Description of problem: In https://github.com/openshift/openshift-ansible/tree/release-3.9/examples#openshift-ansible-usage-examples, it introduce four example jobs of cert-check/scheduled cert-check, list the issues here found during testing on OCP-3.9. 1. Secret creation command is deprecated [root@ip-172-18-13-8 ~]# oc secrets new-sshauth sshkey --ssh-privatekey=$HOME/.ssh/id_rsa Command "new-sshauth" is deprecated, use oc create secret secret/sshkey 2. Path to the playbooks used in template files is invalid [root@ip-172-18-13-8 ~]# oc logs certificate-check-tkplg Using /usr/share/ansible/openshift-ansible/ansible.cfg as config file ERROR! the playbook: playbooks/certificate_expiry/easy-mode-upload.yaml could not be found The same as html_and_json_timestamp.yaml playbook 3. Image used in the template is not correct for OCP [root@ip-172-18-13-8 ~]# oc get job certificate-check -o yaml |grep image: image: openshift/origin-ansible 4. ScheduledJob Kind is deprecated in OCP-3.9 [root@ip-172-18-13-8 ~]# oc create -f openshift-ansible/examples/scheduled-certcheck-upload.yaml error: unable to recognize "openshift-ansible/examples/scheduled-certcheck-upload.yaml": no matches for batch/, Kind=ScheduledJob After changed to "CronJob", it could work. 5. Write reports to `/var/lib/certcheck` failed when using volumes TASK [openshift_certificate_expiry : Generate expiration report HTML] ********** Wednesday 21 March 2018 08:55:36 +0000 (0:00:04.180) 0:00:04.933 ******* fatal: [ec2-54-164-122-51.compute-1.amazonaws.com]: FAILED! => {"msg": "Failed to get information on remote file (/var/lib/certcheck/20180321-cert-expiry-report.html): /bin/sh: sudo: command not found\n"} Version-Release number of the following components: [root@ip-172-18-13-8 openshift-ansible]# git describe openshift-ansible-3.9.12-1-4-gfabeed5 How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Please include the entire output from the last TASK line through the end of output if an error is generated Expected results: Additional info: Please attach logs from ansible-playbook with the -vvv flag
Created https://github.com/openshift/openshift-ansible/pull/7666 to address this. (In reply to Gaoyun Pei from comment #0) > 1. Secret creation command is deprecated Fixed in PR > 2. Path to the playbooks used in template files is invalid Fixed > 3. Image used in the template is not correct for OCP > > [root@ip-172-18-13-8 ~]# oc get job certificate-check -o yaml |grep image: > image: openshift/origin-ansible Not sure of this is an issue. The image is available on dockerhub, I don't think we want pre-processing to use separate images for Origin and OCP. In any case, this is just a sample job > 4. ScheduledJob Kind is deprecated in OCP-3.9 Fixed > 5. Write reports to `/var/lib/certcheck` failed when using volumes > > TASK [openshift_certificate_expiry : Generate expiration report HTML] > ********** > Wednesday 21 March 2018 08:55:36 +0000 (0:00:04.180) 0:00:04.933 > ******* > fatal: [ec2-54-164-122-51.compute-1.amazonaws.com]: FAILED! => {"msg": > "Failed to get information on remote file > (/var/lib/certcheck/20180321-cert-expiry-report.html): /bin/sh: sudo: > command not found\n"} Can't seem to find where it attempts to run 'sudo'. Are you running this manually or in scheduled mode? Could you attach the ansible log?
Met with this error when running Job certificate-check-volume.yaml, following the guide in https://github.com/openshift/openshift-ansible/tree/release-3.9/examples#job-and-scheduledjob-to-check-certificates-using-volumes Seems like it's a same issue with https://bugzilla.redhat.com/show_bug.cgi?id=1551464 Attached the ansible logs.
Created attachment 1413659 [details] Ansible output
(In reply to Gaoyun Pei from comment #2) > Met with this error when running Job certificate-check-volume.yaml, > following the guide in > https://github.com/openshift/openshift-ansible/tree/release-3.9/examples#job- > and-scheduledjob-to-check-certificates-using-volumes > > Seems like it's a same issue with > https://bugzilla.redhat.com/show_bug.cgi?id=1551464 > > Attached the ansible logs. Do you have 'become' in your inventory? Ansible would attempt to use sudo if its set - but the container image may not have it. Not sure how to proceed here - should we add a warning about sudo to the README.md? Should 'sudo' be added to 'openshift/origin-ansible' image?
(In reply to Vadim Rutkovsky from comment #4) > (In reply to Gaoyun Pei from comment #2) > > Met with this error when running Job certificate-check-volume.yaml, > > following the guide in > > https://github.com/openshift/openshift-ansible/tree/release-3.9/examples#job- > > and-scheduledjob-to-check-certificates-using-volumes > > > > Seems like it's a same issue with > > https://bugzilla.redhat.com/show_bug.cgi?id=1551464 > > > > Attached the ansible logs. > > Do you have 'become' in your inventory? Ansible would attempt to use sudo if > its set - but the container image may not have it. No, I didn't use "become=yes" or "ansible_become" related options, just set ansible_user=root directly in [OSEv3] group var.
(In reply to Gaoyun Pei from comment #5) > (In reply to Vadim Rutkovsky from comment #4) > > (In reply to Gaoyun Pei from comment #2) > > > Met with this error when running Job certificate-check-volume.yaml, > > > following the guide in > > > https://github.com/openshift/openshift-ansible/tree/release-3.9/examples#job- > > > and-scheduledjob-to-check-certificates-using-volumes > > > > > > Seems like it's a same issue with > > > https://bugzilla.redhat.com/show_bug.cgi?id=1551464 > > > > > > Attached the ansible logs. > > > > Do you have 'become' in your inventory? Ansible would attempt to use sudo if > > its set - but the container image may not have it. > > No, I didn't use "become=yes" or "ansible_become" related options, just set > ansible_user=root directly in [OSEv3] group var. Right, got a fix for that. Lets track it in https://bugzilla.redhat.com/show_bug.cgi?id=1551464
Fix is available in openshift-ansible-3.9.16-1
Verify this bug with openshift-ansible-3.9.19-1. The four examples in https://github.com/openshift/openshift-ansible/tree/release-3.9/examples#openshift-ansible-usage-examples all work well now.
Move it to verified according to Comment 8
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2018:1566