Description of problem: When user is setting openshift_master_api_port=443 in inventory file, api is listening on 443, while static pod's Readiness and Liveness probe port is still "8443", which is defined as hardcode in roles/openshift_control_plane/files/apiserver.yaml. Version-Release number of the following components: openshift-ansible-3.10.0-0.22.0 How reproducible: Always Steps to Reproduce: 1. Setting openshift_master_api_port=443 in inventory file 2. 3. Actual results: master api static pod is killed and started again and again due to its Readiness and Liveness probe failed. node logs: Apr 18 23:02:56 ip-172-18-7-137.ec2.internal atomic-openshift-node[19594]: I0418 23:02:56.394155 19594 prober.go:111] Liveness probe for "master-api-ip-172-18-7-137.ec2.internal_kube-system(c841c6034a69c9ebc7a2f4b67b059785):api" failed (failure): Get https://172.18.7.137:8443/healthz: dial tcp 172.18.7.137:8443: getsockopt: connection refused Apr 18 23:02:56 ip-172-18-7-137.ec2.internal atomic-openshift-node[19594]: I0418 23:02:56.394300 19594 server.go:428] Event(v1.ObjectReference{Kind:"Pod", Namespace:"kube-system", Name:"master-api-ip-172-18-7-137.ec2.internal", UID:"c841c6034a69c9ebc7a2f4b67b059785", APIVersion:"v1", ResourceVersion:"", FieldPath:"spec.containers{api}"}): type: 'Warning' reason: 'Unhealthy' Liveness probe failed: Get https://172.18.7.137:8443/healthz: dial tcp 172.18.7.137:8443: getsockopt: connection refused Apr 18 23:03:00 ip-172-18-7-137.ec2.internal atomic-openshift-node[19594]: I0418 23:03:00.952844 19594 prober.go:111] Readiness probe for "master-api-ip-172-18-7-137.ec2.internal_kube-system(c841c6034a69c9ebc7a2f4b67b059785):api" failed (failure): Get https://172.18.7.137:8443/healthz/ready: dial tcp 172.18.7.137:8443: getsockopt: connection refused Apr 18 23:03:00 ip-172-18-7-137.ec2.internal atomic-openshift-node[19594]: I0418 23:03:00.953316 19594 server.go:428] Event(v1.ObjectReference{Kind:"Pod", Namespace:"kube-system", Name:"master-api-ip-172-18-7-137.ec2.internal", UID:"c841c6034a69c9ebc7a2f4b67b059785", APIVersion:"v1", ResourceVersion:"", FieldPath:"spec.containers{api}"}): type: 'Warning' reason: 'Unhealthy' Readiness probe failed: Get https://172.18.7.137:8443/healthz/ready: dial tcp 172.18.7.137:8443: getsockopt: connection refused Expected results: Readiness and Liveness probe port should not be a hardcode in roles/openshift_control_plane/files/apiserver.yaml Additional info: Please attach logs from ansible-playbook with the -vvv flag
PR Created: https://github.com/openshift/openshift-ansible/pull/8052
In openshift-ansible-3.10.0-0.27.0
Fixed. openshift-ansible-3.10.0-0.27.0 openshift_master_api_port=443 installation successful # oc describe pod/master-api-ip-172-18-0-210.ec2.internal Ready: True Restart Count: 0 Liveness: http-get https://:443/healthz delay=45s timeout=1s period=10s #success=1 #failure=3 Readiness: http-get https://:443/healthz/ready delay=10s timeout=1s period=10s #success=1 #failure=3 Operating System: Red Hat Enterprise Linux Server 7.5 (Maipo) CPE OS Name: cpe:/o:redhat:enterprise_linux:7.5:GA:server Kernel: Linux 3.10.0-862.el7.x86_64
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2018:1816