Bug 1498592 - 3.7.0-0.142.0 byo install fails with missing /etc/origin/master/ca.crt
Summary: 3.7.0-0.142.0 byo install fails with missing /etc/origin/master/ca.crt
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Installer
Version: 3.7.0
Hardware: Unspecified
OS: Unspecified
unspecified
urgent
Target Milestone: ---
: ---
Assignee: Scott Dodson
QA Contact: Johnny Liu
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-10-04 17:10 UTC by Mike Fiedler
Modified: 2017-10-05 17:55 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-10-05 17:54:47 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)
ansible-playbook -vvv log (212.87 KB, application/x-gzip)
2017-10-04 17:10 UTC, Mike Fiedler 		no flags Details
View All

Description Mike Fiedler 2017-10-04 17:10:35 UTC 
Created attachment 1334403 [details]
ansible-playbook -vvv log

Description of problem:

fatal: [ip-172-31-58-51]: FAILED! => {
    "changed": true, 
    "cmd": [
        "oc", 
        "config", 
        "set-cluster", 
        "--certificate-authority=/etc/origin/master/ca.crt", 
        "--embed-certs=true", 
        "--server=https://ip-172-31-58-51.us-west-2.compute.internal:8443", 
        "ip-172-31-58-51-us-west-2-compute-internal:8443", 
        "--config=/etc/origin/master/openshift-master.kubeconfig"
    ], 
    "delta": "0:00:00.149080", 
    "end": "2017-10-04 16:42:18.098610", 
    "failed": true, 
    "invocation": {
        "module_args": {
            "_raw_params": "oc config set-cluster --certificate-authority=/etc/origin/master/ca.crt --embed-certs=true --server=https://ip-172-31-58-51.us-west-2.compute.internal:8443 ip-172-31-58-51-us-west-2-compute-internal:8443 --config=/etc/origin/master/openshift-master.kubeconfig", 
            "_uses_shell": false, 
            "chdir": null, 
            "creates": null, 
            "executable": null, 
            "removes": null, 
            "stdin": null, 
            "warn": true
        }
    }, 
    "msg": "non-zero return code", 
    "rc": 1, 
    "start": "2017-10-04 16:42:17.949530", 
    "stderr": "error: could not read certificate-authority data from /etc/origin/master/ca.crt: open /etc/origin/master/ca.crt: no such file or directory", 
    "stderr_lines": [
        "error: could not read certificate-authority data from /etc/origin/master/ca.crt: open /etc/origin/master/ca.crt: no such file or directory"
    ], 
    "stdout": "", 
    "stdout_lines": []
}

Note:  The system I ran the playbook from did get a ca.crt generated in /etc/origin/master/ca.crt - but it was not the master in the inventory.


Version-Release number of the following components:
rpm -q openshift-ansible
openshift-ansible-3.7.0-0.142.0.git.0.cf99c36.el7.noarch

rpm -q ansible
ansible-2.4.0.0-4.el7.noarch

ansible --version
ansible 2.4.0.0
  config file = /etc/ansible/ansible.cfg
  configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python2.7/site-packages/ansible
  executable location = /usr/bin/ansible
  python version = 2.7.5 (default, May  3 2017, 07:55:04) [GCC 4.8.5 20150623 (Red Hat 4.8.5-14)]


How reproducible:   Always

Steps to Reproduce:
1.   3 Node cluster in AWS - 1 master, 1 infra, 1 node (see inventory below)
2.   Run byo/config.yml from a non-master 


Actual results:
Please include the entire output from the last TASK line through the end of output if an error is generated

See above - full ansible-playbook -vvv log attached.



Expected results:

good install

Additional info:
Please attach logs from ansible-playbook with the -vvv flag

[OSEv3:children]
masters
nodes
etcd

[OSEv3:vars]

#The following parameters is used by post-actions
iaas_name=AWS
use_rpm_playbook=true
openshift_playbook_rpm_repos=[{'id': 'aos-playbook-rpm', 'name': 'aos-playbook-rpm', 'baseurl': 'http://download.eng.bos.redhat.com/rcm-guest/puddles/RHAOS/AtomicOpenShift/3.7/latest/x86_64/os', 'enabled': 1, 'gpgcheck': 0}]
update_is_images_url=registry.ops.openshift.com
#The following parameters is used by openshift-ansible
ansible_ssh_user=root
openshift_cloudprovider_kind=aws
openshift_cloudprovider_aws_access_key=<redacted>
openshift_cloudprovider_aws_secret_key=<redacted>
openshift_master_default_subdomain_enable=true
openshift_master_default_subdomain=apps.1004-g89.qe.rhcloud.com
openshift_auth_type=allowall
openshift_master_identity_providers=[{'name': 'allow_all', 'login': 'true', 'challenge': 'true', 'kind': 'AllowAllPasswordIdentityProvider'}]
openshift_master_cluster_public_hostname=ec2-54-218-203-45.us-west-2.compute.amazonaws.com
openshift_master_cluster_hostname=ip-172-31-58-51
deployment_type=openshift-enterprise
openshift_cockpit_deployer_prefix=registry.ops.openshift.com/openshift3/
osm_cockpit_plugins=['cockpit-kubernetes']
osm_use_cockpit=false
oreg_url=registry.ops.openshift.com/openshift3/ose-${component}:${version}
openshift_docker_additional_registries=registry.ops.openshift.com
openshift_docker_insecure_registries=registry.ops.openshift.com
use_cluster_metrics=true
openshift_master_cluster_method=native
openshift_master_dynamic_provisioning_enabled=true
osm_default_node_selector=region=primary
openshift_disable_check=disk_availability,memory_availability
openshift_master_portal_net=172.24.0.0/14
openshift_portal_net=172.24.0.0/14
osm_cluster_network_cidr=172.20.0.0/14
osm_host_subnet_length=9
openshift_node_kubelet_args={"pods-per-core": ["0"], "max-pods": ["510"],"minimum-container-ttl-duration": ["10s"], "maximum-dead-containers-per-container": ["1"], "maximum-dead-containers": ["20"], "image-gc-high-threshold": ["80"], "image-gc-low-threshold": ["70"]}
openshift_registry_selector="region=infra,zone=default"
openshift_hosted_router_selector="region=infra,zone=default"
openshift_hosted_router_registryurl=registry.ops.openshift.com/openshift3/ose-${component}:${version}
debug_level=2
openshift_set_hostname=true
openshift_override_hostname_check=true
os_sdn_network_plugin_name=redhat/openshift-ovs-multitenant
openshift_hosted_router_replicas=1
openshift_hosted_registry_storage_kind=object
openshift_hosted_registry_storage_provider=s3
openshift_hosted_registry_storage_s3_accesskey=<redacted>
openshift_hosted_registry_storage_s3_secretkey=<redacted>
openshift_hosted_registry_storage_s3_bucket=aoe-svt-test
openshift_hosted_registry_storage_s3_region=us-west-2
openshift_hosted_registry_replicas=1
openshift_metrics_install_metrics=false
openshift_metrics_image_prefix=registry.ops.openshift.com/openshift3/
openshift_metrics_image_version=v3.7.0
openshift_metrics_cassandra_storage_type=dynamic
openshift_metrics_cassandra_pvc_size=25Gi
openshift_logging_install_logging=false
openshift_logging_image_prefix=registry.ops.openshift.com/openshift3/
openshift_logging_image_version=v3.7.0
openshift_logging_storage_volume_size=25Gi
openshift_logging_storage_kind=dynamic
openshift_logging_es_pvc_size=50Gi
openshift_logging_es_pvc_dynamic=true
openshift_use_system_containers=false
system_images_registry=registry.ops.openshift.com
openshift_image_tag=v3.7.0


[lb]


[etcd]
ip-172-31-58-51  


[masters]
ip-172-31-58-51  


[nodes]
ip-172-31-58-51 openshift_node_labels="{'region': 'infra', 'zone': 'default'}" openshift_scheduleable=false

ip-172-31-1-220 openshift_node_labels="{'region': 'infra', 'zone': 'default'}"

ip-172-31-41-78 openshift_node_labels="{'region': 'primary', 'zone': 'default'}"
Comment 1 Mike Fiedler 2017-10-04 17:41:49 UTC 
I encountered the same issue running the playbook from the master.   These systems do have openshift RPMs preinstalled to save on downloads during install.   I will install next on systems with no pre-installed RPMs except openshift-ansible.
Comment 2 Mike Fiedler 2017-10-05 17:54:47 UTC 
This was a bad gold image issue.  Extraneous files in /etc/origin
Note You need to log in before you can comment on or make changes to this bug.