Bug 1510706 - Installing OCP with ASB failed with latest openshift-ansible, 3.7.0-0.197.0
Summary: Installing OCP with ASB failed with latest openshift-ansible, 3.7.0-0.197.0
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Service Broker
Version: 3.7.0
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: ---
: 3.7.0
Assignee: Fabian von Feilitzsch
QA Contact: Weihua Meng
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-11-08 03:13 UTC by Weihua Meng
Modified: 2017-11-10 21:01 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-11-10 21:01:33 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)

Comment 1 Zhang Cheng 2017-11-08 04:10:55 UTC 
This issue should dup with BZ https://bugzilla.redhat.com/show_bug.cgi?id=1507617 fix merge in yesterday. PR: https://github.com/openshift/openshift-ansible/pull/5976/files

*** This bug has been marked as a duplicate of bug 1507617 ***
Comment 2 Weihua Meng 2017-11-08 09:46:19 UTC 
Reopen it since for better bug track. I do not think duplicate is approciate.
to fix this bug, this file need to be modified https://github.com/openshift/openshift-ansible/blob/master/roles/ansible_service_broker/tasks/generate_certs.yml
I think all tasks are expected to be executed, but actually not.

details info here: 
TASK [ansible_service_broker : Create ansible-service-broker cert directory] ***
Wednesday 08 November 2017  01:17:00 +0000 (0:00:00.039)       0:14:20.753 **** 
changed: [host-8-241-56.host.centralci.eng.rdu2.redhat.com] => {"changed": true, "failed": false, "gid": 0, "group": "root", "mode": "0755", "owner": "root", "path": "/etc/origin/ansible-service-broker", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 6, "state": "directory", "uid": 0}

TASK [ansible_service_broker : set_fact] ***************************************
Wednesday 08 November 2017  01:17:00 +0000 (0:00:00.280)       0:14:21.034 **** 
ok: [host-8-241-56.host.centralci.eng.rdu2.redhat.com] => {"ansible_facts": {"ansible_service_broker_certs_dir": "/etc/origin/ansible-service-broker"}, "changed": false, "failed": false}

TASK [ansible_service_broker : Create self signing ca cert] ********************
Wednesday 08 November 2017  01:17:00 +0000 (0:00:00.070)       0:14:21.105 **** 
skipping: [host-8-241-56.host.centralci.eng.rdu2.redhat.com] => {"changed": false, "skip_reason": "Conditional result was False", "skipped": true}

TASK [ansible_service_broker : Create self signed client cert] *****************
Wednesday 08 November 2017  01:17:00 +0000 (0:00:00.039)       0:14:21.144 **** 
skipping: [host-8-241-56.host.centralci.eng.rdu2.redhat.com] => (item={u'creates': u'/etc/origin/ansible-service-broker/client.key', u'cmd': u'openssl genrsa -out /etc/origin/ansible-service-broker/client.key 2048'})  => {"changed": false, "item": {"cmd": "openssl genrsa -out /etc/origin/ansible-service-broker/client.key 2048", "creates": "/etc/origin/ansible-service-broker/client.key"}, "skip_reason": "Conditional result was False", "skipped": true}
skipping: [host-8-241-56.host.centralci.eng.rdu2.redhat.com] => (item={u'creates': u'/etc/origin/ansible-service-broker/client.csr', u'cmd': u'openssl req -new -key /etc/origin/ansible-service-broker/client.key -out /etc/origin/ansible-service-broker/client.csr -subj "/CN=client"'})  => {"changed": false, "item": {"cmd": "openssl req -new -key /etc/origin/ansible-service-broker/client.key -out /etc/origin/ansible-service-broker/client.csr -subj \"/CN=client\"", "creates": "/etc/origin/ansible-service-broker/client.csr"}, "skip_reason": "Conditional result was False", "skipped": true}
skipping: [host-8-241-56.host.centralci.eng.rdu2.redhat.com] => (item={u'creates': u'/etc/origin/ansible-service-broker/client.pem', u'cmd': u'openssl x509 -req -in /etc/origin/ansible-service-broker/client.csr -CA /etc/origin/ansible-service-broker/cert.pem -CAkey /etc/origin/ansible-service-broker/key.pem -CAcreateserial -out /etc/origin/ansible-service-broker/client.pem -days 1024'})  => {"changed": false, "item": {"cmd": "openssl x509 -req -in /etc/origin/ansible-service-broker/client.csr -CA /etc/origin/ansible-service-broker/cert.pem -CAkey /etc/origin/ansible-service-broker/key.pem -CAcreateserial -out /etc/origin/ansible-service-broker/client.pem -days 1024", "creates": "/etc/origin/ansible-service-broker/client.pem"}, "skip_reason": "Conditional result was False", "skipped": true}

TASK [ansible_service_broker : set_fact] ***************************************
Wednesday 08 November 2017  01:17:00 +0000 (0:00:00.078)       0:14:21.223 **** 
 [WARNING]: Unable to find '/etc/origin/ansible-service-broker/client.pem' in
expected paths.

fatal: [host-8-241-56.host.centralci.eng.rdu2.redhat.com]: FAILED! => {"failed": true, "msg": "An unhandled exception occurred while running the lookup plugin 'file'. Error was a <class 'ansible.errors.AnsibleError'>, original message: could not locate file in lookup: /etc/origin/ansible-service-broker/client.pem"}
	to retry, use: --limit @/home/slave2/workspace/Launch Environment Flexy/private-openshift-ansible/playbooks/byo/config.retry
Comment 3 Fabian von Feilitzsch 2017-11-08 13:35:24 UTC 
This should be fixed by these two PRs:

https://github.com/openshift/openshift-ansible/pull/6044
https://github.com/openshift/openshift-ansible/pull/6048

Both were merged yesterday.

However, the install will still not be totally successful pending https://github.com/openshift/openshift-ansible/pull/6052
Comment 5 Zhang Cheng 2017-11-09 03:01:55 UTC 
Images are ready for test. Moving to ON_QA status.
Comment 6 Zhang Cheng 2017-11-09 03:04:10 UTC 
Retested and verified with openshift-ansible-3.7.4-1
svc-catalog and asb can be deployed succeed.
Note You need to log in before you can comment on or make changes to this bug.