https://github.com/openshift/openshift-ansible/pull/4467
Test this bug with openshift-ansible-3.5.88-1.git.0.9901d92.el7.noarch Set openshift_master_cert_expire_days to 365 to workaround BZ#1465263. Once BZ#1465263 fixed, will move this bug to verified. 1. Prepare an haproxy load-balancer openshift-133.test.com listens on 443 while the backend masters listen on 8443, make sure 443 and 8443 port opened. 2. Configure inventory file like below [OSEv3:children] masters nodes etcd [OSEv3:vars] <-snip-> openshift_master_cluster_method=native openshift_master_cluster_hostname=openshift-133.test.com openshift_master_cluster_public_hostname=openshift-133.test.com penshift_master_console_port=8443 openshift_master_api_port=8443 openshift_master_api_url=https://openshift-133.test.com:443 openshift_master_console_url=https://openshift-133.test.com:443/console openshift_master_public_api_url=https://openshift-133.test.com:443 openshift_master_public_console_url=https://openshift-133.test.com:443/console <-snip-> [masters] ... 3. Run installation playbook The installation is successful without error, ocp cluster is working well. 4. Check openshift-master.kubeconfig on 3 masters The user referred in openshift-master.kubeconfig are all pointing to local master with correct port. 5. Stop 2/3 masters' controllers service in turn, each of the 3 masters could work well.
Gaoyun, sounds like from your last comment the bug can be moved to VERIFIED?
Yes, actually this bug have been fixed with openshift-ansible-3.5.88-1, but still need workaround to continue the installation. Since BZ#1465263 was verified with openshift-ansible-3.5.91-1.git.0.28b3ddb.el7.noarch, mark this bug also verified with openshift-ansible-3.5.91-1.git.0.28b3ddb.el7.noarch.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2017:1666