Description of problem: OpenShift 3.1 installed on AWS. Masters are on Atomic Host 7.2.4; Nodes are on RHEL. When upgrading to 3.2, the variables AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY disappear in /etc/sysconfig/atomic-openshift-master-* however they remain on the nodes in /etc/sysconfig/atomic-openshift-node Version-Release number of selected component (if applicable): OSE 3.1 -> 3.2 How reproducible: Not yet reproduced Actual results: Expect the variables configured for AWS to remain Expected results: Files are possibly overwritten entirely, else some parts are removed. Additional info: Seems similar to https://bugzilla.redhat.com/show_bug.cgi?id=1345804 although with a different component
Additional info: After installation we also noticed that mounting of the /etc/origin/cloudprovider directory was not present in /etc/systemd/system/atomic-openshift-node.service We had to add the following parameter manually: -v /etc/origin/cloudprovider:/etc/origin/cloudprovider Also new configuration has not been added to master-config.yaml, we thought that specifying the following in the hosts files would create proper entries: openshift_builddefaults_http_proxy openshift_builddefaults_https_proxy openshift_builddefaults_no_proxy openshift_builddefaults_git_http_proxy openshift_builddefaults_git_https_proxy
From the customer: During the upgrade from 3.2.1.4 to 3.2.1.9 we faced the issue with missing AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY in /etc/sysconfig/atomic-openshift-master-api /etc/sysconfig/atomic-openshift-master-controllers We have learned that they are missing when hosts file contains the variables: openshift_release=v3.2 openshift_image_tag=v3.2.1.9 openshift_pkg_version=-3.2.1.9 We modified first the ansible templates - atomic-openshift-master-api.j2 - atomic-openshift-master-controllers.j2 and removed the "if" block {% if 'cloudprovider' in openshift and 'aws' in openshift.cloudprovider and 'kind' in openshift.cloudprovider and openshift.cloudprovider.kind == 'aws' and 'access_key' in openshift.cloudprovider.aws and 'secret_key' in openshift.cloudprovider.aws %} AWS_ACCESS_KEY_ID={{ openshift.cloudprovider.aws.access_key }} AWS_SECRET_ACCESS_KEY={{ openshift.cloudprovider.aws.secret_key }} {% endif %} leaving only: AWS_ACCESS_KEY_ID={{ openshift.cloudprovider.aws.access_key }} AWS_SECRET_ACCESS_KEY={{ openshift.cloudprovider.aws.secret_key }} In this case the ansible upgrade script failed with: fatal: [master01.pink.eu-central-1.aws.openpaas.axa-cloud.com]: FAILED! => {"changed": false, "failed": true, "msg": "AnsibleUndefinedVariable: 'dict object' has no attribute 'cloudprovider'"} After hardcoding the values, the upgrade procedure worked.
https://github.com/openshift/openshift-ansible/pull/2368
The keys can be found after upgraded so move bug to verified.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2016:1933