Created attachment 1339436 [details] master-config.yaml after the execution of playbook. Description of problem: During an OpenShift 3.6 installation, the playbook failed to finish because it could not start OpenShift master API service due to a misconfiguration on yaml file. By the error message, the misconfiguration looks like is writing the email administration from the certificate on the DNS list. And that parameter it gets from the certificates deployed. So, since there is an email address on the DNS list, OpenShift master API service fails, due to an invalid address on the configuration file (master-config.yaml). Because of this behavior(a bug?), the installation fails. Workaround*: To complete the installation without errors, we have verified what time the ansible playbook modifies the master-config.yaml file. So we edit the file removing the email address and save the file. When the playbook executes the task of starting the OpenShift Master API, it starts with the right parameters, since the file was modified and corrected. All the parameters needed for the installation were applied on the hosts file (attached). The .crt, .key, ca certificates are attached. The master-config.yaml configured by the playbook is attached(with email line on DNS configuration). Version-Release number of selected component (if applicable): OCP 3.6 How reproducible: Having certificates with host and email set up. Steps to Reproduce: 1. Install OCP 3.6 using ansible playbook 2. Must have all certificates signed by company CA 3. Actual results: master-config.yaml Line #117: namedCertificates: - certFile: /etc/origin/master/named_certificates/cloudbeta.rio.gov.br.crt keyFile: /etc/origin/master/named_certificates/cloudbeta.rio.gov.br.key names: - "email:hostmaster.rj.gov.br" - "cloudbeta.rio.gov.br" *Wrong line added: #221 - "email:hostmaster.rj.gov.br" Expected results: Playbook fails to start master-api service due to wrong entry on the master-config.yaml file. Additional info: Created By: Ryan Howe (16/10/2017 17:59) Looks like a bug with this: https://github.com/openshift/openshift-ansible/blob/release-3.6/filter_plugins/oo_filters.py#L540-L607 Description of problem: Version-Release number of the following components: rpm -q openshift-ansible rpm -q ansible ansible --version How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Please include the entire output from the last TASK line through the end of output if an error is generated Expected results: Additional info: Please attach logs from ansible-playbook with the -vvv flag
Created attachment 1339438 [details] /etc/ansible/hosts
Created attachment 1339449 [details] pem file
Proposed: https://github.com/openshift/openshift-ansible/pull/6878
Merged
Verified this bug with openshift-ansible-3.9.0-0.31.0.git.0.e0a0ad8.el7.noarch, and PASS. # cat /etc/origin/master/master-config.yaml <--snip--> namedCertificates: - certFile: /etc/origin/master/named_certificates/cloudbeta.rio.gov.br.crt keyFile: /etc/origin/master/named_certificates/cloudbeta.rio.gov.br.key names: - cloudbeta.rio.gov.br <--snip-->
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2018:0489