As commented in https://bugzilla.redhat.com/show_bug.cgi?id=1478771 I miss one securityContext in comment 10. There are two securityContext in DC. The first is created by ansible. The second is created by 'oc patch' command following the document [1] The second one is still overwrote when using the openshift-ansible-3.5.125 with the fix PR. @Jeff, could you confirm if we need to persist the second securityContext.? [1] https://docs.openshift.com/container-platform/3.5/install_config/aggregate_logging.html-> Persistent Elasticsearch Storage -> 2. Each Elasticsearch replica definition must be patched to claim that privilege, for example: $ for dc in $(oc get deploymentconfig --selector logging-infra=elasticsearch -o name); do oc scale $dc --replicas=0 oc patch $dc \ -p '{"spec":{"template":{"spec":{"containers":[{"name":"elasticsearch","securityContext":{"privileged": true}}]}}}}' done
Opened https://bugzilla.redhat.com/show_bug.cgi?id=1478771 to address
PR with a fix created - https://github.com/openshift/openshift-ansible/pull/5637. I will create a backport to 3.6 once this merges
Commits pushed to master at https://github.com/openshift/openshift-ansible https://github.com/openshift/openshift-ansible/commit/f4c7d5e064fad263f618fb633d5c0d37c0a2a553 Bug 1496271 - Perserve SCC for ES local persistent storage ES can be modified to use node local persistent storage. This requires changing SCC and is described in docs: https://docs.openshift.com/container-platform/3.6/install_config/aggregate_logging.html During an upgrade, SCC defined by the user is ignored. This fix fetches SCC user defined as a fact and adds it to the ES DC which is later used. https://github.com/openshift/openshift-ansible/commit/cdbc995e65921210981e9fb3710a36c7d93a35dc Merge pull request #5637 from wozniakjan/1496271_fix Automatic merge from submit-queue. Bug 1496271 - Perserve SCC for ES local persistent storage ES can be modified to use node local persistent storage. This requires changing SCC and is described in docs: https://docs.openshift.com/container-platform/3.6/install_config/aggregate_logging.html During an upgrade, SCC defined by the user is ignored. This fix fetches SCC user defined as a fact and adds it to the ES DC which is later used. Also includes cherrypicked fix for - Bug 1482661 - Preserve ES dc nodeSelector and supplementalGroups cc @jcantrill
The nodeSelector securityContext when use openshift-ansible:v3.5.132. So move to verified.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2017:3049
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 1000 days