Hide Forgot
Description of problem: All the example other certificate expiration playbooks[0] are failed due to missing "openshift_is_atomic" fact as follows. - related error messages ~~~ fatal: [master1.example.com]: FAILED! => {"msg": "The conditional check 'not openshift_is_atomic | bool' failed. The error was: error while evaluating conditional (not openshift_is_atomic | bool): 'openshift_is_atomic' is undefined\n\nThe error appears to have been in '/usr/share/ansible/openshift-ansible/roles/openshift_certificate_expiry/tasks/main.yml': line 2, column 3, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n---\n- name: Ensure python dateutil library is present\n ^ here\n"} ~~~ - Related Bugzilla: Certificate expiry checks fail when `openshift_is_atomic` is undefined [https://bugzilla.redhat.com/show_bug.cgi?id=1655183] [0] OTHER EXAMPLE PLAYBOOKS [https://docs.openshift.com/container-platform/3.11/install_config/redeploying_certificates.html#install-config-cert-expiry-running-playbooks] ~~~ - default.yaml Produces the default behavior of the openshift_certificate_expiry role. - html_and_json_default_paths.yaml Generates HTML and JSON artifacts in their default paths. - longer_warning_period.yaml Changes the expiration warning window to 1500 days. - longer-warning-period-json-results.yaml Changes the expiration warning window to 1500 days and saves the results as a JSON file. ~~~ Version-Release number of the following components: rpm -q openshift-ansible openshift-ansible-3.11.59-1.git.0.ba8e948.el7.noarch rpm -q ansible ansible-2.6.5-1.el7ae.noarch ansible --version ansible 2.6.5 config file = /usr/share/ansible/openshift-ansible/ansible.cfg configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python2.7/site-packages/ansible executable location = /usr/bin/ansible python version = 2.7.5 (default, May 31 2018, 09:41:32) [GCC 4.8.5 20150623 (Red Hat 4.8.5-28)] How reproducible: You can always reproduce to run the all following playbooks. # ansible-playbook -i init_inventory playbooks/openshift-checks/certificate_expiry/default.yaml # ansible-playbook -i init_inventory playbooks/openshift-checks/certificate_expiry/html_and_json_default_paths.yaml # ansible-playbook -i init_inventory playbooks/openshift-checks/certificate_expiry/longer_warning_period.yaml # ansible-playbook -i init_inventory playbooks/openshift-checks/certificate_expiry/longer-warning-period-json-results.yaml Steps to Reproduce: 1. 2. 3. Actual results: Please include the entire output from the last TASK line through the end of output if an error is generated * default.yaml ~~~ root@master # ansible-playbook -i init_inventory playbooks/openshift-checks/certificate_expiry/default.yaml PLAY [Check cert expirys] *********************************************************************************************************************** TASK [Gathering Facts] ************************************************************************************************************************** Saturday 19 January 2019 10:47:36 +0900 (0:00:00.179) 0:00:00.179 ****** ok: [master1.example.com] TASK [openshift_certificate_expiry : Ensure python dateutil library is present] ***************************************************************** Saturday 19 January 2019 10:47:39 +0900 (0:00:03.534) 0:00:03.714 ****** fatal: [master1.example.com]: FAILED! => {"msg": "The conditional check 'not openshift_is_atomic | bool' failed. The error was: error while evaluating conditional (not openshift_is_atomic | bool): 'openshift_is_atomic' is undefined\n\nThe error appears to have been in '/usr/share/ansible/openshift-ansible/roles/openshift_certificate_expiry/tasks/main.yml': line 2, column 3, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n---\n- name: Ensure python dateutil library is present\n ^ here\n"} PLAY RECAP ************************************************************************************************************************************** master1.example.com : ok=1 changed=0 unreachable=0 failed=1 Saturday 19 January 2019 10:47:39 +0900 (0:00:00.050) 0:00:03.764 ****** =============================================================================== Gathering Facts -------------------------------------------------------------------------------------------------------------------------- 3.54s openshift_certificate_expiry : Ensure python dateutil library is present ----------------------------------------------------------------- 0.05s ~~~ * html_and_json_default_paths.yaml ~~~ root@master # ansible-playbook -i init_inventory playbooks/openshift-checks/certificate_expiry/html_and_json_default_paths.yaml PLAY [Check cert expirys] *********************************************************************************************************************** TASK [openshift_certificate_expiry : Ensure python dateutil library is present] ***************************************************************** Saturday 19 January 2019 10:48:18 +0900 (0:00:00.301) 0:00:00.301 ****** fatal: [master1.example.com]: FAILED! => {"msg": "The conditional check 'not openshift_is_atomic | bool' failed. The error was: error while evaluating conditional (not openshift_is_atomic | bool): 'openshift_is_atomic' is undefined\n\nThe error appears to have been in '/usr/share/ansible/openshift-ansible/roles/openshift_certificate_expiry/tasks/main.yml': line 2, column 3, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n---\n- name: Ensure python dateutil library is present\n ^ here\n"} PLAY RECAP ************************************************************************************************************************************** master1.example.com : ok=0 changed=0 unreachable=0 failed=1 Saturday 19 January 2019 10:48:18 +0900 (0:00:00.043) 0:00:00.345 ****** =============================================================================== openshift_certificate_expiry : Ensure python dateutil library is present ----------------------------------------------------------------- 0.04s ~~~ * longer_warning_period.yaml ~~~ root@master # ansible-playbook -i init_inventory playbooks/openshift-checks/certificate_expiry/longer_warning_period.yaml PLAY [Check cert expirys] *********************************************************************************************************************** TASK [openshift_certificate_expiry : Ensure python dateutil library is present] ***************************************************************** Saturday 19 January 2019 10:49:24 +0900 (0:00:00.250) 0:00:00.250 ****** fatal: [master1.example.com]: FAILED! => {"msg": "The conditional check 'not openshift_is_atomic | bool' failed. The error was: error while evaluating conditional (not openshift_is_atomic | bool): 'openshift_is_atomic' is undefined\n\nThe error appears to have been in '/usr/share/ansible/openshift-ansible/roles/openshift_certificate_expiry/tasks/main.yml': line 2, column 3, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n---\n- name: Ensure python dateutil library is present\n ^ here\n"} PLAY RECAP ************************************************************************************************************************************** master1.example.com : ok=0 changed=0 unreachable=0 failed=1 Saturday 19 January 2019 10:49:24 +0900 (0:00:00.047) 0:00:00.297 ****** =============================================================================== openshift_certificate_expiry : Ensure python dateutil library is present ----------------------------------------------------------------- 0.05s ~~~ * longer-warning-period-json-results.yaml ~~~ root@master # ansible-playbook -i init_inventory playbooks/openshift-checks/certificate_expiry/longer-warning-period-json-results.yaml PLAY [Check cert expirys] *********************************************************************************************************************** TASK [openshift_certificate_expiry : Ensure python dateutil library is present] ***************************************************************** Saturday 19 January 2019 10:49:46 +0900 (0:00:00.250) 0:00:00.250 ****** fatal: [master1.example.com]: FAILED! => {"msg": "The conditional check 'not openshift_is_atomic | bool' failed. The error was: error while evaluating conditional (not openshift_is_atomic | bool): 'openshift_is_atomic' is undefined\n\nThe error appears to have been in '/usr/share/ansible/openshift-ansible/roles/openshift_certificate_expiry/tasks/main.yml': line 2, column 3, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n---\n- name: Ensure python dateutil library is present\n ^ here\n"} PLAY RECAP ************************************************************************************************************************************** master1.example.com : ok=0 changed=0 unreachable=0 failed=1 Saturday 19 January 2019 10:49:46 +0900 (0:00:00.042) 0:00:00.292 ****** =============================================================================== openshift_certificate_expiry : Ensure python dateutil library is present ----------------------------------------------------------------- 0.04s ~~~ Expected results: Generating all the reports successfully after running the related playbools. Additional info: Please attach logs from ansible-playbook with the -vvv flag
Verify this bug with openshift-ansible-3.11.82-1.git.0.f29227a.el7.noarch.rpm Verified the following playbooks under playbooks/openshift-checks/certificate_expiry/ all work well now default.yaml easy-mode.yaml longer_warning_period.yaml html_and_json_default_paths.yaml longer-warning-period-json-results.yaml
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2019:0326