Bug 1417680 - [3.2] Backport openshift_certificate_expiry role
Summary: [3.2] Backport openshift_certificate_expiry role
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Installer
Version: 3.2.1
Hardware: Unspecified
OS: Unspecified
unspecified
high
Target Milestone: ---
: 3.2.1
Assignee: Tim Bielawa
QA Contact: Gaoyun Pei
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-01-30 16:09 UTC by Tim Bielawa
Modified: 2017-03-06 16:38 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Enhancement
Doc Text:
The certificate expiry checker has been backported to the OCP 3.2 playbooks.
Clone Of:
Environment:
Last Closed: 2017-03-06 16:38:10 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2017:0448 0 normal SHIPPED_LIVE Important: ansible and openshift-ansible security and bug fix update 2017-03-06 21:36:25 UTC

Description Tim Bielawa 2017-01-30 16:09:59 UTC
Description of problem:

The openshift_certificate_expiry module needs to be backported and tested to help with the growing numbers of customers running into problems with their certificates expiring and an upcoming KBS article.


Related PR: https://github.com/openshift/openshift-ansible/pull/3207

Comment 2 Gaoyun Pei 2017-02-07 09:33:31 UTC
Test with openshift-ansible-3.2.49-1.git.0.fc41501.el7.noarch, run the example playbook against an ocp-3.2 cluster by following https://github.com/tbielawa/openshift-ansible/blob/3efe6dd1f113c2f09a15fea7d61389296b5e9a67/roles/openshift_certificate_expiry/README.md#run-with-ansible-playbook


[root@gpei-test-ansible openshift-ansible]# pwd
/usr/share/ansible/openshift-ansible
[root@gpei-test-ansible openshift-ansible]# ansible-playbook -v -i ~/host ./roles/openshift_certificate_expiry/examples/playbooks/easy-mode.yaml 
Using /etc/ansible/ansible.cfg as config file
ERROR! the role 'openshift_certificate_expiry' was not found in /usr/share/ansible/openshift-ansible/roles/openshift_certificate_expiry/examples/playbooks/roles:/etc/ansible/roles:/usr/share/ansible/openshift-ansible/roles/openshift_certificate_expiry/examples/playbooks

The error appears to have been in '/usr/share/ansible/openshift-ansible/roles/openshift_certificate_expiry/examples/playbooks/easy-mode.yaml': line 21, column 7, but may
be elsewhere in the file depending on the exact syntax problem.

The offending line appears to be:

  roles:
    - role: openshift_certificate_expiry
      ^ here

Comment 3 Tim Bielawa 2017-02-09 18:05:37 UTC
Fix submitted https://github.com/openshift/openshift-ansible/pull/3314

Comment 5 Gaoyun Pei 2017-02-14 10:00:41 UTC
The same error as https://bugzilla.redhat.com/show_bug.cgi?id=1417681#c5 when testing with openshift-ansible-3.2.50-1.git.0.df25cf2.el7.noarch

Comment 7 Gaoyun Pei 2017-02-22 10:00:42 UTC
Verify this bug with openshift-ansible-3.2.51-1.git.0.d851c61.el7

All the example playbooks could run successfully against rpm/container env, could detect certs used in the cluster well.

The playbooks could give correct result about the number of cert in expired/OK/warning status on each host, and all the configurable variables in this role were working well.

Comment 9 errata-xmlrpc 2017-03-06 16:38:10 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2017:0448


Note You need to log in before you can comment on or make changes to this bug.