Description of problem: If the current context for openshift-master.kubeconfig changes, an upgrade is run the Task set_loopback_context.yml will be called which will end up correcting the context but it changes the the context user reference to the wrong value. Version-Release number of selected component (if applicable): 3.11 How reproducible: 100% Steps to Reproduce: 1. Change the project when using the openshift-master.kubeconfig # oc project proxytest --config=/etc/origin/master/openshift-master.kubeconfig 2. Run update playbook Actual results: openshift-master.kubeconfig gets a context created with a user that has a name of "system:openshift-master/CLUSTER_HOSTNAME:API_PORT" Expected results: openshift-master.kubeconfig gets a context created with a user that has a name of "system:openshift-master/MASTER_HOSTNAME:API_PORT" matching the user already created for that kubeconfig. Additional info: https://github.com/openshift/openshift-ansible/issues/11158
During the install this task is run and overwrite openshift-master.kubeconfig to use openshift.master.loopback_api_url https://github.com/openshift/openshift-ansible/blob/release-3.11/roles/openshift_master_certificates/tasks/main.yml#L77-L78 Then this task during the update would change it to use openshift.master.loopback_user which is build using: "system:openshift-master/{0}:{1}".format(api_hostname, ports['api']).replace('.', '-') https://github.com/openshift/openshift-ansible/blob/release-3.11/roles/openshift_control_plane/tasks/set_loopback_context.yml#L22
Same as bug 1467775 where this would fix the issue: https://github.com/openshift/openshift-ansible/pull/10325/files
Created PR for 3.11 branch: https://github.com/openshift/openshift-ansible/pull/11169
Merged https://github.com/openshift/openshift-ansible/pull/11169
In build openshift-ansible-3.11.93-1
Recreate with openshift-ansible-3.11.82-1.git.0.f29227a.el7.noarch.rpm: 1. Install HA env 2. Change project: # oc project lgproj --config=/etc/origin/master/openshift-master.kubeconfig 3. Check openshift-master.kubeconfig: - context: cluster: qe-geliu311old2master-etcd-1:443 namespace: lgproj user: system:openshift-master/qe-geliu311old2master-etcd-1:443 name: lgproj/qe-geliu311old2master-etcd-1:443/system:openshift-master 4. run upgrade.yaml playbook, 5. Check openshift-master.kubeconfig again: - context: cluster: qe-geliu311old2master-etcd-1:443 namespace: default user: system:openshift-master/qe-geliu311old2lb-1:443 name: default/qe-geliu311old2master-etcd-1:443/system:openshift-master Verified with openshift-ansible-3.11.98-1.git.0.3cfa7c3.el7.noarch.rpm: Before run upgrade: - context: cluster: qe-geliu311master-etcd-1:443 namespace: default user: system:openshift-master/qe-geliu311master-etcd-1:443 name: default/qe-geliu311master-etcd-1:443/system:openshift-master after run upgrade: - context: cluster: qe-geliu311master-etcd-1:443 namespace: default user: system:openshift-master/qe-geliu311master-etcd-1:443 name: default/qe-geliu311master-etcd-1:443/system:openshift-master there is not unexpected change for user: system:openshift-master/qe-geliu311master-etcd-1:443
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2019:0636