Bug 1667618 - Running example other certificate expiration playbooks are failed due to missing "openshift_is_atomic"
Summary: Running example other certificate expiration playbooks are failed due to miss...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Installer
Version: 3.11.0
Hardware: Unspecified
OS: Unspecified
unspecified
medium
Target Milestone: ---
: 3.11.z
Assignee: Scott Dodson
QA Contact: Gaoyun Pei
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-01-19 02:15 UTC by Daein Park
Modified: 2019-02-20 14:11 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Certain certificate expiry check playbooks did not call properly initialization functions resulting in an error. Those playbooks have been updated to avoid this problem.
Clone Of:
Environment:
Last Closed: 2019-02-20 14:11:02 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Bugzilla 1655183 0 high CLOSED Certificate expiry checks fail when `openshift_is_atomic` is undefined 2024-03-25 15:10:36 UTC
Red Hat Product Errata RHBA-2019:0326 0 None None None 2019-02-20 14:11:07 UTC

Description Daein Park 2019-01-19 02:15:53 UTC
Description of problem:

All the example other certificate expiration playbooks[0] are failed due to missing "openshift_is_atomic" fact as follows.

- related error messages
    ~~~
    fatal: [master1.example.com]: FAILED! => {"msg": "The conditional check 'not openshift_is_atomic | bool' failed. The error was: error while evaluating conditional (not openshift_is_atomic | bool): 'openshift_is_atomic' is undefined\n\nThe error appears to have been in '/usr/share/ansible/openshift-ansible/roles/openshift_certificate_expiry/tasks/main.yml': line 2, column 3, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n---\n- name: Ensure python dateutil library is present\n  ^ here\n"}
    ~~~

- Related Bugzilla: Certificate expiry checks fail when `openshift_is_atomic` is undefined [https://bugzilla.redhat.com/show_bug.cgi?id=1655183]

[0] OTHER EXAMPLE PLAYBOOKS [https://docs.openshift.com/container-platform/3.11/install_config/redeploying_certificates.html#install-config-cert-expiry-running-playbooks]
    ~~~
    - default.yaml
      Produces the default behavior of the openshift_certificate_expiry role.

    - html_and_json_default_paths.yaml
      Generates HTML and JSON artifacts in their default paths.

    - longer_warning_period.yaml
      Changes the expiration warning window to 1500 days.

    - longer-warning-period-json-results.yaml
      Changes the expiration warning window to 1500 days and saves the results as a JSON file.
    ~~~


Version-Release number of the following components:
  rpm -q openshift-ansible
  openshift-ansible-3.11.59-1.git.0.ba8e948.el7.noarch

  rpm -q ansible
  ansible-2.6.5-1.el7ae.noarch

  ansible --version
  ansible 2.6.5
    config file = /usr/share/ansible/openshift-ansible/ansible.cfg
    configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
    ansible python module location = /usr/lib/python2.7/site-packages/ansible
    executable location = /usr/bin/ansible
    python version = 2.7.5 (default, May 31 2018, 09:41:32) [GCC 4.8.5 20150623 (Red Hat 4.8.5-28)]
    
How reproducible:

You can always reproduce to run the all following playbooks.

# ansible-playbook -i init_inventory playbooks/openshift-checks/certificate_expiry/default.yaml 
# ansible-playbook -i init_inventory playbooks/openshift-checks/certificate_expiry/html_and_json_default_paths.yaml
# ansible-playbook -i init_inventory playbooks/openshift-checks/certificate_expiry/longer_warning_period.yaml
# ansible-playbook -i init_inventory playbooks/openshift-checks/certificate_expiry/longer-warning-period-json-results.yaml

Steps to Reproduce:
1.
2.
3.

Actual results:
Please include the entire output from the last TASK line through the end of output if an error is generated

* default.yaml
    ~~~
    root@master # ansible-playbook -i init_inventory playbooks/openshift-checks/certificate_expiry/default.yaml 
    PLAY [Check cert expirys] ***********************************************************************************************************************

    TASK [Gathering Facts] **************************************************************************************************************************
    Saturday 19 January 2019  10:47:36 +0900 (0:00:00.179)       0:00:00.179 ****** 
    ok: [master1.example.com]

    TASK [openshift_certificate_expiry : Ensure python dateutil library is present] *****************************************************************
    Saturday 19 January 2019  10:47:39 +0900 (0:00:03.534)       0:00:03.714 ****** 
    fatal: [master1.example.com]: FAILED! => {"msg": "The conditional check 'not openshift_is_atomic | bool' failed. The error was: error while evaluating conditional (not openshift_is_atomic | bool): 'openshift_is_atomic' is undefined\n\nThe error appears to have been in '/usr/share/ansible/openshift-ansible/roles/openshift_certificate_expiry/tasks/main.yml': line 2, column 3, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n---\n- name: Ensure python dateutil library is present\n  ^ here\n"}

    PLAY RECAP **************************************************************************************************************************************
    master1.example.com   : ok=1    changed=0    unreachable=0    failed=1   

    Saturday 19 January 2019  10:47:39 +0900 (0:00:00.050)       0:00:03.764 ****** 
    =============================================================================== 
    Gathering Facts -------------------------------------------------------------------------------------------------------------------------- 3.54s
    openshift_certificate_expiry : Ensure python dateutil library is present ----------------------------------------------------------------- 0.05s
    ~~~

* html_and_json_default_paths.yaml 
    ~~~
    root@master # ansible-playbook -i init_inventory playbooks/openshift-checks/certificate_expiry/html_and_json_default_paths.yaml 

    PLAY [Check cert expirys] ***********************************************************************************************************************

    TASK [openshift_certificate_expiry : Ensure python dateutil library is present] *****************************************************************
    Saturday 19 January 2019  10:48:18 +0900 (0:00:00.301)       0:00:00.301 ****** 
    fatal: [master1.example.com]: FAILED! => {"msg": "The conditional check 'not openshift_is_atomic | bool' failed. The error was: error while evaluating conditional (not openshift_is_atomic | bool): 'openshift_is_atomic' is undefined\n\nThe error appears to have been in '/usr/share/ansible/openshift-ansible/roles/openshift_certificate_expiry/tasks/main.yml': line 2, column 3, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n---\n- name: Ensure python dateutil library is present\n  ^ here\n"}

    PLAY RECAP **************************************************************************************************************************************
    master1.example.com   : ok=0    changed=0    unreachable=0    failed=1   

    Saturday 19 January 2019  10:48:18 +0900 (0:00:00.043)       0:00:00.345 ****** 
    =============================================================================== 
    openshift_certificate_expiry : Ensure python dateutil library is present ----------------------------------------------------------------- 0.04s
    ~~~

* longer_warning_period.yaml 
    ~~~
    root@master # ansible-playbook -i init_inventory playbooks/openshift-checks/certificate_expiry/longer_warning_period.yaml 

    PLAY [Check cert expirys] ***********************************************************************************************************************

    TASK [openshift_certificate_expiry : Ensure python dateutil library is present] *****************************************************************
    Saturday 19 January 2019  10:49:24 +0900 (0:00:00.250)       0:00:00.250 ****** 
    fatal: [master1.example.com]: FAILED! => {"msg": "The conditional check 'not openshift_is_atomic | bool' failed. The error was: error while evaluating conditional (not openshift_is_atomic | bool): 'openshift_is_atomic' is undefined\n\nThe error appears to have been in '/usr/share/ansible/openshift-ansible/roles/openshift_certificate_expiry/tasks/main.yml': line 2, column 3, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n---\n- name: Ensure python dateutil library is present\n  ^ here\n"}

    PLAY RECAP **************************************************************************************************************************************
    master1.example.com   : ok=0    changed=0    unreachable=0    failed=1   

    Saturday 19 January 2019  10:49:24 +0900 (0:00:00.047)       0:00:00.297 ****** 
    =============================================================================== 
    openshift_certificate_expiry : Ensure python dateutil library is present ----------------------------------------------------------------- 0.05s
    ~~~

* longer-warning-period-json-results.yaml 
    ~~~           
    root@master # ansible-playbook -i init_inventory playbooks/openshift-checks/certificate_expiry/longer-warning-period-json-results.yaml 

    PLAY [Check cert expirys] ***********************************************************************************************************************

    TASK [openshift_certificate_expiry : Ensure python dateutil library is present] *****************************************************************
    Saturday 19 January 2019  10:49:46 +0900 (0:00:00.250)       0:00:00.250 ****** 
    fatal: [master1.example.com]: FAILED! => {"msg": "The conditional check 'not openshift_is_atomic | bool' failed. The error was: error while evaluating conditional (not openshift_is_atomic | bool): 'openshift_is_atomic' is undefined\n\nThe error appears to have been in '/usr/share/ansible/openshift-ansible/roles/openshift_certificate_expiry/tasks/main.yml': line 2, column 3, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n---\n- name: Ensure python dateutil library is present\n  ^ here\n"}

    PLAY RECAP **************************************************************************************************************************************
    master1.example.com   : ok=0    changed=0    unreachable=0    failed=1   

    Saturday 19 January 2019  10:49:46 +0900 (0:00:00.042)       0:00:00.292 ****** 
    =============================================================================== 
    openshift_certificate_expiry : Ensure python dateutil library is present ----------------------------------------------------------------- 0.04s
    ~~~

Expected results:

Generating all the reports successfully after running the related playbools.

Additional info:
Please attach logs from ansible-playbook with the -vvv flag

Comment 3 Gaoyun Pei 2019-02-11 07:03:45 UTC
Verify this bug with openshift-ansible-3.11.82-1.git.0.f29227a.el7.noarch.rpm

Verified the following playbooks under playbooks/openshift-checks/certificate_expiry/ all work well now
default.yaml
easy-mode.yaml
longer_warning_period.yaml
html_and_json_default_paths.yaml
longer-warning-period-json-results.yaml

Comment 5 errata-xmlrpc 2019-02-20 14:11:02 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2019:0326


Note You need to log in before you can comment on or make changes to this bug.