Description of problem: Using custom certificates with an umlaut character (eg, 'Ü') in the address and then running either: ansible-playbook -v playbooks/byo/openshift-cluster/upgrades/v3_11/upgrade_nodes.yml or ansible-playbook -v playbooks/openshift-checks/certificate_expiry/easy-mode.yaml causes the error, UnicodeEncodeError: 'ascii' codec can't encode character u'\\xfc' in position 1: ordinal not in range (128) Version-Release number of the following components: # oc version oc v3.11.59 kubernetes v1.11.0+d4cacc0 features: Basic-Auth GSSAPI Kerberos SPNEGO Server https://master.ocp.internal.adcubum.com:443 openshift v3.11.59 kubernetes v1.11.0+d4cacc0 # rpm -q openshift-ansible openshift-ansible-3.11.59-1.git.0.ba8e948.el7.noarch # rpm -q ansible ansible-2.6.12-1.el7ae.noarch # ansible --version ansible 2.6.12 config file = /etc/ansible/ansible.cfg configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python2.7/site-packages/ansible executable location = /usr/bin/ansible python version = 2.7.5 (default, Sep 12 2018, 05:31:16) [GCC 4.8.5 20150623 (Red Hat 4.8.5-36)] How reproducible: Steps to Reproduce: 1. Create custom cert and enter the address with a character such as 'Ü'. 2. Try running a playbook that parses the certs such as upgrade_nodes.yaml Actual results: PLAY [Check cert expirys] ****************************************************************************************************************** TASK [openshift_certificate_expiry : Ensure python dateutil library is present] ************************************************************ Wednesday 23 January 2019 23:44:00 +0100 (0:00:00.871) 0:00:00.871 ***** ok: [adzh-srlp-on01.intern.cube.ch] => {"changed": false, "msg": "", "rc": 0, "results": ["python-dateutil-1.5-7.el7.noarch providing python-dateutil is already installed"]} ok: [adzh-srlp-on03.intern.cube.ch] => {"changed": false, "msg": "", "rc": 0, "results": ["python-dateutil-1.5-7.el7.noarch providing python-dateutil is already installed"]} ok: [adzh-srlp-on02.intern.cube.ch] => {"changed": false, "msg": "", "rc": 0, "results": ["python-dateutil-1.5-7.el7.noarch providing python-dateutil is already installed"]} ok: [adzh-srlp-om01.intern.cube.ch] => {"changed": false, "msg": "", "rc": 0, "results": ["python-dateutil-1.5-7.el7.noarch providing python-dateutil is already installed"]} ok: [adzh-srlp-on04.intern.cube.ch] => {"changed": false, "msg": "", "rc": 0, "results": ["python-dateutil-1.5-7.el7.noarch providing python-dateutil is already installed"]} ok: [adzh-srlp-om02.intern.cube.ch] => {"changed": false, "msg": "", "rc": 0, "results": ["python-dateutil-1.5-7.el7.noarch providing python-dateutil is already installed"]} ok: [adzh-srlp-on05.intern.cube.ch] => {"changed": false, "msg": "", "rc": 0, "results": ["python-dateutil-1.5-7.el7.noarch providing python-dateutil is already installed"]} ok: [adzh-srlp-om03.intern.cube.ch] => {"changed": false, "msg": "", "rc": 0, "results": ["python-dateutil-1.5-7.el7.noarch providing python-dateutil is already installed"]} ok: [adzh-srlp-oin03.intern.cube.ch] => {"changed": false, "msg": "", "rc": 0, "results": ["python-dateutil-1.5-7.el7.noarch providing python-dateutil is already installed"]} ok: [adzh-srlp-on06.intern.cube.ch] => {"changed": false, "msg": "", "rc": 0, "results": ["python-dateutil-1.5-7.el7.noarch providing python-dateutil is already installed"]} ok: [adzh-srlp-oin01.intern.cube.ch] => {"changed": false, "msg": "", "rc": 0, "results": ["python-dateutil-1.5-7.el7.noarch providing python-dateutil is already installed"]} ok: [adzh-srlp-oin02.intern.cube.ch] => {"changed": false, "msg": "", "rc": 0, "results": ["python-dateutil-1.5-7.el7.noarch providing python-dateutil is already installed"]} ok: [adzh-srlp-on07.intern.cube.ch] => {"changed": false, "msg": "", "rc": 0, "results": ["python-dateutil-1.5-7.el7.noarch providing python-dateutil is already installed"]} ok: [adzh-srlp-oin04.intern.cube.ch] => {"changed": false, "msg": "", "rc": 0, "results": ["python-dateutil-1.5-7.el7.noarch providing python-dateutil is already installed"]} ok: [adzh-srlp-on08.intern.cube.ch] => {"changed": false, "msg": "", "rc": 0, "results": ["python-dateutil-1.5-7.el7.noarch providing python-dateutil is already installed"]} TASK [openshift_certificate_expiry : Check cert expirys on host] *************************************************************************** Wednesday 23 January 2019 23:44:17 +0100 (0:00:17.074) 0:00:17.945 ***** An exception occurred during task execution. To see the full traceback, use -vvv. The error was: UnicodeEncodeError: 'ascii' codec can't encode character u'\xfc' in position 1: ordinal not in range(128) fatal: [adzh-srlp-oin01.intern.cube.ch]: FAILED! => {"changed": false, "module_stderr": "Traceback (most recent call last):\n File \"/tmp/ansible_X3PxoC/ansible_module_openshift_cert_expiry.py\", line 835, in <module>\n main()\n File \"/tmp/ansible_X3PxoC/ansible_module_openshift_cert_expiry.py\", line 549, in main\n cert_serial) = load_and_handle_cert(cert, now, ans_module=module)\n File \"/tmp/ansible_X3PxoC/ansible_module_openshift_cert_expiry.py\", line 292, in load_and_handle_cert\n cert_subjects.append('{}:{}'.format(name, value))\nUnicodeEncodeError: 'ascii' codec can't encode character u'\\xfc' in position 1: ordinal not in range(128)\n", "module_stdout": "", "msg": "MODULE FAILURE", "rc": 1} An exception occurred during task execution. To see the full traceback, use -vvv. The error was: UnicodeEncodeError: 'ascii' codec can't encode character u'\xfc' in position 1: ordinal not in range(128) fatal: [adzh-srlp-oin02.intern.cube.ch]: FAILED! => {"changed": false, "module_stderr": "Traceback (most recent call last):\n File \"/tmp/ansible_0WfLMI/ansible_module_openshift_cert_expiry.py\", line 835, in <module>\n main()\n File \"/tmp/ansible_0WfLMI/ansible_module_openshift_cert_expiry.py\", line 549, in main\n cert_serial) = load_and_handle_cert(cert, now, ans_module=module)\n File \"/tmp/ansible_0WfLMI/ansible_module_openshift_cert_expiry.py\", line 292, in load_and_handle_cert\n cert_subjects.append('{}:{}'.format(name, value))\nUnicodeEncodeError: 'ascii' codec can't encode character u'\\xfc' in position 1: ordinal not in range(128)\n", "module_stdout": "", "msg": "MODULE FAILURE", "rc": 1} An exception occurred during task execution. To see the full traceback, use -vvv. The error was: UnicodeEncodeError: 'ascii' codec can't encode character u'\xfc' in position 1: ordinal not in range(128) fatal: [adzh-srlp-oin03.intern.cube.ch]: FAILED! => {"changed": false, "module_stderr": "Traceback (most recent call last):\n File \"/tmp/ansible_lPSEM2/ansible_module_openshift_cert_expiry.py\", line 835, in <module>\n main()\n File \"/tmp/ansible_lPSEM2/ansible_module_openshift_cert_expiry.py\", line 549, in main\n cert_serial) = load_and_handle_cert(cert, now, ans_module=module)\n File \"/tmp/ansible_lPSEM2/ansible_module_openshift_cert_expiry.py\", line 292, in load_and_handle_cert\n cert_subjects.append('{}:{}'.format(name, value))\nUnicodeEncodeError: 'ascii' codec can't encode character u'\\xfc' in position 1: ordinal not in range(128)\n", "module_stdout": "", "msg": "MODULE FAILURE", "rc": 1} An exception occurred during task execution. To see the full traceback, use -vvv. The error was: UnicodeEncodeError: 'ascii' codec can't encode character u'\xfc' in position 1: ordinal not in range(128) fatal: [adzh-srlp-oin04.intern.cube.ch]: FAILED! => {"changed": false, "module_stderr": "Traceback (most recent call last):\n File \"/tmp/ansible_z9Nxbg/ansible_module_openshift_cert_expiry.py\", line 835, in <module>\n main()\n File \"/tmp/ansible_z9Nxbg/ansible_module_openshift_cert_expiry.py\", line 549, in main\n cert_serial) = load_and_handle_cert(cert, now, ans_module=module)\n File \"/tmp/ansible_z9Nxbg/ansible_module_openshift_cert_expiry.py\", line 292, in load_and_handle_cert\n cert_subjects.append('{}:{}'.format(name, value))\nUnicodeEncodeError: 'ascii' codec can't encode character u'\\xfc' in position 1: ordinal not in range(128)\n", "module_stdout": "", "msg": "MODULE FAILURE", "rc": 1} ok: [adzh-srlp-om02.intern.cube.ch] => {"changed": false, "check_results": {"etcd": [{"cert_cn": "CN:etcd-signer@1513157280", "days_remaining": 1418, "expiry": "2022-12-12 09:29:42", "health": "ok", "path": "/etc/etcd/ca.crt", "serial": 15347044646839665117, "serial_hex": "0xd4fba7cb4ef041ddL"}, {"cert_cn": "CN:adzh-srlp-om02.intern.cube.ch, IP Address:172.22.204.12, DNS:adzh-srlp-om02.intern.cube.ch", "days_remaining": 1418, "expiry": "2022-12-12 09:30:17", "health": "ok", "path": "/etc/etcd/server.crt", "serial": 1, "serial_hex": "0x1"}, {"cert_cn": "CN:adzh-srlp-om02.intern.cube.ch, IP Address:172.22.204.12, DNS:adzh-srlp-om02.intern.cube.ch", "days_remaining": 1418, "expiry": "2022-12-12 09:30:20", "health": "ok", "path": "/etc/etcd/peer.crt", "serial": 6, "serial_hex": "0x6"}], "kubeconfigs": [{"cert_cn": "O:system:cluster-admins, CN:system:admin", "days_remaining": 406, "expiry": "2020-03-05 13:17:06", "health": "ok", "path": "/etc/origin/master/admin.kubeconfig", "serial": 15, "serial_hex": "0xf"}, {"cert_cn": "O:system:masters, O:system:openshift-master, CN:system:openshift-master", "days_remaining": 406, "expiry": "2020-03-05 13:17:28", "health": "ok", "path": "/etc/origin/master/openshift-master.kubeconfig", "serial": 19, "serial_hex": "0x13"}], "meta": {"checked_at_time": "2019-01-23 23:44:18.765518", "show_all": "True", "warn_before_date": "2019-02-22 23:44:18.765518", "warning_days": 30}, "ocp_certs": [{"cert_cn": "CN:10.120.0.1, DNS:adzh-srlp-om02.intern.cube.ch, DNS:kubernetes, DNS:kubernetes.default, DNS:kubernetes.default.svc, DNS:kubernetes.default.svc.cluster.local, DNS:master.ocp.internal.adcubum.com, DNS:mgmt.ocp.internal.adcubum.com, DNS:openshift, DNS:openshift.default, DNS:openshift.default.svc, DNS:openshift.default.svc.cluster.local, DNS:10.120.0.1, DNS:172.22.204.12, IP Address:10.120.0.1, IP Address:172.22.204.12", "days_remaining": 406, "expiry": "2020-03-05 13:17:23", "health": "ok", "path": "/etc/origin/master/master.server.crt", "serial": 17, "serial_hex": "0x11"}, {"cert_cn": "CN:system:master-proxy", "days_remaining": 406, "expiry": "2020-03-05 13:17:05", "health": "ok", "path": "/etc/origin/master/master.proxy-client.crt", "serial": 11, "serial_hex": "0xb"}, {"cert_cn": "O:system:node-admins, CN:system:openshift-node-admin", "days_remaining": 406, "expiry": "2020-03-05 13:17:05", "health": "ok", "path": "/etc/origin/master/master.kubelet-client.crt", "serial": 12, "serial_hex": "0xc"}, {"cert_cn": "CN:adzh-srlp-om02.intern.cube.ch, IP Address:172.22.204.12, DNS:adzh-srlp-om02.intern.cube.ch", "days_remaining": 1418, "expiry": "2022-12-12 09:38:53", "health": "ok", "path": "/etc/origin/master/master.etcd-client.crt", "serial": 8, "serial_hex": "0x8"}, {"cert_cn": "CN:etcd-signer@1513157280", "days_remaining": 1418, "expiry": "2022-12-12 09:29:42", "health": "ok", "path": "/etc/origin/master/master.etcd-ca.crt", "serial": 15347044646839665117, "serial_hex": "0xd4fba7cb4ef041ddL"}, {"cert_cn": "CN:openshift-signer@1519932598", "days_remaining": 1496, "expiry": "2023-02-28 19:29:58", "health": "ok", "path": "/etc/origin/master/ca.crt", "serial": 1, "serial_hex": "0x1"}, {"cert_cn": "CN:openshift-signer@1519932598", "days_remaining": 1496, "expiry": "2023-02-28 19:29:58", "health": "ok", "path": "/etc/origin/node/client-ca.crt", "serial": 1, "serial_hex": "0x1"}, {"cert_cn": "CN:openshift-signer@1519932598", "days_remaining": 1496, "expiry": "2023-02-28 19:29:58", "health": "ok", "path": "/etc/origin/node/client-ca.crt", "serial": 1, "serial_hex": "0x1"}, {"cert_cn": "CN:openshift-service-serving-signer@1520342225", "days_remaining": 1501, "expiry": "2023-03-05 13:17:05", "health": "ok", "path": "/etc/origin/master/service-signer.crt", "serial": 1, "serial_hex": "0x1"}], "registry": [{"cert_cn": "CN:10.120.46.227, DNS:docker-registry-default.ocp.internal.adcubum.com, DNS:docker-registry.default.svc, DNS:docker-registry.default.svc.cluster.local, DNS:10.120.46.227, IP Address:10.120.46.227", "days_remaining": 323, "expiry": "2019-12-13 10:11:43", "health": "ok", "path": "/api/v1/namespaces/default/secrets/registry-certificates", "serial": 40, "serial_hex": "0x28"}], "router": []}, "msg": "Checked 15 total certificates. Expired/Warning/OK: 0/0/15. Warning window: 30 days", "rc": 0, "summary": {"etcd_certificates": 3, "expired": 0, "kubeconfig_certificates": 2, "ok": 15, "registry_certs": 1, "router_certs": 0, "system_certificates": 9, "total": 15, "warning": 0}, "warn_certs": false} ok: [adzh-srlp-om03.intern.cube.ch] => {"changed": false, "check_results": {"etcd": [{"cert_cn": "CN:etcd-signer@1513157280", "days_remaining": 1418, "expiry": "2022-12-12 09:29:42", "health": "ok", "path": "/etc/etcd/ca.crt", "serial": 15347044646839665117, "serial_hex": "0xd4fba7cb4ef041ddL"}, {"cert_cn": "CN:adzh-srlp-om03.intern.cube.ch, IP Address:172.22.204.13, DNS:adzh-srlp-om03.intern.cube.ch", "days_remaining": 1418, "expiry": "2022-12-12 09:30:18", "health": "ok", "path": "/etc/etcd/server.crt", "serial": 3, "serial_hex": "0x3"}, {"cert_cn": "CN:adzh-srlp-om03.intern.cube.ch, IP Address:172.22.204.13, DNS:adzh-srlp-om03.intern.cube.ch", "days_remaining": 1418, "expiry": "2022-12-12 09:30:20", "health": "ok", "path": "/etc/etcd/peer.crt", "serial": 5, "serial_hex": "0x5"}], "kubeconfigs": [{"cert_cn": "O:system:cluster-admins, CN:system:admin", "days_remaining": 406, "expiry": "2020-03-05 13:17:06", "health": "ok", "path": "/etc/origin/master/admin.kubeconfig", "serial": 15, "serial_hex": "0xf"}, {"cert_cn": "O:system:masters, O:system:openshift-master, CN:system:openshift-master", "days_remaining": 406, "expiry": "2020-03-05 13:17:30", "health": "ok", "path": "/etc/origin/master/openshift-master.kubeconfig", "serial": 20, "serial_hex": "0x14"}], "meta": {"checked_at_time": "2019-01-23 23:44:18.765498", "show_all": "True", "warn_before_date": "2019-02-22 23:44:18.765498", "warning_days": 30}, "ocp_certs": [{"cert_cn": "CN:10.120.0.1, DNS:adzh-srlp-om03.intern.cube.ch, DNS:kubernetes, DNS:kubernetes.default, DNS:kubernetes.default.svc, DNS:kubernetes.default.svc.cluster.local, DNS:master.ocp.internal.adcubum.com, DNS:mgmt.ocp.internal.adcubum.com, DNS:openshift, DNS:openshift.default, DNS:openshift.default.svc, DNS:openshift.default.svc.cluster.local, DNS:10.120.0.1, DNS:172.22.204.13, IP Address:10.120.0.1, IP Address:172.22.204.13", "days_remaining": 406, "expiry": "2020-03-05 13:17:26", "health": "ok", "path": "/etc/origin/master/master.server.crt", "serial": 18, "serial_hex": "0x12"}, {"cert_cn": "CN:system:master-proxy", "days_remaining": 406, "expiry": "2020-03-05 13:17:05", "health": "ok", "path": "/etc/origin/master/master.proxy-client.crt", "serial": 11, "serial_hex": "0xb"}, {"cert_cn": "O:system:node-admins, CN:system:openshift-node-admin", "days_remaining": 406, "expiry": "2020-03-05 13:17:05", "health": "ok", "path": "/etc/origin/master/master.kubelet-client.crt", "serial": 12, "serial_hex": "0xc"}, {"cert_cn": "CN:adzh-srlp-om03.intern.cube.ch, IP Address:172.22.204.13, DNS:adzh-srlp-om03.intern.cube.ch", "days_remaining": 1418, "expiry": "2022-12-12 09:38:53", "health": "ok", "path": "/etc/origin/master/master.etcd-client.crt", "serial": 9, "serial_hex": "0x9"}, {"cert_cn": "CN:etcd-signer@1513157280", "days_remaining": 1418, "expiry": "2022-12-12 09:29:42", "health": "ok", "path": "/etc/origin/master/master.etcd-ca.crt", "serial": 15347044646839665117, "serial_hex": "0xd4fba7cb4ef041ddL"}, {"cert_cn": "CN:openshift-signer@1519932598", "days_remaining": 1496, "expiry": "2023-02-28 19:29:58", "health": "ok", "path": "/etc/origin/master/ca.crt", "serial": 1, "serial_hex": "0x1"}, {"cert_cn": "CN:openshift-signer@1519932598", "days_remaining": 1496, "expiry": "2023-02-28 19:29:58", "health": "ok", "path": "/etc/origin/node/client-ca.crt", "serial": 1, "serial_hex": "0x1"}, {"cert_cn": "CN:openshift-signer@1519932598", "days_remaining": 1496, "expiry": "2023-02-28 19:29:58", "health": "ok", "path": "/etc/origin/node/client-ca.crt", "serial": 1, "serial_hex": "0x1"}, {"cert_cn": "CN:openshift-service-serving-signer@1520342225", "days_remaining": 1501, "expiry": "2023-03-05 13:17:05", "health": "ok", "path": "/etc/origin/master/service-signer.crt", "serial": 1, "serial_hex": "0x1"}], "registry": [{"cert_cn": "CN:10.120.46.227, DNS:docker-registry-default.ocp.internal.adcubum.com, DNS:docker-registry.default.svc, DNS:docker-registry.default.svc.cluster.local, DNS:10.120.46.227, IP Address:10.120.46.227", "days_remaining": 323, "expiry": "2019-12-13 10:11:43", "health": "ok", "path": "/api/v1/namespaces/default/secrets/registry-certificates", "serial": 40, "serial_hex": "0x28"}], "router": []}, "msg": "Checked 15 total certificates. Expired/Warning/OK: 0/0/15. Warning window: 30 days", "rc": 0, "summary": {"etcd_certificates": 3, "expired": 0, "kubeconfig_certificates": 2, "ok": 15, "registry_certs": 1, "router_certs": 0, "system_certificates": 9, "total": 15, "warning": 0}, "warn_certs": false} ok: [adzh-srlp-om01.intern.cube.ch] => {"changed": false, "check_results": {"etcd": [{"cert_cn": "CN:etcd-signer@1513157280", "days_remaining": 1418, "expiry": "2022-12-12 09:29:42", "health": "ok", "path": "/etc/etcd/ca.crt", "serial": 15347044646839665117, "serial_hex": "0xd4fba7cb4ef041ddL"}, {"cert_cn": "CN:adzh-srlp-om01.intern.cube.ch, IP Address:172.22.204.26, DNS:adzh-srlp-om01.intern.cube.ch", "days_remaining": 1418, "expiry": "2022-12-12 09:30:17", "health": "ok", "path": "/etc/etcd/server.crt", "serial": 2, "serial_hex": "0x2"}, {"cert_cn": "CN:adzh-srlp-om01.intern.cube.ch, IP Address:172.22.204.26, DNS:adzh-srlp-om01.intern.cube.ch", "days_remaining": 1418, "expiry": "2022-12-12 09:30:20", "health": "ok", "path": "/etc/etcd/peer.crt", "serial": 4, "serial_hex": "0x4"}], "kubeconfigs": [{"cert_cn": "O:system:cluster-admins, CN:system:admin", "days_remaining": 406, "expiry": "2020-03-05 13:17:06", "health": "ok", "path": "/etc/origin/master/admin.kubeconfig", "serial": 15, "serial_hex": "0xf"}, {"cert_cn": "O:system:masters, O:system:openshift-master, CN:system:openshift-master", "days_remaining": 406, "expiry": "2020-03-05 13:17:10", "health": "ok", "path": "/etc/origin/master/openshift-master.kubeconfig", "serial": 16, "serial_hex": "0x10"}], "meta": {"checked_at_time": "2019-01-23 23:44:18.782321", "show_all": "True", "warn_before_date": "2019-02-22 23:44:18.782321", "warning_days": 30}, "ocp_certs": [{"cert_cn": "CN:10.120.0.1, DNS:adzh-srlp-om01.intern.cube.ch, DNS:kubernetes, DNS:kubernetes.default, DNS:kubernetes.default.svc, DNS:kubernetes.default.svc.cluster.local, DNS:master.ocp.internal.adcubum.com, DNS:mgmt.ocp.internal.adcubum.com, DNS:openshift, DNS:openshift.default, DNS:openshift.default.svc, DNS:openshift.default.svc.cluster.local, DNS:10.120.0.1, DNS:172.22.204.26, IP Address:10.120.0.1, IP Address:172.22.204.26", "days_remaining": 406, "expiry": "2020-03-05 13:17:05", "health": "ok", "path": "/etc/origin/master/master.server.crt", "serial": 10, "serial_hex": "0xa"}, {"cert_cn": "CN:system:master-proxy", "days_remaining": 406, "expiry": "2020-03-05 13:17:05", "health": "ok", "path": "/etc/origin/master/master.proxy-client.crt", "serial": 11, "serial_hex": "0xb"}, {"cert_cn": "O:system:node-admins, CN:system:openshift-node-admin", "days_remaining": 406, "expiry": "2020-03-05 13:17:05", "health": "ok", "path": "/etc/origin/master/master.kubelet-client.crt", "serial": 12, "serial_hex": "0xc"}, {"cert_cn": "CN:adzh-srlp-om01.intern.cube.ch, IP Address:172.22.204.26, DNS:adzh-srlp-om01.intern.cube.ch", "days_remaining": 1418, "expiry": "2022-12-12 09:38:53", "health": "ok", "path": "/etc/origin/master/master.etcd-client.crt", "serial": 7, "serial_hex": "0x7"}, {"cert_cn": "CN:etcd-signer@1513157280", "days_remaining": 1418, "expiry": "2022-12-12 09:29:42", "health": "ok", "path": "/etc/origin/master/master.etcd-ca.crt", "serial": 15347044646839665117, "serial_hex": "0xd4fba7cb4ef041ddL"}, {"cert_cn": "CN:openshift-signer@1519932598", "days_remaining": 1496, "expiry": "2023-02-28 19:29:58", "health": "ok", "path": "/etc/origin/master/ca.crt", "serial": 1, "serial_hex": "0x1"}, {"cert_cn": "CN:openshift-signer@1519932598", "days_remaining": 1496, "expiry": "2023-02-28 19:29:58", "health": "ok", "path": "/etc/origin/node/client-ca.crt", "serial": 1, "serial_hex": "0x1"}, {"cert_cn": "CN:openshift-signer@1519932598", "days_remaining": 1496, "expiry": "2023-02-28 19:29:58", "health": "ok", "path": "/etc/origin/node/client-ca.crt", "serial": 1, "serial_hex": "0x1"}, {"cert_cn": "CN:openshift-service-serving-signer@1520342225", "days_remaining": 1501, "expiry": "2023-03-05 13:17:05", "health": "ok", "path": "/etc/origin/master/service-signer.crt", "serial": 1, "serial_hex": "0x1"}], "registry": [{"cert_cn": "CN:10.120.46.227, DNS:docker-registry-default.ocp.internal.adcubum.com, DNS:docker-registry.default.svc, DNS:docker-registry.default.svc.cluster.local, DNS:10.120.46.227, IP Address:10.120.46.227", "days_remaining": 323, "expiry": "2019-12-13 10:11:43", "health": "ok", "path": "/api/v1/namespaces/default/secrets/registry-certificates", "serial": 40, "serial_hex": "0x28"}], "router": []}, "msg": "Checked 15 total certificates. Expired/Warning/OK: 0/0/15. Warning window: 30 days", "rc": 0, "summary": {"etcd_certificates": 3, "expired": 0, "kubeconfig_certificates": 2, "ok": 15, "registry_certs": 1, "router_certs": 0, "system_certificates": 9, "total": 15, "warning": 0}, "warn_certs": false} An exception occurred during task execution. To see the full traceback, use -vvv. The error was: UnicodeEncodeError: 'ascii' codec can't encode character u'\xfc' in position 1: ordinal not in range(128) fatal: [adzh-srlp-on01.intern.cube.ch]: FAILED! => {"changed": false, "module_stderr": "Traceback (most recent call last):\n File \"/tmp/ansible_HxqIkv/ansible_module_openshift_cert_expiry.py\", line 835, in <module>\n main()\n File \"/tmp/ansible_HxqIkv/ansible_module_openshift_cert_expiry.py\", line 549, in main\n cert_serial) = load_and_handle_cert(cert, now, ans_module=module)\n File \"/tmp/ansible_HxqIkv/ansible_module_openshift_cert_expiry.py\", line 292, in load_and_handle_cert\n cert_subjects.append('{}:{}'.format(name, value))\nUnicodeEncodeError: 'ascii' codec can't encode character u'\\xfc' in position 1: ordinal not in range(128)\n", "module_stdout": "", "msg": "MODULE FAILURE", "rc": 1} An exception occurred during task execution. To see the full traceback, use -vvv. The error was: UnicodeEncodeError: 'ascii' codec can't encode character u'\xfc' in position 1: ordinal not in range(128) fatal: [adzh-srlp-on02.intern.cube.ch]: FAILED! => {"changed": false, "module_stderr": "Traceback (most recent call last):\n File \"/tmp/ansible_QvNG66/ansible_module_openshift_cert_expiry.py\", line 835, in <module>\n main()\n File \"/tmp/ansible_QvNG66/ansible_module_openshift_cert_expiry.py\", line 549, in main\n cert_serial) = load_and_handle_cert(cert, now, ans_module=module)\n File \"/tmp/ansible_QvNG66/ansible_module_openshift_cert_expiry.py\", line 292, in load_and_handle_cert\n cert_subjects.append('{}:{}'.format(name, value))\nUnicodeEncodeError: 'ascii' codec can't encode character u'\\xfc' in position 1: ordinal not in range(128)\n", "module_stdout": "", "msg": "MODULE FAILURE", "rc": 1} An exception occurred during task execution. To see the full traceback, use -vvv. The error was: UnicodeEncodeError: 'ascii' codec can't encode character u'\xfc' in position 1: ordinal not in range(128) fatal: [adzh-srlp-on03.intern.cube.ch]: FAILED! => {"changed": false, "module_stderr": "Traceback (most recent call last):\n File \"/tmp/ansible_fLF3lS/ansible_module_openshift_cert_expiry.py\", line 835, in <module>\n main()\n File \"/tmp/ansible_fLF3lS/ansible_module_openshift_cert_expiry.py\", line 549, in main\n cert_serial) = load_and_handle_cert(cert, now, ans_module=module)\n File \"/tmp/ansible_fLF3lS/ansible_module_openshift_cert_expiry.py\", line 292, in load_and_handle_cert\n cert_subjects.append('{}:{}'.format(name, value))\nUnicodeEncodeError: 'ascii' codec can't encode character u'\\xfc' in position 1: ordinal not in range(128)\n", "module_stdout": "", "msg": "MODULE FAILURE", "rc": 1} An exception occurred during task execution. To see the full traceback, use -vvv. The error was: UnicodeEncodeError: 'ascii' codec can't encode character u'\xfc' in position 1: ordinal not in range(128) fatal: [adzh-srlp-on04.intern.cube.ch]: FAILED! => {"changed": false, "module_stderr": "Traceback (most recent call last):\n File \"/tmp/ansible_0oIs2J/ansible_module_openshift_cert_expiry.py\", line 835, in <module>\n main()\n File \"/tmp/ansible_0oIs2J/ansible_module_openshift_cert_expiry.py\", line 549, in main\n cert_serial) = load_and_handle_cert(cert, now, ans_module=module)\n File \"/tmp/ansible_0oIs2J/ansible_module_openshift_cert_expiry.py\", line 292, in load_and_handle_cert\n cert_subjects.append('{}:{}'.format(name, value))\nUnicodeEncodeError: 'ascii' codec can't encode character u'\\xfc' in position 1: ordinal not in range(128)\n", "module_stdout": "", "msg": "MODULE FAILURE", "rc": 1} An exception occurred during task execution. To see the full traceback, use -vvv. The error was: UnicodeEncodeError: 'ascii' codec can't encode character u'\xfc' in position 1: ordinal not in range(128) fatal: [adzh-srlp-on05.intern.cube.ch]: FAILED! => {"changed": false, "module_stderr": "Traceback (most recent call last):\n File \"/tmp/ansible_7g2Klk/ansible_module_openshift_cert_expiry.py\", line 835, in <module>\n main()\n File \"/tmp/ansible_7g2Klk/ansible_module_openshift_cert_expiry.py\", line 549, in main\n cert_serial) = load_and_handle_cert(cert, now, ans_module=module)\n File \"/tmp/ansible_7g2Klk/ansible_module_openshift_cert_expiry.py\", line 292, in load_and_handle_cert\n cert_subjects.append('{}:{}'.format(name, value))\nUnicodeEncodeError: 'ascii' codec can't encode character u'\\xfc' in position 1: ordinal not in range(128)\n", "module_stdout": "", "msg": "MODULE FAILURE", "rc": 1} An exception occurred during task execution. To see the full traceback, use -vvv. The error was: UnicodeEncodeError: 'ascii' codec can't encode character u'\xfc' in position 1: ordinal not in range(128) fatal: [adzh-srlp-on06.intern.cube.ch]: FAILED! => {"changed": false, "module_stderr": "Traceback (most recent call last):\n File \"/tmp/ansible_rcYxUa/ansible_module_openshift_cert_expiry.py\", line 835, in <module>\n main()\n File \"/tmp/ansible_rcYxUa/ansible_module_openshift_cert_expiry.py\", line 549, in main\n cert_serial) = load_and_handle_cert(cert, now, ans_module=module)\n File \"/tmp/ansible_rcYxUa/ansible_module_openshift_cert_expiry.py\", line 292, in load_and_handle_cert\n cert_subjects.append('{}:{}'.format(name, value))\nUnicodeEncodeError: 'ascii' codec can't encode character u'\\xfc' in position 1: ordinal not in range(128)\n", "module_stdout": "", "msg": "MODULE FAILURE", "rc": 1} An exception occurred during task execution. To see the full traceback, use -vvv. The error was: UnicodeEncodeError: 'ascii' codec can't encode character u'\xfc' in position 1: ordinal not in range(128) fatal: [adzh-srlp-on07.intern.cube.ch]: FAILED! => {"changed": false, "module_stderr": "Traceback (most recent call last):\n File \"/tmp/ansible_6I8d1u/ansible_module_openshift_cert_expiry.py\", line 835, in <module>\n main()\n File \"/tmp/ansible_6I8d1u/ansible_module_openshift_cert_expiry.py\", line 549, in main\n cert_serial) = load_and_handle_cert(cert, now, ans_module=module)\n File \"/tmp/ansible_6I8d1u/ansible_module_openshift_cert_expiry.py\", line 292, in load_and_handle_cert\n cert_subjects.append('{}:{}'.format(name, value))\nUnicodeEncodeError: 'ascii' codec can't encode character u'\\xfc' in position 1: ordinal not in range(128)\n", "module_stdout": "", "msg": "MODULE FAILURE", "rc": 1} An exception occurred during task execution. To see the full traceback, use -vvv. The error was: UnicodeEncodeError: 'ascii' codec can't encode character u'\xfc' in position 1: ordinal not in range(128) fatal: [adzh-srlp-on08.intern.cube.ch]: FAILED! => {"changed": false, "module_stderr": "Traceback (most recent call last):\n File \"/tmp/ansible_9iLyqM/ansible_module_openshift_cert_expiry.py\", line 835, in <module>\n main()\n File \"/tmp/ansible_9iLyqM/ansible_module_openshift_cert_expiry.py\", line 549, in main\n cert_serial) = load_and_handle_cert(cert, now, ans_module=module)\n File \"/tmp/ansible_9iLyqM/ansible_module_openshift_cert_expiry.py\", line 292, in load_and_handle_cert\n cert_subjects.append('{}:{}'.format(name, value))\nUnicodeEncodeError: 'ascii' codec can't encode character u'\\xfc' in position 1: ordinal not in range(128)\n", "module_stdout": "", "msg": "MODULE FAILURE", "rc": 1} TASK [openshift_certificate_expiry : Generate expiration report HTML] ********************************************************************** Wednesday 23 January 2019 23:44:27 +0100 (0:00:10.119) 0:00:28.065 ***** changed: [adzh-srlp-om01.intern.cube.ch -> localhost] => {"changed": true, "checksum": "8775431fb17026f7f7737869476601a910976ef5", "dest": "/root/cert-expiry-report.20190123T233900.html", "gid": 0, "group": "root", "md5sum": "fe11d05bcecefaeaea4d9dc1aea1359f", "mode": "0644", "owner": "root", "secontext": "system_u:object_r:admin_home_t:s0", "size": 33083, "src": "/root/.ansible/tmp/ansible-tmp-1548283468.04-69839707792186/source", "state": "file", "uid": 0} TASK [openshift_certificate_expiry : Generate results JSON file] *************************************************************************** Wednesday 23 January 2019 23:44:32 +0100 (0:00:04.345) 0:00:32.410 ***** changed: [adzh-srlp-om01.intern.cube.ch -> localhost] => {"changed": true, "checksum": "000cf7f8122aa28a45e3bb59a102d6451a64d11b", "dest": "/root/cert-expiry-report.20190123T233900.json", "gid": 0, "group": "root", "md5sum": "5e7aa5588de23cbabc16d4a1a42561fd", "mode": "0644", "owner": "root", "secontext": "system_u:object_r:admin_home_t:s0", "size": 17186, "src": "/root/.ansible/tmp/ansible-tmp-1548283474.82-268778120035438/source", "state": "file", "uid": 0} TASK [openshift_certificate_expiry : Fail when certs are near or already expired] ********************************************************** Wednesday 23 January 2019 23:44:37 +0100 (0:00:05.373) 0:00:37.784 ***** skipping: [adzh-srlp-om01.intern.cube.ch] => {"changed": false, "skip_reason": "Conditional result was False"} skipping: [adzh-srlp-om02.intern.cube.ch] => {"changed": false, "skip_reason": "Conditional result was False"} skipping: [adzh-srlp-om03.intern.cube.ch] => {"changed": false, "skip_reason": "Conditional result was False"} PLAY RECAP ********************************************************************************************************************************* adzh-srlp-oin01.intern.cube.ch : ok=1 changed=0 unreachable=0 failed=1 adzh-srlp-oin02.intern.cube.ch : ok=1 changed=0 unreachable=0 failed=1 adzh-srlp-oin03.intern.cube.ch : ok=1 changed=0 unreachable=0 failed=1 adzh-srlp-oin04.intern.cube.ch : ok=1 changed=0 unreachable=0 failed=1 adzh-srlp-om01.intern.cube.ch : ok=4 changed=2 unreachable=0 failed=0 adzh-srlp-om02.intern.cube.ch : ok=2 changed=0 unreachable=0 failed=0 adzh-srlp-om03.intern.cube.ch : ok=2 changed=0 unreachable=0 failed=0 adzh-srlp-on01.intern.cube.ch : ok=1 changed=0 unreachable=0 failed=1 adzh-srlp-on02.intern.cube.ch : ok=1 changed=0 unreachable=0 failed=1 adzh-srlp-on03.intern.cube.ch : ok=1 changed=0 unreachable=0 failed=1 adzh-srlp-on04.intern.cube.ch : ok=1 changed=0 unreachable=0 failed=1 adzh-srlp-on05.intern.cube.ch : ok=1 changed=0 unreachable=0 failed=1 adzh-srlp-on06.intern.cube.ch : ok=1 changed=0 unreachable=0 failed=1 adzh-srlp-on07.intern.cube.ch : ok=1 changed=0 unreachable=0 failed=1 adzh-srlp-on08.intern.cube.ch : ok=1 changed=0 unreachable=0 failed=1 Wednesday 23 January 2019 23:44:38 +0100 (0:00:00.561) 0:00:38.346 ***** =============================================================================== openshift_certificate_expiry : Ensure python dateutil library is present ----------------------------------------------------------- 17.07s openshift_certificate_expiry : Check cert expirys on host -------------------------------------------------------------------------- 10.12s openshift_certificate_expiry : Generate results JSON file --------------------------------------- Expected results: No unicode errors. Additional info: The hosts that succeeded are using certs with no umlaut in the address.
PR with a possible fix - https://github.com/openshift/openshift-ansible/pull/11094
Could reproduce this bug with previous version openshift-ansible, such as openshift-ansible-3.11.69-1 1. Replace openshift CA file with a certificate with unicode symbols in CN [root@gpei-preserve-ansible-slave ~]# openssl x509 -in www.test.com.cert.pem -subject -noout subject= /C=GB/ST=England/O=Alice Ltd/CN=\xC3\x83\xC2\x9C-test Add openshift_master_ca_certificate={'certfile': '/root/www.test.com.cert.pem', 'keyfile':'/root/www.test.com.key.pem'} in anssible inventory file Run playbooks/openshift-master/redeploy-openshift-ca.yml 2. After CA file updated, run ansible-playbook -v playbooks/openshift-checks/certificate_expiry/easy-mode.yaml TASK [openshift_certificate_expiry : Check cert expirys on host] ************************************************************************************************************ fatal: [ec2-3-92-240-125.compute-1.amazonaws.com]: FAILED! => {"changed": false, "module_stderr": "Shared connection to ec2-3-92-240-125.compute-1.amazonaws.com closed.\r\n", "module_stdout": "Traceback (most recent call last):\r\n File \"/root/.ansible/tmp/ansible-tmp-1549941562.6-43432922140505/AnsiballZ_openshift_cert_expiry.py\", line 113, in <module>\r\n _ansiballz_main()\r\n File \"/root/.ansible/tmp/ansible-tmp-1549941562.6-43432922140505/AnsiballZ_openshift_cert_expiry.py\", line 105, in _ansiballz_main\r\n invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)\r\n File \"/root/.ansible/tmp/ansible-tmp-1549941562.6-43432922140505/AnsiballZ_openshift_cert_expiry.py\", line 48, in invoke_module\r\n imp.load_module('__main__', mod, module, MOD_DESC)\r\n File \"/tmp/ansible_openshift_cert_expiry_payload_xlcguU/__main__.py\", line 835, in <module>\r\n File \"/tmp/ansible_openshift_cert_expiry_payload_xlcguU/__main__.py\", line 549, in main\r\n File \"/tmp/ansible_openshift_cert_expiry_payload_xlcguU/__main__.py\", line 292, in load_and_handle_cert\r\nUnicodeEncodeError: 'ascii' codec can't encode characters in position 0-1: ordinal not in range(128)\r\n", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 1} With openshift-ansible-3.11.82-1.git.0.f29227a.el7, no such issue, move bug to verified.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2019:0326