Bug 1666491

Summary: Playbook incorrectly fails on validating master config paths
Product: OpenShift Container Platform Reporter: Robert Bost <rbost>
Component: InstallerAssignee: Vadim Rutkovsky <vrutkovs>
Installer sub component: openshift-ansible QA Contact: ge liu <geliu>
Status: CLOSED ERRATA Docs Contact:
Severity: low    
Priority: medium CC: gpei, rhowe, vrutkovs
Version: 3.11.0   
Target Milestone: ---   
Target Release: 3.11.z   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Cause: openshift-ansible was incorrectly checking if value in etcd-servers-overrides is a valid path Consequence: some values in etcd-servers-overrides were considered invalid by openshift-ansible Fix: etcd-servers-overrides doesn't contain paths, so it is being ignored during path checks Result: configurations with etcd-servers-overrides are not considered incorrect anymore
 Story Points: ---
Clone Of: Environment:
Last Closed: 2019-04-11 05:38:26 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Comment 1 Robert Bost 2019-01-15 19:33:14 UTC 
Forgot to provide my kubernetesMasterConfig snippet for example:

kubernetesMasterConfig:
  apiServerArguments:
    storage-backend:
    - etcd3
    storage-media-type:
    - application/vnd.kubernetes.protobuf
    etcd-servers-overrides:
    - '/events.k8s.io#http://https://master-0.example.com:3379'
Comment 2 Robert Bost 2019-01-15 19:40:59 UTC 
Reposting initial comment publically:

Description of problem:

TASK [openshift_control_plane : Check for file paths outside of /etc/origin/master in master's config] ***************************************************************************************************************************************
fatal: [10.10.95.63]: FAILED! => {"msg": "A string value that appears to be a file path located outside of\n/dev/null, /etc/origin/master/, /var/lib/origin.... The string found was: /events.k8s.io#http://https://master-0.example.com:3379\n***********************\nNOTE: the following items do not need to be migrated, they will be migrated\nfor you: oauthConfig.identityProviders"}

The etcd-servers-overrides argument for kubernetesMasterConfig section in master-config.yaml is causing task above to erroneously fail.

Workaround is to manually add '/events.k8s.io' to ALLOWED_DIRS in master_check_paths_in_config.py.

Version-Release number of the following components:
# rpm -qa openshift-ansible
openshift-ansible-3.11.51-2.git.0.51c90a3.el7.noarch

https://github.com/openshift/openshift-ansible/blob/eed02476b6465dda0315aa7340cd2f53a4e285bc/roles/lib_utils/action_plugins/master_check_paths_in_config.py#L84-L98

How reproducible: Always
Comment 3 Ryan Howe 2019-01-16 20:20:45 UTC 
This configuration is very rare and likely not supported. Very likely this bug will not ever be hit. 


    etcd-servers-overrides:
    - '/events#http://master-0.example.com:3379'
Comment 4 Vadim Rutkovsky 2019-01-17 14:36:20 UTC 
Seems master_check_paths_in_config.py should be updated, similar to https://github.com/openshift/openshift-ansible/pull/11015
Comment 5 Vadim Rutkovsky 2019-02-11 10:39:50 UTC 
PR https://github.com/openshift/openshift-ansible/pull/11163
Comment 6 Vadim Rutkovsky 2019-02-20 09:52:29 UTC 
Fix is available in openshift-ansible-3.11.84-1
Comment 7 ge liu 2019-02-28 11:16:55 UTC 
Recreate with openshift v3.11.51, openshift-ansible-3.11.51-1.git.0.51c90a3.el7.noarch.rpm,

Run playbook: /playbooks/byo/openshift_facts.yml

TASK [openshift_control_plane : Check for file paths outside of /etc/origin/master in master's config] ***
fatal: [qe-geliu31151master-etcd-1.0228-jjd.qe.rhcloud.com]: FAILED! => {"msg": "A string value that appears to be a file path located outside of\n/dev/null, /etc/origin/master/, /var/lib/origin, /etc/origin/cloudprovider, /etc/origin/kubelet-plugins, /usr/libexec/kubernetes/kubelet-plugins has been found in /etc/origin/master/master-config.yaml.\nIn 3.10 and newer, all files needed by the master must reside inside of\nthose directories or a subdirectory or it will not be readable by the\nmaster process. Please migrate all files needed by the master into\none of /dev/null, /etc/origin/master/, /var/lib/origin, /etc/origin/cloudprovider, /etc/origin/kubelet-plugins, /usr/libexec/kubernetes/kubelet-plugins or a subdirectory and update your master configs before\nproceeding. The string found was: /events.k8s.io#http://https://master-0.example.com:3379\n***********************\nNOTE: the following items do not need to be migrated, they will be migrated\nfor you: oauthConfig.identityProviders"}

Verified with v3.11.87, openshift-ansible-3.11.87-1.git.0.a7b07ff.el7.noarch.rpm
Comment 9 errata-xmlrpc 2019-04-11 05:38:26 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2019:0636