Bug 1474246

Summary: [3.6] Installer doesn't always use absolute path for excluders
Product: OpenShift Container Platform Reporter: Sergi Jimenez Romero <sjr>
Component: InstallerAssignee: Jan Chaloupka <jchaloup>
Status: CLOSED ERRATA QA Contact: liujia <jiajliu>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 3.5.0CC: aos-bugs, jchaloup, jiajliu, jokerman, mmccomas, sdodson, sjr, vwalek
Target Milestone: ---   
Target Release: 3.6.z   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
If the ansible_ssh_user didn't have /sbin in their path then the playbooks may have failed to execute the excluder scripts during installation and upgrade. The full path is now used avoiding this problem.
 Story Points: ---
Clone Of:
: 1474339 1474341 (view as bug list) Environment:
Last Closed: 2017-09-05 17:42:58 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1474339, 1474341    

Description Sergi Jimenez Romero 2017-07-24 08:27:13 UTC 
Description of problem:

Version-Release number of the following components:
rpm -q openshift-ansible
rpm -q ansible
ansible --version

How reproducible:

Always

Steps to Reproduce:
1. PATH doesn't include '/sbin'
2. run the installer
3. installer will fail here:
  https://github.com/openshift/openshift-ansible/blob/release-1.5/roles/openshift_excluder/tasks/exclude.yml#L8

Actual results:

Task "Enable docker excluder" fails as it doesn't use the excluder absolute path.

Expected results:

Use the absolute path for the excluder as in other tasks, e.g.:
https://github.com/openshift/openshift-ansible/blob/release-1.5/roles/openshift_excluder/tasks/exclude.yml#L4

Additional info:
Comment 4 Scott Dodson 2017-07-25 12:40:59 UTC 
master branch fix in https://github.com/openshift/openshift-ansible/pull/4839 and https://github.com/openshift/openshift-ansible/pull/4835
Comment 9 Jan Chaloupka 2017-08-17 14:30:14 UTC 
Upstream PR: https://github.com/openshift/openshift-ansible/pull/5117
Comment 10 Jan Chaloupka 2017-08-17 14:31:06 UTC 
3.6 backport as well: https://github.com/openshift/openshift-ansible/pull/5115
Comment 14 liujia 2017-08-22 08:19:09 UTC 
Have added cases ocp-15375 and ocp-15380 to cover this scenario.
Comment 16 liujia 2017-08-24 01:46:08 UTC 
Version:
atomic-openshift-utils-3.6.173.0.7-2.git.0.340aa2c.el7.noarch

Steps:
1. Create a non-root user on the host.
2. Add cloud-user to sudo group and edit /etc/sudoers to change sudo's secure path(delete default /sbin and /usr/sbin):
Defaults    secure_path = /bin:/usr/bin
3. Run install playbook with user cloud-user.

Install succeed.
Comment 18 errata-xmlrpc 2017-09-05 17:42:58 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2017:2639