This looks like the cert expiry module assumes embedded etcd configuration betcause it's looking for etcdConfig.servingInfo which won't exist when the environment is not embedded. We should fix that check to ensure it does the right thing on non embedded environments especially given that's all that we support in 3.7 and later.
Can't seem to reproduce it in master, release-3.7 or openshift-ansible-3.5.120-1 branches. Works fine here both with dedicated or embedded etcd config. Miheer, could you ask for customer's inventory file?
This doesn't look like an embedded etcd issue, but could be a permission issue to read the config (although root is used). Miheer, is it reproducible on the latest openshift-ansible package? Which version is used there?
(In reply to Vadim Rutkovsky from comment #7) > This doesn't look like an embedded etcd issue, but could be a permission > issue to read the config (although root is used). > > Miheer, is it reproducible on the latest openshift-ansible package? Which > version is used there? Do you want me to have them "yum update atomic-openshift-util" ? # rpm -q openshift-ansible openshift-ansible-3.5.120-1.git.0.c60f69a.el7.noarch For more details check comment 1
(In reply to Miheer Salunke from comment #8) > Do you want me to have them "yum update atomic-openshift-util" ? > > # rpm -q openshift-ansible > openshift-ansible-3.5.120-1.git.0.c60f69a.el7.noarch > > For more details check comment 1 The latest released RPM is openshift-ansible-3.5.146-1.git.0.fee1c99.el7.noarch.rpm. Could the customer update to it and re-run cert expiry playbooks?
Re-open if the problem persists in the latest version of 3.5 playbooks.
Right, it seems this cluster has remains from embedded etcd, so the playbook fails. Created PR https://github.com/openshift/openshift-ansible/pull/9696
Fix is available in openshift-ansible-3.6.173.0.130-1
Waiting for openshift-ansible-3.6.173.0.130-1 rpm build
Verify this bug with openshift-ansible-3.6.173.0.130-1.git.0.22ddff9.el7.noarch. When master-config.yaml has empty 'etcdConfig:' section, cert check playbook could run well.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2018:2654