Bug 1569680

Summary: openshift-ansible aws provisioning - No support for load balancer in front of masters. Ports must be the same
Product: OpenShift Container Platform Reporter: Matt Woodson <mwoodson>
Component: InstallerAssignee: Chris Callegari <ccallega>
Status: CLOSED WONTFIX QA Contact: Johnny Liu <jialiu>
Severity: low Docs Contact:
Priority: low    
Version: 3.9.0CC: aos-bugs, ccallega, jokerman, mmccomas, nraghava, scuppett, wmeng
Target Milestone: ---Keywords: OpsBlocker
Target Release: 3.11.z   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-09-18 14:23:38 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Matt Woodson 2018-04-19 19:18:20 UTC 
Description of problem:

I'm marking this as low priority, but wanted to document this bug.  I do have a workaround.

During my testing of openshift-ansible aws provisioning, I have noticed that there isn't support for having the API port be different than the load balancer port.

What I am attempting to do is this:

web browser -> ELB (port 443) -> Masters (port 8443)

When openshift-ansible gets to the "Verify API"

https://github.com/openshift/openshift-ansible/blob/release-3.9/roles/openshift_master/tasks/check_master_api_is_ready.yml#L8

The variable "openshift.master.api_url" gets set to "elb-dns-name:8443"

This will not work, because the ELB is listening on port 443.

My inventory has these variables set:

openshift_master_api_port=8443
openshift_master_console_port=8443

This is correct, because I want the port on the instance to listen on 8443, and it gets setup correctly.  The problem happens when the API url is generated, it tries to talk to the ELB on the wrong port, where it isn't listening.

To work around this, I set everything to 443, so everything lines up:

openshift_master_api_port=443
openshift_master_console_port=443


Version-Release number of selected component (if applicable):

openshift-ansible 3.9
Comment 2 Chris Callegari 2018-08-15 20:02:04 UTC 
This behavior is fixed.

openshift_master_api_port must be in extra_vars file or we default to the openshift_facts defaults key openshift_master_api_port=8443.  We end up with mismatched elb listener, forwarder, healthcheck, instances OutOfService while api is listening on inventory openshift_master_api_port=443

To manually specify listening and forwarding port on ELB as well as api ports please set the values in role/openshift_aws/default/main file or override them in extra_vars.
Comment 3 Chris Callegari 2018-08-16 21:03:30 UTC 
Matt, can you provide a use case for this?
Comment 4 Scott Dodson 2018-08-23 18:23:13 UTC 
*** Bug 1569627 has been marked as a duplicate of this bug. ***
Comment 5 Chris Callegari 2018-09-18 14:23:38 UTC 
Per mwoodson the ask in this bz is no longer necessary.  load balancer listener, forwarder and api ports will always be equal.

Closing...
Comment 6 Matt Woodson 2018-09-18 15:43:21 UTC 
In my opinion, this is a bug, just not a high priority bug.