Description of problem: Trigger proxy installation with docker system container, it resulted in that the proxy variables were not set in atomic configurations (/etc/atomic.conf), and the proxy variables for container-engine service configurations was mistakenly located in /etc/systemd/system/docker.service.d/custom.conf (should be /etc/systemd/system/container-engine.d/custom.conf if I'm correct) Version-Release number of selected component (if applicable): openshift-ansible master branch (last commit id is 593ef65) How reproducible: always Steps to Reproduce: 1.Trigger proxy installation with docker system contaienr # cat inventory <--snip--> openshift_docker_use_system_container=true openshift_docker_systemcontainer_image_registry_override=brew-xxx.redhat.com:8888/rhel7 openshift_http_proxy=http://xxx.redhat.com:3128 openshift_https_proxy=http://xxx.redhat.com:3128 Actual results: 1. No proxy variables set in /etc/atomic.conf 2. the proxy variables for container-engine service configurations was mistakenly located in a wrong directory, and the content was messed up. # ll /etc/systemd/system/container-engine.d/custom.conf ls: cannot access /etc/systemd/system/container-engine.d/custom.conf: No such file or directory # cat /etc/systemd/system/docker.service.d/custom.conf # Ansible managed: /home/slave3/workspace/Launch Environment Flexy/private-openshift-ansible/roles/docker/templates/systemcontainercustom.conf.j2 modified on 2017-05-12 06:30:32 by slave3 on preserve-jenkins-slave-install35.novalocal [Service]ENVIRONMENT=HTTP_PROXY=http://xxx.xxx.redhat.com:3128ENVIRONMENT=HTTPS_PROXY=http://xxx.xxx.redhat.com:3128ENVIRONMENT=NO_PROXY=.cluster.local,openshift-131.lab.sjc.redhat.com,openshift-137.lab.sjc.redhat.com Expected results: 1. Proxy variables should be set in /etc/atomic.conf 2. while using docker system container, custom.conf should be located under /etc/systemd/system/container-engine.d, and the contents work well Additional info:
Good catch. I believe it should end up in /etc/systemd/system/container-engine.service.d.
PR: https://github.com/openshift/openshift-ansible/pull/4172
Installation failed with openshift-ansible-3.6.68-1.git.0.9cbe2b7.el7.noarch.rpmm ansible-2.2.3.0-1.el7.noarch.rpm TASK [openshift_version : Get available atomic-openshift version] ************** Monday 15 May 2017 01:39:08 +0000 (0:00:00.096) 0:02:15.876 ************ An exception occurred during task execution. To see the full traceback, use -vvv. The error was: OSError: [Errno 2] No such file or directory fatal: [host-8-174-75.host.centralci.eng.rdu2.redhat.com]: FAILED! => { "changed": false, "failed": true, "module_stderr": "Traceback (most recent call last):\n File \"/tmp/ansible_MlRDGm/ansible_module_repoquery.py\", line 635, in <module>\n main()\n File \"/tmp/ansible_MlRDGm/ansible_module_repoquery.py\", line 626, in main\n rval = Repoquery.run_ansible(module.params, module.check_mode)\n File \"/tmp/ansible_MlRDGm/ansible_module_repoquery.py\", line 586, in run_ansible\n results = repoquery.repoquery()\n File \"/tmp/ansible_MlRDGm/ansible_module_repoquery.py\", line 545, in repoquery\n rval = self._repoquery_cmd(repoquery_cmd, True, 'raw')\n File \"/tmp/ansible_MlRDGm/ansible_module_repoquery.py\", line 383, in _repoquery_cmd\n returncode, stdout, stderr = _run(cmds)\n File \"/tmp/ansible_MlRDGm/ansible_module_repoquery.py\", line 354, in _run\n stderr=subprocess.PIPE)\n File \"/usr/lib64/python2.7/subprocess.py\", line 711, in __init__\n errread, errwrite)\n File \"/usr/lib64/python2.7/subprocess.py\", line 1327, in _execute_child\n raise child_exception\nOSError: [Errno 2] No such file or directory\n", "module_stdout": "" } MSG: MODULE FAILURE `path` parameter only supported in module `lineinfile` of Ansible 2.3. * As of Ansible 2.3, the `dest' option has been changed to `path' as default, but `dest' still works as well.
Will switch to `dest` to support the older ansible as well.
Patch: https://github.com/openshift/openshift-ansible/pull/4173/commits/69c26f3bc3b9cefc9df9b3fc1c7d3dd6dea625fe
Tested with this patch: 1) no_proxy was set twice #cat /etc/atomic.conf <--snip--> no_proxy: .cluster.local,openshift-147.lab.sjc.redhat.com no_proxy: .cluster.local,openshift-119.lab.sjc.redhat.com,openshift-147.lab.sjc.redhat.com 2) proxy didn't work while pulling images from external registry # atomic --version 1.16.5 # atomic pull docker.io/busybox Failed: pinging docker registry returned: Get http://registry-1.docker.io/v2/: dial tcp 52.22.113.111:80: i/o timeout But using upstream code worked for me: # python atomic --version 1.17.1 # python atomic pull docker.io/busybox Pulling docker.io/library/busybox:latest ... Copying blob sha256:1cae461a1479c5a24dd38bd5f377ce65f531399a7db8c3ece891ac2197173f1d 254.52 KB / 682.92 KB [====================>----------------------------------] Copying config sha256:c75bebcdd211f41b3a460c7bf82970ed6c75acaab9cd4c9a4e125b03ca113798 0 B / 1.47 KB [---------------------------------------------------------------] Writing manifest to image destination Storing signatures 1.47 KB / 1.47 KB [===========================================================]
Looks like a new version of atomic command needs to be released. Added another bug waiting on the same thing as a depends. My guess is that the role is being included and run multiple times. I'll see if I can't make it only add the line once.
I believe this should be re-testable at this point.
Looks like there is a bug in the atomic command which will cause failure. Giuseppe has a PR in to fix this at https://github.com/projectatomic/atomic/pull/1005. However, this may be a bug in the oc_atomic_container ansible module. Will research and udpate.
We have a workaround at https://github.com/openshift/openshift-ansible/pull/4272
Merged
https://github.com/openshift/openshift-ansible/pull/4272 isn't in openshift-ansible-3.6.94-1 Moving to `MODIFIED`.
openshift-ansible-3.6.97-1.git.0.bc7d3b8.el7 should have it
Verified with openshift-ansible-3.6.98-1.git.0.e651d65.el7.noarch.rpm
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHEA-2017:1716