1570922 – [grafana] Install of grafana using openshift-ansible playbook fails

Bug 1570922 - [grafana] Install of grafana using openshift-ansible playbook fails

Summary: [grafana] Install of grafana using openshift-ansible playbook fails

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	Installer
Sub Component:
Version:	3.10.0
Hardware:	All
OS:	All
Priority:	unspecified
Severity:	medium
Target Milestone:	---
Target Release:	3.10.0
Assignee:	Eldad Marciano
QA Contact:	Johnny Liu
Docs Contact:
URL:
Whiteboard:	aos-scalability-310
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2018-04-23 17:49 UTC by Siva Reddy
Modified:	2018-07-30 19:14 UTC (History)
CC List:	5 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2018-07-30 19:13:42 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)
The output from the playbook run. (34.76 KB, text/plain) 2018-04-23 17:49 UTC, Siva Reddy	no flags	Details
View All

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2018:1816	0	None	None	None	2018-07-30 19:14:17 UTC

Description Siva Reddy 2018-04-23 17:49:39 UTC

Created attachment 1425714 [details]
The output from the playbook run.

Description of problem:

Version-Release number of the following components:
rpm -q openshift-ansible
   package openshift-ansible is not installed
rpm -q ansible
   ansible-2.4.3.0-1.el7ae.noarch
ansible --version
   ansible 2.4.3.0
  config file = /etc/ansible/ansible.cfg
  configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python2.7/site-packages/ansible
  executable location = /usr/bin/ansible
  python version = 2.7.5 (default, Feb 20 2018, 09:19:12) [GCC 4.8.5 20150623 (Red Hat 4.8.5-28)]
openshift version
   openshift v3.10.0-0.22.0
   kubernetes v1.10.0+b81c8f8
   etcd 3.2.16


How reproducible:
Always
Steps to Reproduce:
1. Install an OCP cluster with 1 master, 1 infra and two compute nodes
2. Install grafana by using the playbook in openshift-ansible
    ansible-playbook -i inventory openshift-ansible/playbooks/openshift-grafana/config.yml
3. Note the result

Actual results:
   The playbook error's out in the add database step with the following error
   atal: [ip-172-31-39-238.us-west-2.compute.internal]: FAILED! => {"changed": false, "msg": "Failed to validate the SSL certificate for grafana-openshift-grafana.router.default.svc.cluster.local:443. Make sure your managed systems have a valid CA certificate installed. You can use validate_certs=False if you do not need to confirm the servers identity but this is unsafe and not recommended. Paths checked for this platform: /etc/ssl/certs, /etc/pki/ca-trust/extracted/pem, /etc/pki/tls/certs, /usr/share/ca-certificates/cacert.org, /etc/ansible. The exception msg was: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:579)."}
        to retry, use: --limit @/root/openshift-ansible/playbooks/openshift-grafana/config.retry


Expected results:
    playbook runs successfully without any error.

Additional info:
   ansible output and the inventory attached.

Comment 2 Eldad Marciano 2018-04-24 13:56:41 UTC

I'm afraid this problem related to a broken cluster, it looks like we have mixed ca certificates.

Siva, could you try it on a fresh cluster?

Comment 4 Eldad Marciano 2018-04-24 15:08:56 UTC

The issue is due to a url trying to validate certs by default.
we should not use certs in this kind of insecure posts.
PR were submitted
https://github.com/openshift/openshift-ansible/pull/8114

Comment 7 Siva Reddy 2018-05-15 17:00:56 UTC

After the fix, install of grafana through the playbook succeeds without any error. And the grafana dashboard is accessible through the app route.

Comment 9 errata-xmlrpc 2018-07-30 19:13:42 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:1816

Note You need to log in before you can comment on or make changes to this bug.