Bug 1509859 - Certificate expiry playbook run error
Summary: Certificate expiry playbook run error
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Installer
Version: 3.5.0
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: ---
: 3.6.z
Assignee: Vadim Rutkovsky
QA Contact: Gaoyun Pei
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-11-06 08:48 UTC by Miheer Salunke
Modified: 2018-09-26 04:11 UTC (History)
8 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-09-26 04:10:45 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2018:2654 0 None None None 2018-09-26 04:11:05 UTC

Comment 4 Scott Dodson 2018-01-24 13:33:29 UTC
This looks like the cert expiry module assumes embedded etcd configuration betcause it's looking for etcdConfig.servingInfo which won't exist when the environment is not embedded. We should fix that check to ensure it does the right thing on non embedded environments especially given that's all that we support in 3.7 and later.

Comment 5 Vadim Rutkovsky 2018-01-25 13:50:23 UTC
Can't seem to reproduce it in master, release-3.7 or openshift-ansible-3.5.120-1 branches. Works fine here both with dedicated or embedded etcd config.

Miheer, could you ask for customer's inventory file?

Comment 7 Vadim Rutkovsky 2018-03-07 13:04:03 UTC
This doesn't look like an embedded etcd issue, but could be a permission issue to read the config (although root is used).

Miheer, is it reproducible on the latest openshift-ansible package? Which version is used there?

Comment 8 Miheer Salunke 2018-04-06 03:06:05 UTC
(In reply to Vadim Rutkovsky from comment #7)
> This doesn't look like an embedded etcd issue, but could be a permission
> issue to read the config (although root is used).
> 
> Miheer, is it reproducible on the latest openshift-ansible package? Which
> version is used there?


Do you want me to have them "yum update atomic-openshift-util" ?

# rpm -q openshift-ansible
openshift-ansible-3.5.120-1.git.0.c60f69a.el7.noarch

For more details check comment 1

Comment 9 Vadim Rutkovsky 2018-04-10 10:23:49 UTC
(In reply to Miheer Salunke from comment #8)
> Do you want me to have them "yum update atomic-openshift-util" ?
> 
> # rpm -q openshift-ansible
> openshift-ansible-3.5.120-1.git.0.c60f69a.el7.noarch
> 
> For more details check comment 1

The latest released RPM is openshift-ansible-3.5.146-1.git.0.fee1c99.el7.noarch.rpm. Could the customer update to it and re-run cert expiry playbooks?

Comment 10 Scott Dodson 2018-05-02 18:20:29 UTC
Re-open if the problem persists in the latest version of 3.5 playbooks.

Comment 22 Vadim Rutkovsky 2018-08-21 11:59:07 UTC
Right, it seems this cluster has remains from embedded etcd, so the playbook fails.

Created PR https://github.com/openshift/openshift-ansible/pull/9696

Comment 27 Vadim Rutkovsky 2018-09-10 08:16:54 UTC
Fix is available in openshift-ansible-3.6.173.0.130-1

Comment 28 Gaoyun Pei 2018-09-11 05:12:46 UTC
Waiting for openshift-ansible-3.6.173.0.130-1 rpm build

Comment 32 Gaoyun Pei 2018-09-13 03:14:03 UTC
Verify this bug with openshift-ansible-3.6.173.0.130-1.git.0.22ddff9.el7.noarch.

When master-config.yaml has empty 'etcdConfig:' section, cert check playbook could run well.

Comment 34 errata-xmlrpc 2018-09-26 04:10:45 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2018:2654


Note You need to log in before you can comment on or make changes to this bug.