Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1286375

Summary: Ansible variables for router and registry selector don't work
Product: OpenShift Container Platform Reporter: Jason Callaway <jcallawa>
Component: InstallerAssignee: Andrew Butcher <abutcher>
Status: CLOSED ERRATA QA Contact: Gan Huang <ghuang>
Severity: low Docs Contact:
Priority: low    
Version: 3.1.0CC: aos-bugs, bleanhar, gpei, jcallawa, jokerman, mmccomas
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: openshift-ansible-3.0.38-1.git.0.66ba7e2.el7aos Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-02-29 12:57:22 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Jason Callaway 2015-11-28 18:54:45 UTC 
Description of problem:
When using the advanced install method, the Ansible variables for openshift_router_selector and openshift_registry_selector seem to have no effect.

Version-Release number of selected component (if applicable):
# rpm -q atomic-openshift
atomic-openshift-3.1.0.4-1.git.4.b6c7cd2.el7aos.x86_64

How reproducible:
Repeatable in AWS.

Steps to Reproduce:
1. Perform OSE 3.1 advanced install in AWS per documentation

2. /etc/ansible/hosts:

[OSEv3:children]
masters
nodes

[OSEv3:vars]
ansible_ssh_user=ec2-user
ansible_sudo=true
deployment_type=openshift-enterprise
openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider', 'filename': '/etc/origin/htpasswd'}]
osm_default_subdomain=apps.ose31.rhtps.io
osm_default_node_selector='region=primary'
openshift_router_selector='region=infra'
openshift_registry_selector='region=infra'

[masters]
ec2-52-2-157-210.compute-1.amazonaws.com openshift_public_hostname=master.ose31.rhtps.io openshift_public_ip=52.2.157.210

[nodes]
ec2-52-2-157-210.compute-1.amazonaws.com openshift_public_hostname=master.ose31.rhtps.io openshift_public_ip=52.2.157.210 openshift_node_labels="{'region': 'infra', 'zone': 'default'}"
ec2-52-2-195-228.compute-1.amazonaws.com openshift_public_hostname=node1.ose31.rhtps.io openshift_public_ip=52.2.195.228 openshift_node_labels="{'region': 'primary', 'zone': 'east'}"
ec2-52-3-5-207.compute-1.amazonaws.com openshift_public_hostname=node2.ose31.rhtps.io openshift_public_ip=52.3.5.207 openshift_node_labels="{'region': 'primary', 'zone': 'east'}"
ec2-52-22-81-10.compute-1.amazonaws.com openshift_public_hostname=node3.ose31.rhtps.io openshift_public_ip=52.22.81.10 openshift_node_labels="{'region': 'primary', 'zone': 'west'}"
ec2-52-4-200-97.compute-1.amazonaws.com openshift_public_hostname=node4.ose31.rhtps.io openshift_public_ip=52.4.200.97 openshift_node_labels="{'region': 'primary', 'zone': 'west'}"

3. Create the router and registry. They'll land on randomly selected nodes instead of the nodes labeled with region=infra.

# oadm registry --service-account=registry \
    --config=/etc/origin/master/admin.kubeconfig \
    --credentials=/etc/origin/master/openshift-registry.kubeconfig \
    --images='registry.access.redhat.com/openshift3/ose-${component}:${version}' \
    --selector='region=infra' \
    --mount-host=/mounthost
# oadm router router --replicas=1 \
      --default-cert=cloudapps.router.pem \
      --credentials='/etc/origin/master/openshift-router.kubeconfig' \
      --service-account=router

Actual results:
Registry and router pods land on any node, not the nodes labeled with region=infra.

Expected results:
Registry and router pods should be hosted by infra nodes.

Additional info:
Workaround identified by Ken Evensen <kevensen>, found in beta documentation:

Edit the default namespace and add an annotation (openshift.io/node-selector: region=infra), example:
apiVersion: v1
kind: Namespace
metadata:
  annotations:
    openshift.io/node-selector: region=infra
    openshift.io/sa.initialized-roles: "true"
    openshift.io/sa.scc.mcs: s0:c5,c0
    openshift.io/sa.scc.supplemental-groups: 1000020000/10000
    openshift.io/sa.scc.uid-range: 1000020000/10000
  creationTimestamp: 2015-11-25T22:16:18Z
  name: default
  resourceVersion: "126086"
  selfLink: /api/v1/namespaces/default
  uid: 26900561-93c2-11e5-89fd-0e495fabd81d
spec:
  finalizers:
  - kubernetes
  - openshift.io/origin
status:
  phase: Active
Comment 1 Andrew Butcher 2015-12-02 16:28:57 UTC 
The router and registry should be automatically created by ansible if there are infrastructure nodes, which I can see in the inventory above, but I think they aren't being created because 'num_infra=1' is missing from inventory variables.

Can you try once more after setting that variable?

The docs will need to be updated to mention the variable OR the playbooks can be updated to infer the count from the number of labelled nodes.
Comment 2 Andrew Butcher 2015-12-02 16:31:17 UTC 
NOTE: Ansible will only create the router automatically. The registry will be added once we've added an NFS host to the installer inhttps://github.com/openshift/openshift-ansible/pull/951
Comment 3 Andrew Butcher 2015-12-02 16:35:53 UTC 
Another NOTE: the selector variables are only for the automatically created components and would need to be provided with --selector='region=infra' if created manually.
Comment 4 Jason Callaway 2015-12-02 17:14:14 UTC 
(In reply to Andrew Butcher from comment #1)
> The router and registry should be automatically created by ansible if there
> are infrastructure nodes, which I can see in the inventory above, but I
> think they aren't being created because 'num_infra=1' is missing from
> inventory variables.
> 
> Can you try once more after setting that variable?
> 
> The docs will need to be updated to mention the variable OR the playbooks
> can be updated to infer the count from the number of labelled nodes.

Ok, awesome. I'll give that a shot tomorrow. I'd vote for playbook inference from labeled nodes with the option to override with a variable.
Comment 5 Brenton Leanhardt 2016-02-02 14:36:52 UTC 
https://github.com/openshift/openshift-ansible/pull/1237
Comment 7 Brenton Leanhardt 2016-02-16 12:12:53 UTC 
This should be available for testing in the latest puddle.
Comment 8 Gan Huang 2016-02-17 06:31:19 UTC 
Test with the latest puddle(2016-02-16.1), "--selector" works well

QA could not reproduce the bug. As osm_default_node_selector='region=primary' was written in inventory hosts, and sperify --selector='region=infra' when creating components manually, it would throw out the messages below:

 1m		42s		9	{deployer }			failedCreate	Error creating deployer pod for default/docker-registry-1: pods "docker-registry-1-deploy" is forbidden: pod node label selector conflicts with its project node label selector
Comment 10 errata-xmlrpc 2016-02-29 12:57:22 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2016:0311
Comment 11 Jason Callaway 2018-01-08 12:47:30 UTC 
Sorry, I was filtering these by accident. Fine to close.