Bug 1632843

Summary: AWS standalone masters don't accept the use of IAM roles
Product: OpenShift Container Platform Reporter: Chris Callegari <ccallega>
Component: InstallerAssignee: Chris Callegari <ccallega>
Status: CLOSED CURRENTRELEASE QA Contact: sheng.lao <shlao>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 3.11.0CC: aos-bugs, jokerman, mmccomas, mwoodson, scuppett
Target Milestone: ---Keywords: OpsBlocker
Target Release: 3.11.z   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-11-20 14:15:40 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Chris Callegari 2018-09-25 16:08:02 UTC
Description of problem:
New feature AWS standalone masters don't accept the use of IAM roles.  Please reenable this use.  Overrides must be made available for Use/no use, name, policy_name, and policy_json in case I want to make changes or use my own.

ps...Ensure ASG/EC2s can use IAM roles also.

Version-Release number of selected component (if applicable):
3.11

How reproducible:
Always

Steps to Reproduce:
1. Set openshift_aws_create_iam_role: True 
2. ansible-playbook -i hosts openshift-cluster/prerequisites.yml -e @provisioning_vars.yml
3. ansible-playbook -i hosts openshift-cluster/provision_install.yml -e @provisioning_vars.yml

Actual results:
Master, Compute, Infra EC2s don't use IAM roles

Expected results:
Master, Compute, Infra EC2s should use specified IAM roles

Additional info:


Description of problem:

Version-Release number of the following components:
rpm -q openshift-ansible
rpm -q ansible
ansible --version

How reproducible:

Steps to Reproduce:
1.
2.
3.

Actual results:
Please include the entire output from the last TASK line through the end of output if an error is generated

Expected results:

Additional info:
Please attach logs from ansible-playbook with the -vvv flag

Comment 1 Chris Callegari 2018-09-25 16:10:47 UTC
submitted via https://github.com/openshift/openshift-ansible/pull/10224

Comment 2 Chris Callegari 2018-09-25 16:11:09 UTC
Fix is merged into master

Comment 3 sheng.lao 2018-09-26 03:20:57 UTC
I think this pr fixed the bug too
https://bugzilla.redhat.com/show_bug.cgi?id=1630319

Comment 4 sheng.lao 2018-09-26 07:08:05 UTC
The PR-10224 has been merged to master branch, openshift-ansible-4.0, but the Target Release is 3.11.z. So This PR need to be back-ported to 3.11.z.

Fixed at openshift-ansible-4.0.0-0.4.0-8-gca962ff (master)

# aws iam list-instance-profiles |grep shlao
                    "RoleName": "qe-shlao-5-iam_compute", 
...
                    "RoleName": "qe-shlao-5-iam_infra", 
...
                    "RoleName": "qe-shlao-5-iam_master", 
...


# aws iam list-roles |grep -i shlao 
            "RoleName": "qe-shlao-5-iam_compute", 
...
            "RoleName": "qe-shlao-5-iam_infra", 
...
            "RoleName": "qe-shlao-5-iam_master", 
...

Comment 5 Stephen Cuppett 2018-11-20 14:14:13 UTC
There was a separate cherry-pick commit of this in 3.11 as well:

https://github.com/openshift/openshift-ansible/commit/fe059fce662f9f422c9d1359a3568f59849890ce

Comment 6 Stephen Cuppett 2018-11-20 14:15:40 UTC
Marking CLOSED CURRENTRELEASE.