Description of problem: When scaling up etcd from single etcd to three member etcd cluster, scale-up playbook failed when trying to start iptables service on the second new etcd node. The playbook is trying to start iptables service on all new_etcd nodes after just completing iptables packages installation check on the first new etcd node. https://github.com/openshift/openshift-ansible/blob/openshift-ansible-3.7.0-0.125.0/roles/os_firewall/tasks/iptables.yml#L17-L36 Version-Release number of the following components: openshift-ansible-3.7.0-0.125.0.git.0.91043b6.el7.noarch.rpm ansible-2.3.2.0-2.el7.noarch How reproducible: Always Steps to Reproduce: 1.Add new_etcd group as OSEv3 children group and add two new host in new_etcd group into ansible inventory file, then run etcd scale-up playbook [new_etcd] ec2-54-226-88-79.compute-1.amazonaws.com ec2-54-208-13-216.compute-1.amazonaws.com #ansible-playbook -i ~/host -v /usr/share/ansible/openshift-ansible/playbooks/byo/openshift-etcd/scaleup.yml Actual results: TASK [os_firewall : Install iptables packages] ********************************* ok: [ec2-54-226-88-79.compute-1.amazonaws.com] => (item=iptables) => {"changed": false, "item": "iptables", "msg": "", "rc": 0, "results": ["iptables-1.4.21-18.el7.x86_64 providing iptables is already installed"]} changed: [ec2-54-226-88-79.compute-1.amazonaws.com] => (item=iptables-services) => {"changed": true, "item": "iptables-services", "msg": "", "rc": 0, "results": ["Loaded plugins: amazon-id, search-disabled-repos\nResolving Dependencies\n--> Running transaction check\n---> Package iptables-services.x86_64 0:1.4.21-18.el7 will be installed\n--> ... iptables-services.x86_64 0:1.4.21-18.el7 \n\nComplete!\n"]} TASK [os_firewall : Start and enable iptables service] changed: [ec2-54-226-88-79.compute-1.amazonaws.com -> ec2-54-226-88-79.compute-1.amazonaws.com] => (item=ec2-54-226-88-79.compute-1.amazonaws.com) => {"changed": true, "enabled": true, "item": "ec2-54-226-88-79.compute-1.amazonaws.com", "name": "iptables", "state": "started", "status": ..}} failed: [ec2-54-226-88-79.compute-1.amazonaws.com -> ec2-54-208-13-216.compute-1.amazonaws.com] (item=ec2-54-208-13-216.compute-1.amazonaws.com) => {"failed": true, "item": "ec2-54-208-13-216.compute-1.amazonaws.com", "msg": "Could not find the requested service iptables: host"} Expected results: Additional info:
https://github.com/openshift/openshift-ansible/pull/5407 proposed fix
Verify this bug with openshift-ansible-3.7.0-0.144.2.git.0.da1dd6c.el7.noarch.rpm When scaling up etcd from single etcd to three member etcd cluster, the scale-up playbook is starting iptables service correctly, no such issue happened.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2017:3188