Description of problem: For the "Update registry certificates secret" step in https://github.com/openshift/openshift-ansible/blob/openshift-ansible-3.5.6-1/playbooks/common/openshift-cluster/redeploy-certificates/registry.yml#L72 we should also specify '-n default' for 'oc replace -f - ' command. Version-Release number of selected component (if applicable): openshift-ansible-3.5.6-1.git.0.5e6099d.el7.noarch How reproducible: Always Steps to Reproduce: 1.Setup an ocp-3.5 env, log into master and create a new project [root@ip-172-18-3-137 ~]# oc new-project test 2.Run registry cert redeploy playbook against the env ansible-playbook -i host playbooks/byo/openshift-cluster/redeploy-registry-certificates.yml Actual results: TASK [Update registry certificates secret] ************************************* fatal: [ec2-54-152-140-183.compute-1.amazonaws.com]: FAILED! => { "changed": true, "cmd": "oc secret new registry-certificates /etc/origin/master/registry.crt /etc/origin/master/registry.key --config=/tmp/openshift-ansible-lh3xU2/admin.kubeconfig -n default -o json | oc replace -f -", "delta": "0:00:00.733213", "end": "2017-02-10 02:51:05.399517", "failed": true, "rc": 1, "start": "2017-02-10 02:51:04.666304", "warnings": [] } STDERR: Error from server (NotFound): error when replacing "STDIN": secrets "registry-certificates" not found Expected results: Additional info:
Proposed fix: https://github.com/openshift/openshift-ansible/pull/3300
Test with openshift-ansible-3.5.8-1.git.0.0e02ef8.el7.noarch The new playbook will fail when running against a containerized env on AtomicHost TASK [lib_openshift : lib_openshift ensure python-ruamel-yaml package is on target] *** fatal: [gpei-35-debugging-master-1.0214-1i0.qe.rhcloud.com]: FAILED! => { "changed": false, "failed": true } MSG: Could not find a module for unknown. Filed a new bug BZ#1422348 about role lib_openshift not matched with AtomicHost
Additional changes have been made.
Verify this bug with openshift-ansible-3.5.10-1.git.0.ba66b63.el7.noarch For containerized env on AtomicHost, run registry cert redeploy playbook against the env after changing the project to not "default" on master. ansible-playbook -v -i host /usr/share/ansible/openshift-ansible/playbooks/byo/openshift-cluster/redeploy-registry-certificates.yml Playbook could run successfully, registry certificates secret was updated, and new sti-build test could pass.