Bug 1357801
| Summary: | install failed with customized router cert files | ||||||
|---|---|---|---|---|---|---|---|
| Product: | OpenShift Container Platform | Reporter: | Anping Li <anli> | ||||
| Component: | Installer | Assignee: | Andrew Butcher <abutcher> | ||||
| Status: | CLOSED ERRATA | QA Contact: | Anping Li <anli> | ||||
| Severity: | medium | Docs Contact: | |||||
| Priority: | medium | ||||||
| Version: | 3.2.1 | CC: | adellape, aos-bugs, bleanhar, jokerman, mmccomas | ||||
| Target Milestone: | --- | ||||||
| Target Release: | --- | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |||||
| Doc Text: |
Previously, the installer failed when defining customized router certificate files using the openshift_hosted_router_certificate Ansible variable. This bug fix ensures that the certificate contents are properly checked when using this variable, and as a result this issue no longer occurs.
|
Story Points: | --- | ||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2016-08-18 19:29:13 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
if remove the line, openshift_hosted_router_certificate={"certfile": "/root/ha1/config/router.crt", "keyfile": "/root/ha1/config/router.key"}, and run playbook, I got the following message.
TASK: [openshift_hosted | set_fact ] ******************************************
<ha1master1.example.com> ESTABLISH CONNECTION FOR USER: root
fatal: [ha1master1.example.com] => Failed to template {{ openshift.hosted.router.replicas | default((openshift_hosted_router_nodes_json.stdout | from_json)['items'] | length) }}: an unexpected type error occurred. Error was expected string or buffer
FATAL: all hosts have already failed -- aborting
Documentation steps for adding a wildcard router certificate [1] instruct combining certificate, key and CA contents into a PEM certificate that will be set as the default router certificate. The openshift_hosted_router_certificate variable previously only required "certfile" and "keyfile" keys but now correctly requires that a "cafile" key also be specified. I ran into a different set of errors after attempting the scenario described above. Proposed fixes for what I encountered are in https://github.com/openshift/openshift-ansible/pull/2179 [1] https://docs.openshift.com/enterprise/3.2/install_config/install/deploy_router.html#using-wildcard-certificates It works well with atomic-openshift-utils-3.2.18-1.git.0.2015d79.el7.noarch Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2016:1639 |
Created attachment 1181485 [details] ansible installation logs Description of problem: nstall failed if specified openshift_hosted_router_certificate={"certfile": "/root/ha1/config/router.crt", "keyfile": "/root/ha1/config/router.key"} Version-Release number of selected component (if applicable): atomic-openshift-utils-3.2.13 How reproducible: always Steps to Reproduce: 1) install Openshift v3.2 HA environment 2) set openshift_hosted_router_certificate in inventory [OSEv3:children] masters nodes etcd lb nfs [OSEv3:vars] ansible_ssh_user=root openshift_use_openshift_sdn=true deployment_type=openshift-enterprise openshift_use_dnsmasq=False openshift_master_default_subdomain=host2.example.com openshift_docker_additional_registries=virt-openshift-05.lab.eng.nay.redhat.com:5000 openshift_docker_insecure_registries=virt-openshift-05.lab.eng.nay.redhat.com:5000 oreg_url=virt-openshift-05.lab.eng.nay.redhat.com:5000/openshift3/ose-${component}:${version} openshift_master_identity_providers=[{'name': 'allow_all', 'login': 'true', 'challenge': 'true', 'kind': 'AllowAllPasswordIdentityProvider'}] openshift_master_cluster_method=native openshift_master_cluster_hostname=ha1master.example.com openshift_master_cluster_public_hostname=ha1master.example.com openshift_hosted_router_selector='region=route' openshift_hosted_router_replicas=1 openshift_hosted_router_certificate={"certfile": "/root/ha1/config/router.crt", "keyfile": "/root/ha1/config/router.key"} openshift_release=3.2 [masters] ha1master1.example.com openshift_hostname=ha1master1.example.com openshift_public_hostname=ha1master1.example.com ha1master2.example.com openshift_hostname=ha1master2.example.com openshift_public_hostname=ha1master2.example.com [etcd] ha1node2.example.com openshift_hostname=ha1node2.example.com openshift_public_hostname=ha1node2.example.com [nodes] ha1master1.example.com openshift_node_labels="{'region': 'mylove', 'zone': 'default'}" openshift_hostname=ha1master1.example.com openshift_public_hostname=ha1master1.example.com openshift_schedulable=true ha1master2.example.com openshift_node_labels="{'region': 'mylove', 'zone': 'default'}" openshift_hostname=ha1master2.example.com openshift_public_hostname=ha1master2.example.com openshift_schedulable=true ha1master3.example.com openshift_node_labels="{'region': 'infra', 'zone': 'default'}" openshift_hostname=ha1master3.example.com openshift_public_hostname=ha1master3.example.com openshift_schedulable=true ha1node1.example.com openshift_node_labels="{'region': 'route', 'zone': 'east'}" openshift_hostname=ha1node1.example.com openshift_public_hostname=ha1node1.example.com [lb] ha1master.example.com [nfs] ha1master1.example.com 3) run config playbook ansible-playbook -i config/2master1etcd2nodes /usr/share/ansible/openshift-ansible/playbooks/byo/config.yml -vvv| tee installmix_mylove.logs Actual results: TASK: [openshift_hosted | fail ] ********************************************** <ha1master1.example.com> ESTABLISH CONNECTION FOR USER: root failed: [ha1master1.example.com] => {"failed": true} msg: 'certfile', 'keyfile' and 'cafile' keys must be specified when supplying the openshift_hosted_router_certificate variable. FATAL: all hosts have already failed -- aborting Expected results: Additional info: