Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1522805

Summary: requestheader-client-ca-file missing in configmap extension-apiserver-authentication after upgrade
Product: OpenShift Container Platform Reporter: Jaspreet Kaur <jkaur>
Component: Cluster Version OperatorAssignee: Jeff Peeler <jpeeler>
Status: CLOSED DUPLICATE QA Contact: Jian Zhang <jiazha>
Severity: high Docs Contact:
Priority: high    
Version: 3.7.0CC: aos-bugs, chezhang, jokerman, jpeeler, mmccomas, wenj8023, wmeng
Target Milestone: ---   
Target Release: 3.7.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
The installer has been modified to turn on API aggregation for upgrades to 3.7, which is a required dependency for service catalog to work properly.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2018-01-27 18:22:44 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Jaspreet Kaur 2017-12-06 13:39:31 UTC 
Description of problem: When upgrading to 3.7 servicecatalog fails because the apiserver service is not working. Checking further inside the pods it is missing requestheader-client-ca-file and making the pod to crash.

While a new installation of 3.7 has the correct configmap

Version-Release number of the following components:
rpm -q openshift-ansible
openshift-ansible-3.7.9-1.git.7.eedd332.el7.noarch

rpm -q ansible
ansible-2.4.0.0-5.el7.noarch

 ansible --version
ansible 2.4.0.0
  config file = /etc/ansible/ansible.cfg
  configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python2.7/site-packages/ansible
  executable location = /usr/bin/ansible
  python version = 2.7.5 (default, Aug  2 2016, 04:20:16) [GCC 4.8.5 20150623 (Red Hat 4.8.5-4)]


How reproducible:

Steps to Reproduce:
1.
2.
3.

Actual results: requestheader-client-ca-file missing in configmap extension-apiserver-authentication after upgrade


Expected results: requestheader-client-ca-file should be there in configmap extension-apiserver-authentication after upgrade

Additional info:
Please attach logs from ansible-playbook with the -vvv flag
Comment 1 Jeff Peeler 2018-01-19 21:01:17 UTC 
This is evidence that the API aggregator was not enabled upon upgrade, which has been fixed in bug 1523298.
Comment 2 Zhang Cheng 2018-01-22 05:17:53 UTC 
QE recreated this issue, and will verify later.
Comment 3 Zhang Cheng 2018-01-22 05:18:20 UTC 
Reproduce steps refer to https://bugzilla.redhat.com/show_bug.cgi?id=1523298#c12
Comment 4 Jeff Peeler 2018-01-22 15:19:40 UTC 
PR link copied from bug 1523298: https://github.com/openshift/openshift-ansible/pull/6736
Comment 6 Jian Zhang 2018-01-25 05:30:31 UTC 
I tested the newer 3.7.24-1.git.0.18a2c6a.el7.noarch, and it works well! LGTM.
Comment 7 Zhang Cheng 2018-01-27 14:35:03 UTC 
Jeff, 
I think the target release should be "3.7.z", please update if yes
Comment 8 Jeff Peeler 2018-01-27 18:22:44 UTC 
I think the real mistake is not closing this as a dupe, rather than setting it to modified and copying the doc text from the other bug.

*** This bug has been marked as a duplicate of bug 1523298 ***
Comment 9 Wen Jun 2018-02-28 11:16:00 UTC 
(In reply to Jian Zhang from comment #6)
> I tested the newer 3.7.24-1.git.0.18a2c6a.el7.noarch, and it works well!
> LGTM.

I have met the same problem,but i can not find the package "3.7.24-1.git.0.18a2c6a.el7.noarch",can you tell me where to find it?
by the way,my package is "3.7.23-1.git.0.8edc154.el7.noarch".
Comment 10 Jeff Peeler 2018-02-28 18:22:37 UTC 
(In reply to Wen Jun from comment #9)
> (In reply to Jian Zhang from comment #6)
> > I tested the newer 3.7.24-1.git.0.18a2c6a.el7.noarch, and it works well!
> > LGTM.
> 
> I have met the same problem,but i can not find the package
> "3.7.24-1.git.0.18a2c6a.el7.noarch",can you tell me where to find it?
> by the way,my package is "3.7.23-1.git.0.8edc154.el7.noarch".

The errata for public release was delayed, I'm not sure when the final date is. In the coming weeks.