user. Consequence: The playbook fails due to lack of permissions/files not visible due to permissions. Fix: Any local action within the metrics role added a 'become: false' so that it ensured it was using the local actions as the same user running the playbook. Result: The playbook no longer fails to complete due to permissions.
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-08-10 05:28:56 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Joel Rosental R. 2017-06-26 10:40:09 UTC
Description of problem:
OCP 3.5 installation is failing when executed with a non-root (but privileged through sudo across all the nodes) user at the metrics installation stage:


11:52:57.930 TASK [openshift_metrics : set_fact] ********************************************
11:52:57.930 task path: /usr/share/ansible/openshift-ansible/roles/openshift_metrics/tasks/generate_hawkular_certificates.yaml:30
11:52:57.979  [WARNING]: when statements should not include jinja2 templating delimiters
11:52:57.979 such as {{ }} or {% %}. Found: not {{ openshift_metrics_heapster_standalone |
11:52:57.979 bool }}
11:52:58.069 ok: [vh-7056pppq.iaas.xxx] => (item={'_ansible_parsed': True, u'stat': {u'exists': False}, '_ansible_item_result': True, '_ansible_no_log': False, u'changed': False, 'item': u'hawkular-metrics.pwd', u'invocation': {u'module_args': {u'checksum_algorithm': u'sha1', u'get_checksum': True, u'follow': False, u'path': u'/tmp/openshift-metrics-ansible-BHB5Or/hawkular-metrics.pwd', u'get_md5': True, u'get_mime': True, u'get_attributes': True}}}) => {
11:52:58.069     "ansible_facts": {
11:52:58.069         "pwd_files": {
11:52:58.069             "hawkular-metrics.pwd": {
11:52:58.069                 "exists": false
11:52:58.069             }
11:52:58.069         }
11:52:58.069     }, 
11:52:58.069     "changed": false, 
11:52:58.069     "item": {
11:52:58.069         "changed": false, 
11:52:58.069         "invocation": {
11:52:58.069             "module_args": {
11:52:58.069                 "checksum_algorithm": "sha1", 
11:52:58.069                 "follow": false, 
11:52:58.070                 "get_attributes": true, 
11:52:58.070                 "get_checksum": true, 
11:52:58.070                 "get_md5": true, 
11:52:58.070                 "get_mime": true, 
11:52:58.070                 "path": "/tmp/openshift-metrics-ansible-BHB5Or/hawkular-metrics.pwd"
11:52:58.070             }
11:52:58.070         }, 
11:52:58.070         "item": "hawkular-metrics.pwd", 
11:52:58.070         "stat": {
11:52:58.070             "exists": false
11:52:58.070         }
11:52:58.070     }
11:52:58.070 }
11:52:58.131 ok: [vh-7056pppq.iaas.xxx] => (item={'_ansible_parsed': True, u'stat': {u'exists': False}, '_ansible_item_result': True, '_ansible_no_log': False, u'changed': False, 'item': u'hawkular-metrics.htpasswd', u'invocation': {u'module_args': {u'checksum_algorithm': u'sha1', u'get_checksum': True, u'follow': False, u'path': u'/tmp/openshift-metrics-ansible-BHB5Or/hawkular-metrics.htpasswd', u'get_md5': True, u'get_mime': True, u'get_attributes': True}}}) => {
11:52:58.131     "ansible_facts": {
11:52:58.131         "pwd_files": {
11:52:58.131             "hawkular-metrics.htpasswd": {
11:52:58.131                 "exists": false
11:52:58.131             }, 
11:52:58.131             "hawkular-metrics.pwd": {
11:52:58.131                 "exists": false
11:52:58.131             }
11:52:58.131         }
11:52:58.131     }, 
11:52:58.131     "changed": false, 
11:52:58.131     "item": {
11:52:58.131         "changed": false, 
11:52:58.131         "invocation": {
11:52:58.131             "module_args": {
11:52:58.132                 "checksum_algorithm": "sha1", 
11:52:58.132                 "follow": false, 
11:52:58.132                 "get_attributes": true, 
11:52:58.132                 "get_checksum": true, 
11:52:58.132                 "get_md5": true, 
11:52:58.132                 "get_mime": true, 
11:52:58.132                 "path": "/tmp/openshift-metrics-ansible-BHB5Or/hawkular-metrics.htpasswd"
11:52:58.132             }
11:52:58.132         }, 
11:52:58.132         "item": "hawkular-metrics.htpasswd", 
11:52:58.132         "stat": {
11:52:58.132             "exists": false
11:52:58.132         }
11:52:58.132     }
11:52:58.132 }
11:52:58.190 ok: [vh-7056pppq.iaas.xxx] => (item={'_ansible_parsed': True, u'stat': {u'exists': False}, '_ansible_item_result': True, '_ansible_no_log': False, u'changed': False, 'item': u'hawkular-jgroups-keystore.pwd', u'invocation': {u'module_args': {u'checksum_algorithm': u'sha1', u'get_checksum': True, u'follow': False, u'path': u'/tmp/openshift-metrics-ansible-BHB5Or/hawkular-jgroups-keystore.pwd', u'get_md5': True, u'get_mime': True, u'get_attributes': True}}}) => {
11:52:58.190     "ansible_facts": {
11:52:58.190         "pwd_files": {
11:52:58.190             "hawkular-jgroups-keystore.pwd": {
11:52:58.190                 "exists": false
11:52:58.190             }, 
11:52:58.190             "hawkular-metrics.htpasswd": {
11:52:58.190                 "exists": false
11:52:58.190             }, 
11:52:58.190             "hawkular-metrics.pwd": {
11:52:58.190                 "exists": false
11:52:58.190             }
11:52:58.190         }
11:52:58.190     }, 
11:52:58.190     "changed": false, 
11:52:58.191     "item": {
11:52:58.191         "changed": false, 
11:52:58.191         "invocation": {
11:52:58.191             "module_args": {
11:52:58.191                 "checksum_algorithm": "sha1", 
11:52:58.191                 "follow": false, 
11:52:58.191                 "get_attributes": true, 
11:52:58.191                 "get_checksum": true, 
11:52:58.191                 "get_md5": true, 
11:52:58.191                 "get_mime": true, 
11:52:58.191                 "path": "/tmp/openshift-metrics-ansible-BHB5Or/hawkular-jgroups-keystore.pwd"
11:52:58.191             }
11:52:58.191         }, 
11:52:58.191         "item": "hawkular-jgroups-keystore.pwd", 
11:52:58.191         "stat": {
11:52:58.191             "exists": false
11:52:58.191         }
11:52:58.191     }
11:52:58.191 }
11:52:58.226 
11:52:58.226 TASK [openshift_metrics : generate password for hawkular metrics and jgroups] ***
11:52:58.226 task path: /usr/share/ansible/openshift-ansible/roles/openshift_metrics/tasks/generate_hawkular_certificates.yaml:35
11:52:58.262  [WARNING]: when statements should not include jinja2 templating delimiters
11:52:58.262 such as {{ }} or {% %}. Found: not {{ openshift_metrics_heapster_standalone |
11:52:58.262 bool }}
11:52:58.363 Using module file /usr/lib/python2.7/site-packages/ansible/modules/files/stat.py
11:52:58.363 <localhost> ESTABLISH LOCAL CONNECTION FOR USER: go
11:52:58.363 <localhost> EXEC /bin/sh -c 'echo ~ && sleep 0'
11:52:58.379 <localhost> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /opt/app-root/src/.ansible/tmp/ansible-tmp-1497873178.36-212043335709362 `" && echo ansible-tmp-1497873178.36-212043335709362="` echo /opt/app-root/src/.ansible/tmp/ansible-tmp-1497873178.36-212043335709362 `" ) && sleep 0'
11:52:58.398 <localhost> PUT /tmp/tmpeAGzAY TO /opt/app-root/src/.ansible/tmp/ansible-tmp-1497873178.36-212043335709362/stat.py
11:52:58.399 <localhost> EXEC /bin/sh -c 'chmod u+x /opt/app-root/src/.ansible/tmp/ansible-tmp-1497873178.36-212043335709362/ /opt/app-root/src/.ansible/tmp/ansible-tmp-1497873178.36-212043335709362/stat.py && sleep 0'
11:52:58.415 <localhost> EXEC /bin/sh -c 'sudo -H -S -n -u root /bin/sh -c '"'"'echo BECOME-SUCCESS-msoxiycnnxojpqyjxcygcesbfbmvzenq; /usr/bin/python2 /opt/app-root/src/.ansible/tmp/ansible-tmp-1497873178.36-212043335709362/stat.py; rm -rf "/opt/app-root/src/.ansible/tmp/ansible-tmp-1497873178.36-212043335709362/" > /dev/null 2>&1'"'"' && sleep 0'
11:52:58.553 <localhost> EXEC /bin/sh -c 'echo ~ && sleep 0'
11:52:58.569 <localhost> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /opt/app-root/src/.ansible/tmp/ansible-tmp-1497873178.55-177614159478585 `" && echo ansible-tmp-1497873178.55-177614159478585="` echo /opt/app-root/src/.ansible/tmp/ansible-tmp-1497873178.55-177614159478585 `" ) && sleep 0'
11:52:58.588 <localhost> PUT /tmp/tmpUup6H4 TO /opt/app-root/src/.ansible/tmp/ansible-tmp-1497873178.55-177614159478585/source
11:52:58.589 <localhost> EXEC /bin/sh -c 'chmod u+x /opt/app-root/src/.ansible/tmp/ansible-tmp-1497873178.55-177614159478585/ /opt/app-root/src/.ansible/tmp/ansible-tmp-1497873178.55-177614159478585/source && sleep 0'
11:52:58.608 Using module file /usr/lib/python2.7/site-packages/ansible/modules/files/copy.py
11:52:58.609 <localhost> PUT /tmp/tmp7cxioZ TO /opt/app-root/src/.ansible/tmp/ansible-tmp-1497873178.55-177614159478585/copy.py
11:52:58.610 <localhost> EXEC /bin/sh -c 'chmod u+x /opt/app-root/src/.ansible/tmp/ansible-tmp-1497873178.55-177614159478585/ /opt/app-root/src/.ansible/tmp/ansible-tmp-1497873178.55-177614159478585/copy.py && sleep 0'
11:52:58.636 <localhost> EXEC /bin/sh -c 'sudo -H -S -n -u root /bin/sh -c '"'"'echo BECOME-SUCCESS-mivufgctyoxvbkpycoqaqpmmxbvdrmeq; /usr/bin/python2 /opt/app-root/src/.ansible/tmp/ansible-tmp-1497873178.55-177614159478585/copy.py; rm -rf "/opt/app-root/src/.ansible/tmp/ansible-tmp-1497873178.55-177614159478585/" > /dev/null 2>&1'"'"' && sleep 0'
11:52:58.786 changed: [vh-7056pppq.iaas.xxx -> localhost] => (item=hawkular-metrics) => {
11:52:58.786     "changed": true, 
11:52:58.786     "checksum": "ab5dc745726ce63deb44f5790141c8053a6c5d0d", 
11:52:58.786     "dest": "/tmp/tmp.3fVicuokVx/hawkular-metrics.pwd", 
11:52:58.786     "gid": 0, 
11:52:58.786     "group": "root", 
11:52:58.786     "invocation": {
11:52:58.786         "module_args": {
11:52:58.786             "attributes": null, 
11:52:58.786             "backup": false, 
11:52:58.786             "content": null, 
11:52:58.786             "delimiter": null, 
11:52:58.786             "dest": "/tmp/tmp.3fVicuokVx/hawkular-metrics.pwd", 
11:52:58.786             "directory_mode": null, 
11:52:58.786             "follow": false, 
11:52:58.786             "force": true, 
11:52:58.786             "group": null, 
11:52:58.786             "mode": null, 
11:52:58.786             "original_basename": "tmpUup6H4", 
11:52:58.786             "owner": null, 
11:52:58.786             "regexp": null, 
11:52:58.786             "remote_src": null, 
11:52:58.786             "selevel": null, 
11:52:58.786             "serole": null, 
11:52:58.786             "setype": null, 
11:52:58.787             "seuser": null, 
11:52:58.787             "src": "/opt/app-root/src/.ansible/tmp/ansible-tmp-1497873178.55-177614159478585/source", 
11:52:58.787             "unsafe_writes": null, 
11:52:58.787             "validate": null
11:52:58.787         }
11:52:58.787     }, 
11:52:58.787     "item": "hawkular-metrics", 
11:52:58.787     "md5sum": "deb7f7f49f1ce8b5c0b1542c3d1edf96", 
11:52:58.787     "mode": "0644", 
11:52:58.787     "owner": "root", 
11:52:58.787     "size": 15, 
11:52:58.787     "src": "/opt/app-root/src/.ansible/tmp/ansible-tmp-1497873178.55-177614159478585/source", 
11:52:58.787     "state": "file", 
11:52:58.787     "uid": 0
11:52:58.787 }
11:52:58.848 Using module file /usr/lib/python2.7/site-packages/ansible/modules/files/stat.py
11:52:58.849 <localhost> EXEC /bin/sh -c 'echo ~ && sleep 0'
11:52:58.869 <localhost> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /opt/app-root/src/.ansible/tmp/ansible-tmp-1497873178.85-160547475067841 `" && echo ansible-tmp-1497873178.85-160547475067841="` echo /opt/app-root/src/.ansible/tmp/ansible-tmp-1497873178.85-160547475067841 `" ) && sleep 0'
11:52:58.890 <localhost> PUT /tmp/tmpXXOHD2 TO /opt/app-root/src/.ansible/tmp/ansible-tmp-1497873178.85-160547475067841/stat.py
11:52:58.893 <localhost> EXEC /bin/sh -c 'chmod u+x /opt/app-root/src/.ansible/tmp/ansible-tmp-1497873178.85-160547475067841/ /opt/app-root/src/.ansible/tmp/ansible-tmp-1497873178.85-160547475067841/stat.py && sleep 0'
11:52:58.909 <localhost> EXEC /bin/sh -c 'sudo -H -S -n -u root /bin/sh -c '"'"'echo BECOME-SUCCESS-krvlmdiytaarahvafezodmjoyinjaqpg; /usr/bin/python2 /opt/app-root/src/.ansible/tmp/ansible-tmp-1497873178.85-160547475067841/stat.py; rm -rf "/opt/app-root/src/.ansible/tmp/ansible-tmp-1497873178.85-160547475067841/" > /dev/null 2>&1'"'"' && sleep 0'
11:52:59.045 <localhost> EXEC /bin/sh -c 'echo ~ && sleep 0'
11:52:59.058 <localhost> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /opt/app-root/src/.ansible/tmp/ansible-tmp-1497873179.04-169452356638921 `" && echo ansible-tmp-1497873179.04-169452356638921="` echo /opt/app-root/src/.ansible/tmp/ansible-tmp-1497873179.04-169452356638921 `" ) && sleep 0'
11:52:59.076 <localhost> PUT /tmp/tmp04HUSY TO /opt/app-root/src/.ansible/tmp/ansible-tmp-1497873179.04-169452356638921/source
11:52:59.077 <localhost> EXEC /bin/sh -c 'chmod u+x /opt/app-root/src/.ansible/tmp/ansible-tmp-1497873179.04-169452356638921/ /opt/app-root/src/.ansible/tmp/ansible-tmp-1497873179.04-169452356638921/source && sleep 0'
11:52:59.099 Using module file /usr/lib/python2.7/site-packages/ansible/modules/files/copy.py
11:52:59.100 <localhost> PUT /tmp/tmpa4D6gX TO /opt/app-root/src/.ansible/tmp/ansible-tmp-1497873179.04-169452356638921/copy.py
11:52:59.100 <localhost> EXEC /bin/sh -c 'chmod u+x /opt/app-root/src/.ansible/tmp/ansible-tmp-1497873179.04-169452356638921/ /opt/app-root/src/.ansible/tmp/ansible-tmp-1497873179.04-169452356638921/copy.py && sleep 0'
11:52:59.118 <localhost> EXEC /bin/sh -c 'sudo -H -S -n -u root /bin/sh -c '"'"'echo BECOME-SUCCESS-zubsebspinmbletmzpnjvfqzmlkcproh; /usr/bin/python2 /opt/app-root/src/.ansible/tmp/ansible-tmp-1497873179.04-169452356638921/copy.py; rm -rf "/opt/app-root/src/.ansible/tmp/ansible-tmp-1497873179.04-169452356638921/" > /dev/null 2>&1'"'"' && sleep 0'
11:52:59.264 changed: [vh-7056pppq.iaas.xxx -> localhost] => (item=hawkular-jgroups-keystore) => {
11:52:59.264     "changed": true, 
11:52:59.264     "checksum": "c55412839eeb044dad47113664bebddf19f26760", 
11:52:59.264     "dest": "/tmp/tmp.3fVicuokVx/hawkular-jgroups-keystore.pwd", 
11:52:59.264     "gid": 0, 
11:52:59.264     "group": "root", 
11:52:59.264     "invocation": {
11:52:59.264         "module_args": {
11:52:59.264             "attributes": null, 
11:52:59.264             "backup": false, 
11:52:59.264             "content": null, 
11:52:59.265             "delimiter": null, 
11:52:59.265             "dest": "/tmp/tmp.3fVicuokVx/hawkular-jgroups-keystore.pwd", 
11:52:59.265             "directory_mode": null, 
11:52:59.265             "follow": false, 
11:52:59.265             "force": true, 
11:52:59.265             "group": null, 
11:52:59.265             "mode": null, 
11:52:59.265             "original_basename": "tmp04HUSY", 
11:52:59.265             "owner": null, 
11:52:59.265             "regexp": null, 
11:52:59.265             "remote_src": null, 
11:52:59.265             "selevel": null, 
11:52:59.265             "serole": null, 
11:52:59.265             "setype": null, 
11:52:59.265             "seuser": null, 
11:52:59.265             "src": "/opt/app-root/src/.ansible/tmp/ansible-tmp-1497873179.04-169452356638921/source", 
11:52:59.265             "unsafe_writes": null, 
11:52:59.265             "validate": null
11:52:59.265         }
11:52:59.265     }, 
11:52:59.265     "item": "hawkular-jgroups-keystore", 
11:52:59.265     "md5sum": "d2f009b75146d4e5e3b04462985e92fb", 
11:52:59.265     "mode": "0644", 
11:52:59.266     "owner": "root", 
11:52:59.266     "size": 15, 
11:52:59.266     "src": "/opt/app-root/src/.ansible/tmp/ansible-tmp-1497873179.04-169452356638921/source", 
11:52:59.266     "state": "file", 
11:52:59.266     "uid": 0
11:52:59.266 }
11:52:59.292 
11:52:59.292 TASK [openshift_metrics : slurp] ***********************************************
11:52:59.292 task path: /usr/share/ansible/openshift-ansible/roles/openshift_metrics/tasks/generate_hawkular_certificates.yaml:41
11:52:59.324  [WARNING]: when statements should not include jinja2 templating delimiters
11:52:59.324 such as {{ }} or {% %}. Found: not {{ openshift_metrics_heapster_standalone |
11:52:59.324 bool }}
11:52:59.381 Using module file /usr/lib/python2.7/site-packages/ansible/modules/network/basics/slurp.py
11:52:59.382 <localhost> ESTABLISH LOCAL CONNECTION FOR USER: go
11:52:59.382 <localhost> EXEC /bin/sh -c 'echo ~ && sleep 0'
11:52:59.401 <localhost> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /opt/app-root/src/.ansible/tmp/ansible-tmp-1497873179.38-70925817363825 `" && echo ansible-tmp-1497873179.38-70925817363825="` echo /opt/app-root/src/.ansible/tmp/ansible-tmp-1497873179.38-70925817363825 `" ) && sleep 0'
11:52:59.426 <localhost> PUT /tmp/tmpKtewKl TO /opt/app-root/src/.ansible/tmp/ansible-tmp-1497873179.38-70925817363825/slurp.py
11:52:59.427 <localhost> EXEC /bin/sh -c 'chmod u+x /opt/app-root/src/.ansible/tmp/ansible-tmp-1497873179.38-70925817363825/ /opt/app-root/src/.ansible/tmp/ansible-tmp-1497873179.38-70925817363825/slurp.py && sleep 0'
11:52:59.450 <localhost> EXEC /bin/sh -c 'sudo -H -S -n -u root /bin/sh -c '"'"'echo BECOME-SUCCESS-rwrdkkjtjlejymzgfwncszvebczejunb; /usr/bin/python2 /opt/app-root/src/.ansible/tmp/ansible-tmp-1497873179.38-70925817363825/slurp.py; rm -rf "/opt/app-root/src/.ansible/tmp/ansible-tmp-1497873179.38-70925817363825/" > /dev/null 2>&1'"'"' && sleep 0'
11:52:59.590 ok: [vh-7056pppq.iaas.xxx -> localhost] => {"censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result"}
11:52:59.613 
11:52:59.613 TASK [openshift_metrics : generate htpasswd file for hawkular metrics] *********
11:52:59.613 task path: /usr/share/ansible/openshift-ansible/roles/openshift_metrics/tasks/generate_hawkular_certificates.yaml:45
11:52:59.640  [WARNING]: when statements should not include jinja2 templating delimiters
11:52:59.640 such as {{ }} or {% %}. Found: not {{ openshift_metrics_heapster_standalone |
11:52:59.640 bool }}
11:53:00.043 Using module file /usr/lib/python2.7/site-packages/ansible/modules/web_infrastructure/htpasswd.py
11:53:00.043 <localhost> ESTABLISH LOCAL CONNECTION FOR USER: go
11:53:00.043 <localhost> EXEC /bin/sh -c 'echo ~ && sleep 0'
11:53:00.058 <localhost> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /opt/app-root/src/.ansible/tmp/ansible-tmp-1497873180.04-128455164148415 `" && echo ansible-tmp-1497873180.04-128455164148415="` echo /opt/app-root/src/.ansible/tmp/ansible-tmp-1497873180.04-128455164148415 `" ) && sleep 0'
11:53:00.083 <localhost> PUT /tmp/tmp_KzCMW TO /opt/app-root/src/.ansible/tmp/ansible-tmp-1497873180.04-128455164148415/htpasswd.py
11:53:00.084 <localhost> EXEC /bin/sh -c 'chmod u+x /opt/app-root/src/.ansible/tmp/ansible-tmp-1497873180.04-128455164148415/ /opt/app-root/src/.ansible/tmp/ansible-tmp-1497873180.04-128455164148415/htpasswd.py && sleep 0'
11:53:00.103 <localhost> EXEC /bin/sh -c 'sudo -H -S -n -u root /bin/sh -c '"'"'echo BECOME-SUCCESS-ykohlfdjshlzhtcuhexfmjdqnnurbtkx; /usr/bin/python2 /opt/app-root/src/.ansible/tmp/ansible-tmp-1497873180.04-128455164148415/htpasswd.py; rm -rf "/opt/app-root/src/.ansible/tmp/ansible-tmp-1497873180.04-128455164148415/" > /dev/null 2>&1'"'"' && sleep 0'
11:53:00.430 changed: [vh-7056pppq.iaas.xxx -> localhost] => {"censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result"}
11:53:00.430 
11:53:00.430 MSG:
11:53:00.430 
11:53:00.430 Created /tmp/tmp.3fVicuokVx/hawkular-metrics.htpasswd and added hawkular
11:53:00.441 
11:53:00.441 TASK [openshift_metrics : copy] ************************************************
11:53:00.441 task path: /usr/share/ansible/openshift-ansible/roles/openshift_metrics/tasks/generate_hawkular_certificates.yaml:49
11:53:00.471  [WARNING]: when statements should not include jinja2 templating delimiters
11:53:00.471 such as {{ }} or {% %}. Found: not {{ openshift_metrics_heapster_standalone |
11:53:00.471 bool }}
11:53:00.551 failed: [vh-7056pppq.iaas.xxx] (item=hawkular-metrics.pwd) => {
11:53:00.551     "failed": true, 
11:53:00.552     "item": "hawkular-metrics.pwd"
11:53:00.552 }
11:53:00.552 
11:53:00.552 MSG:
11:53:00.552 
11:53:00.552 Unable to find '/tmp/tmp.3fVicuokVx/hawkular-metrics.pwd' in expected paths.
11:53:00.616 failed: [vh-7056pppq.iaas.xxx] (item=hawkular-metrics.htpasswd) => {
11:53:00.616     "failed": true, 
11:53:00.616     "item": "hawkular-metrics.htpasswd"
11:53:00.616 }
11:53:00.616 
11:53:00.617 MSG:
11:53:00.617 
11:53:00.617 Unable to find '/tmp/tmp.3fVicuokVx/hawkular-metrics.htpasswd' in expected paths.
11:53:00.680 failed: [vh-7056pppq.iaas.xxx] (item=hawkular-jgroups-keystore.pwd) => {
11:53:00.680     "failed": true, 
11:53:00.680     "item": "hawkular-jgroups-keystore.pwd"
11:53:00.680 }
11:53:00.681 
11:53:00.681 MSG:
11:53:00.681 
11:53:00.681 Unable to find '/tmp/tmp.3fVicuokVx/hawkular-jgroups-keystore.pwd' in expected paths.
11:53:00.686  [WARNING]: Could not create retry file '/usr/share/ansible/openshift-
11:53:00.686 ansible/playbooks/byo/config.retry'.         [Errno 13] Permission denied:
11:53:00.686 u'/usr/share/ansible/openshift-ansible/playbooks/byo/config.retry'
11:53:00.686 
11:53:00.686 PLAY RECAP *********************************************************************
11:53:00.686 localhost                  : ok=11   changed=0    unreachable=0    failed=0   
11:53:00.686 vh-408q9pbc.iaas.xxx : ok=355  changed=28   unreachable=0    failed=0   
11:53:00.686 vh-41qubck4.iaas.xxx : ok=355  changed=28   unreachable=0    failed=0   
11:53:00.686 vh-5gft13g8.iaas.xxx : ok=72   changed=4    unreachable=0    failed=0   
11:53:00.686 vh-5i9u1ss9.iaas.xxx : ok=183  changed=15   unreachable=0    failed=0   
11:53:00.687 vh-7056pppq.iaas.xxx : ok=595  changed=60   unreachable=0    failed=1   
11:53:00.687 vh-nqmph32e.iaas.xxx : ok=183  changed=15   unreachable=0    failed=0   
11:53:00.687 vh-vtd9r8hu.iaas.xxx : ok=183  changed=15   unreachable=0    failed=0   
11:53:00.687 
11:53:00.979 : ERROR: Non Zero return code from command: ansible-playbook -i ../../openshift_ansible_hosts --sudo /usr/share/ansible/openshift-ansible/playbooks/byo/config.yml -vvvv
11:53:00.982 [go] Current job status: failed.
Version-Release number of selected component (if applicable):

Package versions:

- ansible v2.2.3.0
- python2-passlib.noarch         1.6.5-1.el7          @rhel-7-server-ose-3.5-rpms

The following options has been added to the inventory with no luck (under [OSEv3:vars]:

ansible_become=yes
ansible_ssh_user=<user>


How reproducible:
Always

Steps to Reproduce:
1. Add the variables to the ansible hosts file
2. Launch the installation playbook as a non-root user


Actual results:
Installation fails at openshift_metrics : copy TASK

Expected results:
Install without issues

Additional info:

Comment 2 Scott Dodson 2017-06-28 15:01:55 UTC
Need to audit metrics role for local_action tasks that aren't become: no

Comment 7 Anping Li 2017-07-07 09:47:34 UTC
@ewolinet, QE couldn't reproduced this issue. Could you provide more information to recreate it?

Comment 8 ewolinet 2017-07-07 15:01:56 UTC
@Anping,
I wasn't able to reproduce this either. I had tried to create a user with sudo access on the nodes and ran as a non-root user from my control host but never could reproduce this issue. I did an audit of all places we were using local actions and ensured that we added "become: no" to the tasks.


@Joel, any more information that we could use for recreating this?

Comment 11 Anping Li 2017-07-11 07:32:47 UTC
Move to verified status for it do fix some sudo issues. For I couldn't reproduce this issue, if if the problem still exist please re-open it.

Comment 15 errata-xmlrpc 2017-08-10 05:28:56 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2017:1716