Created attachment 1425714 [details] The output from the playbook run. Description of problem: Version-Release number of the following components: rpm -q openshift-ansible package openshift-ansible is not installed rpm -q ansible ansible-2.4.3.0-1.el7ae.noarch ansible --version ansible 2.4.3.0 config file = /etc/ansible/ansible.cfg configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python2.7/site-packages/ansible executable location = /usr/bin/ansible python version = 2.7.5 (default, Feb 20 2018, 09:19:12) [GCC 4.8.5 20150623 (Red Hat 4.8.5-28)] openshift version openshift v3.10.0-0.22.0 kubernetes v1.10.0+b81c8f8 etcd 3.2.16 How reproducible: Always Steps to Reproduce: 1. Install an OCP cluster with 1 master, 1 infra and two compute nodes 2. Install grafana by using the playbook in openshift-ansible ansible-playbook -i inventory openshift-ansible/playbooks/openshift-grafana/config.yml 3. Note the result Actual results: The playbook error's out in the add database step with the following error atal: [ip-172-31-39-238.us-west-2.compute.internal]: FAILED! => {"changed": false, "msg": "Failed to validate the SSL certificate for grafana-openshift-grafana.router.default.svc.cluster.local:443. Make sure your managed systems have a valid CA certificate installed. You can use validate_certs=False if you do not need to confirm the servers identity but this is unsafe and not recommended. Paths checked for this platform: /etc/ssl/certs, /etc/pki/ca-trust/extracted/pem, /etc/pki/tls/certs, /usr/share/ca-certificates/cacert.org, /etc/ansible. The exception msg was: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:579)."} to retry, use: --limit @/root/openshift-ansible/playbooks/openshift-grafana/config.retry Expected results: playbook runs successfully without any error. Additional info: ansible output and the inventory attached.
I'm afraid this problem related to a broken cluster, it looks like we have mixed ca certificates. Siva, could you try it on a fresh cluster?
The issue is due to a url trying to validate certs by default. we should not use certs in this kind of insecure posts. PR were submitted https://github.com/openshift/openshift-ansible/pull/8114
After the fix, install of grafana through the playbook succeeds without any error. And the grafana dashboard is accessible through the app route.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2018:1816