Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 1417680 - [3.2] Backport openshift_certificate_expiry role
[3.2] Backport openshift_certificate_expiry role
Status: CLOSED ERRATA
Product: OpenShift Container Platform
Classification: Red Hat
Component: Installer (Show other bugs)
3.2.1
Unspecified Unspecified
unspecified Severity high
: ---
: 3.2.1
Assigned To: Tim Bielawa
Gaoyun Pei
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2017-01-30 11:09 EST by Tim Bielawa
Modified: 2017-03-06 11:38 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
The certificate expiry checker has been backported to the OCP 3.2 playbooks.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2017-03-06 11:38:10 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2017:0448 normal SHIPPED_LIVE Important: ansible and openshift-ansible security and bug fix update 2017-03-06 16:36:25 EST

  None (edit)
Description Tim Bielawa 2017-01-30 11:09:59 EST 
Description of problem:

The openshift_certificate_expiry module needs to be backported and tested to help with the growing numbers of customers running into problems with their certificates expiring and an upcoming KBS article.


Related PR: https://github.com/openshift/openshift-ansible/pull/3207
Comment 2 Gaoyun Pei 2017-02-07 04:33:31 EST 
Test with openshift-ansible-3.2.49-1.git.0.fc41501.el7.noarch, run the example playbook against an ocp-3.2 cluster by following https://github.com/tbielawa/openshift-ansible/blob/3efe6dd1f113c2f09a15fea7d61389296b5e9a67/roles/openshift_certificate_expiry/README.md#run-with-ansible-playbook


[root@gpei-test-ansible openshift-ansible]# pwd
/usr/share/ansible/openshift-ansible
[root@gpei-test-ansible openshift-ansible]# ansible-playbook -v -i ~/host ./roles/openshift_certificate_expiry/examples/playbooks/easy-mode.yaml 
Using /etc/ansible/ansible.cfg as config file
ERROR! the role 'openshift_certificate_expiry' was not found in /usr/share/ansible/openshift-ansible/roles/openshift_certificate_expiry/examples/playbooks/roles:/etc/ansible/roles:/usr/share/ansible/openshift-ansible/roles/openshift_certificate_expiry/examples/playbooks

The error appears to have been in '/usr/share/ansible/openshift-ansible/roles/openshift_certificate_expiry/examples/playbooks/easy-mode.yaml': line 21, column 7, but may
be elsewhere in the file depending on the exact syntax problem.

The offending line appears to be:

  roles:
    - role: openshift_certificate_expiry
      ^ here
Comment 3 Tim Bielawa 2017-02-09 13:05:37 EST 
Fix submitted https://github.com/openshift/openshift-ansible/pull/3314
Comment 5 Gaoyun Pei 2017-02-14 05:00:41 EST 
The same error as https://bugzilla.redhat.com/show_bug.cgi?id=1417681#c5 when testing with openshift-ansible-3.2.50-1.git.0.df25cf2.el7.noarch
Comment 7 Gaoyun Pei 2017-02-22 05:00:42 EST 
Verify this bug with openshift-ansible-3.2.51-1.git.0.d851c61.el7

All the example playbooks could run successfully against rpm/container env, could detect certs used in the cluster well.

The playbooks could give correct result about the number of cert in expired/OK/warning status on each host, and all the configurable variables in this role were working well.
Comment 9 errata-xmlrpc 2017-03-06 11:38:10 EST 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2017:0448
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.