Description of problem: Ansible installation of metrics failed when running playbook for openshift-metrics.yaml, I get an error indicating the cert is not valid. error: --signer-cert, \"/tmp/openshift-metrics-ansible-g8NWMu/ca.crt\" must be a valid certificate file\nSee 'oadm ca create-server-cert -h' for help and examples. Version-Release number of selected component (if applicable): master How reproducible: always. Steps to Reproduce: 1. git clone https://github.com/openshift/openshift-ansible/ 2. ansible-playbook -i <your_inventory_file> -vvv openshift-ansible/playbooks/byo/openshift-cluster/openshift-metrics.yml Actual results: <openshift-127.lab.sjc.redhat.com> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o 'IdentityFile="/tmp/tmp/libra.pem"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=root -o ConnectTimeout=10 -o ControlPath=/opt/app-root/src/.ansible/cp/ansible-ssh-%h-%p-%r -tt openshift-127.lab.sjc.redhat.com '/bin/sh -c '"'"'/usr/bin/python /root/.ansible/tmp/ansible-tmp-1492631599.51-261101884427092/command.py; rm -rf "/root/.ansible/tmp/ansible-tmp-1492631599.51-261101884427092/" > /dev/null 2>&1 && sleep 0'"'"'' fatal: [openshift-127.lab.sjc.redhat.com]: FAILED! => { "changed": true, "cmd": [ "oadm", "ca", "create-server-cert", "--config=/tmp/openshift-metrics-ansible-g8NWMu/admin.kubeconfig", "--key=/tmp/openshift-metrics-ansible-g8NWMu/heapster.key", "--cert=/tmp/openshift-metrics-ansible-g8NWMu/heapster.cert", "--hostnames=heapster", "--signer-cert=/tmp/openshift-metrics-ansible-g8NWMu/ca.crt", "--signer-key=/tmp/openshift-metrics-ansible-g8NWMu/ca.key", "--signer-serial=/tmp/openshift-metrics-ansible-g8NWMu/ca.serial.txt" ], "delta": "0:00:00.271453", "end": "2017-04-19 15:53:20.016426", "failed": true, "invocation": { "module_args": { "_raw_params": "oadm ca create-server-cert --config=/tmp/openshift-metrics-ansible-g8NWMu/admin.kubeconfig --key='/tmp/openshift-metrics-ansible-g8NWMu/heapster.key' --cert='/tmp/openshift-metrics-ansible-g8NWMu/heapster.cert' --hostnames=heapster --signer-cert='/tmp/openshift-metrics-ansible-g8NWMu/ca.crt' --signer-key='/tmp/openshift-metrics-ansible-g8NWMu/ca.key' --signer-serial='/tmp/openshift-metrics-ansible-g8NWMu/ca.serial.txt'", "_uses_shell": false, "chdir": null, "creates": null, "executable": null, "removes": null, "warn": true }, "module_name": "command" }, "rc": 1, "start": "2017-04-19 15:53:19.744973", "stderr": "error: --signer-cert, \"/tmp/openshift-metrics-ansible-g8NWMu/ca.crt\" must be a valid certificate file\nSee 'oadm ca create-server-cert -h' for help and examples.", "stdout": "", "stdout_lines": [], "warnings": [] } to retry, use: --limit @/tmp/tmp/openshift-ansible/playbooks/byo/openshift-cluster/openshift-metrics.retry PLAY RECAP ********************************************************************* localhost : ok=1 changed=0 unreachable=0 failed=0 openshift-127.lab.sjc.redhat.com : ok=28 changed=0 unreachable=0 failed=1 Expected results: Additional info:
Eric, It looks like it's an issue with my inventory. If I comment out the setting openshift_metrics_heapster_standalone=true (see below), then the installation will pass. Do you know if setting above is valid? ==== working inventory file ======= [oo_first_master] openshift-127.lab.sjc.redhat.com ansible_user=root ansible_ssh_user=root ansible_ssh_private_key_file="/tmp/tmp/libra.pem" openshift_public_hostname=openshift-127.lab.sjc.redhat.com [oo_first_master:vars] openshift_deployment_type=openshift-enterprise openshift_release=v3.5 public_master_url=https://openshift-127.lab.sjc.redhat.com:8443 openshift_metrics_image_prefix=brew-pulp-docker01.web.prod.ext.phx2.redhat.com:8888/openshift3/ openshift_metrics_image_version=v3.5 openshift_metrics_install_metrics=true #openshift_metrics_heapster_standalone=true openshift_metrics_heapster_allowed_users=system:master-proxy openshift_metrics_hawkular_hostname=metrics.0411-egz.qe.rhcloud.com openshift_metrics_project=openshift-infra
@Peter, Tested on my environment, same error as you reported. I found this case in polarion, https://polarion.engineering.redhat.com/polarion/#/project/OSE/workitem?id=OCP-12879, and I believe penli had been tested this case and it did not have problems then, but it throws out error now Since we use byo/openshift-cluster/openshift-metrics.yml, the inventory file group names are changed, see the following file. [OSEv3:children] masters [masters] ec2-54-211-52-114.compute-1.amazonaws.com openshift_public_hostname=ec2-54-211-52-114.compute-1.amazonaws.com [OSEv3:vars] ansible_ssh_user=root ansible_ssh_private_key_file="/root/libra.pem" deployment_type=openshift-enterprise openshift_metrics_install_metrics=true openshift_metrics_hawkular_hostname=hawkular-metrics.0420-n0a.qe.rhcloud.com openshift_metrics_project=openshift-infra openshift_metrics_image_prefix=registry.ops.openshift.com/openshift3/ openshift_metrics_image_version=3.5.0 #openshift_metrics_heapster_standalone=true openshift_metrics_heapster_allowed_users=system:master-proxy openshift_metrics_project=openshift-infra
@Peter, To my knowledge it should be a valid setting but I will confirm. It may be that something new broke that setting.
Verfied that I can run metrics installation with oc v3.5.5.8
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2017:3438