Bug 1678624

Summary: Provison APB failed with error of 'certificate verify failed'
Product: OpenShift Container Platform Reporter: Zihan Tang <zitang>
Component: Service BrokerAssignee: Shawn Hurley <shurley>
Status: CLOSED ERRATA QA Contact: Zihan Tang <zitang>
Severity: high Docs Contact:
Priority: high    
Version: 4.1.0CC: aos-bugs, chezhang, dyan, jiazha
Target Milestone: ---   
Target Release: 4.1.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: No Doc Update
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-06-04 10:44:14 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1668534    
Bug Blocks:    

Description Zihan Tang 2019-02-19 09:01:43 UTC 
Description of problem:
when provision apb in 4.0 env, provision failed, and the errors in sandbox pod is:

fatal: [localhost]: FAILED! => {"changed": false, "msg": "Error attempting to update pod with last operation annotation: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:579)"}

Version-Release number of selected component (if applicable):
OCP: 4.0.0-0.nightly-2019-02-17-024922
asb-operator: docker.io/automationbroker/automation-broker-operator:latest
asb: 1.4.4

How reproducible:
always

Steps to Reproduce:
1. install svcat and asb by ansible playbook in https://github.com/fusor/catbrokers4/
2. provision postgresql-apb in a new project.
3.

Actual results:
provision failed.
logs of sandbox pod: 
[core@ip-10-0-135-63 ~]$ oc project dh-postgresql-apb-prov-7b885
Now using project "dh-postgresql-apb-prov-7b885" on server "https://zitang-api.qe.devcluster.openshift.com:6443".
[core@ip-10-0-135-63 ~]$ oc get pod 
NAME                                          READY   STATUS    RESTARTS   AGE
bundle-77f67418-9c39-4280-81e7-f2d09247cc70   1/1     Running   0          14s
[core@ip-10-0-135-63 ~]$ oc logs -f bundle-77f67418-9c39-4280-81e7-f2d09247cc70
DEPRECATED: APB playbooks should be stored at /opt/apb/project

PLAY [postgresql-apb provision] ************************************************

TASK [ansibleplaybookbundle.asb-modules : debug] *******************************
skipping: [localhost]

TASK [postgresql-apb : Update last operation] **********************************
fatal: [localhost]: FAILED! => {"changed": false, "msg": "Error attempting to update pod with last operation annotation: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:579)"}

PLAY RECAP *********************************************************************
localhost                  : ok=0    changed=0    unreachable=0    failed=1   


Expected results:
provision succeed.

Additional info:
Comment 1 Shawn Hurley 2019-02-19 14:56:15 UTC 
This is a duplicate of https://bugzilla.redhat.com/show_bug.cgi?id=1668534 and is the same auth bug. I would suggest that this is closed.
Comment 2 Zihan Tang 2019-02-20 03:38:33 UTC 
Bug https://bugzilla.redhat.com/show_bug.cgi?id=1668534  has re-assign to auth, add this bug depending on 1668534, and will verify this when auth issue fixed.
Comment 3 Zihan Tang 2019-02-21 09:25:19 UTC 
With installer: v4.0.0-0.177.0.1-dirty
Cluster version is 4.0.0-0.nightly-2019-02-20-194410
this issue is fixed.
Comment 6 errata-xmlrpc 2019-06-04 10:44:14 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2019:0758