Bug 1708552 - Cisco ACI support in 3.11
Summary: Cisco ACI support in 3.11
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Installer
Version: 3.11.0
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: ---
: 3.11.z
Assignee: Russell Teague
QA Contact: Marc Curry
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-05-10 08:13 UTC by Juan Luis de Sousa-Valadas
Modified: 2019-10-24 15:46 UTC (History)
8 users (show)

Fixed In Version:
Doc Type: Enhancement
Doc Text:
Feature: Install Cisco ACI CNI plugin Result: Allows the user to use the Cisco ACI CNI plugin Ref: https://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/kb/b_Cisco_ACI_and_OpenShift_Integration.html
Clone Of:
Environment:
Last Closed: 2019-06-26 09:08:11 UTC
Target Upstream Version:
jdesousa: needinfo-


Attachments (Terms of Use)
Requested deployment file (16.71 KB, text/plain)
2019-06-18 19:37 UTC, Mike Cohen
no flags Details


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2019:1605 None None None 2019-06-26 09:08:20 UTC

Description Juan Luis de Sousa-Valadas 2019-05-10 08:13:53 UTC
Description of problem:
My customer needs cisco ACI integrated in the installer.

This is merged in upstream:
* 19f401159 (tag: openshift-ansible-3.11.112-1) Automatic commit of package [openshift-ansible] release [3.11.112-1].
[...]
* |   f444e84f0 Merge pull request #11568 from noironetworks/aci-release-3.11
|\ \  
| * | 4340af6a3 Fix typo in Cisco ACI roles
[...]
* |   c8656b0f4 Merge pull request #11507 from noironetworks/release-3.11

So the request is:
1- Create an RHBA for openshift-ansible 3.11.112-1 or newer so that we can track this from support
2- If possible, an ETA

Version-Release number of the following components:
openshift-ansible-3.11.112-1

How reproducible:
N/A

Steps to Reproduce:
N/A

Actual results:
N/A

Expected results:

Additional info:
The customer also requested the same for 3.10: https://bugzilla.redhat.com/show_bug.cgi?id=1708197
Curently their upgrade is blocked.

Comment 1 Russell Teague 2019-05-10 14:58:37 UTC
This feature is already merged but needs testing.
openshift-ansible-3.11.112-1 and newer

Comment 3 zhaozhanqi 2019-06-14 10:00:01 UTC
this bug need the 'aci_deployment_yaml_file' when installing the cisco network cni. which need to use the 'acc-provision' tool to generate that.When I was trying to download the tool from cisco.com. it need 'Contract Number' or 'Product Serial Number'. So I do not have a way to download it.

Assign this bug to reporter

Juan Luis de Sousa-Valadas  could you help verified this bug?

Comment 4 Juan Luis de Sousa-Valadas 2019-06-14 10:16:01 UTC
No, I can't because I don't have access either.
I just got the requirement from a customer throguh the customer portal saying they need this.

I'll assign it to Marc Curry to see if he can help. My understanding the partner, cisco, should do this.

Copying the same messae for the 3.11 branch

Comment 6 Mike Cohen 2019-06-18 16:16:11 UTC
No problem, I can send you the aci deployment file. Do you have ACI or are you using it without ACI. I was also told you need acc_provision utility, you can use pip to install it. We can get on a call if you need more clarification.

Comment 7 Mike Cohen 2019-06-18 19:36:41 UTC
I dont thin you guys have access to an ACI cluster. The acc_provision will not help, acc_provision utility is the one that generates the deployment file it is not available on CCO. I am attaching the generated deployment file, but without ACI the CNI will not come up which means you will not be able to verify the deployment completely.

We can also get on a webex where I can let you test it on our ACI cluster, we have everything ready to go in that case.

Comment 8 Mike Cohen 2019-06-18 19:37:16 UTC
Created attachment 1581871 [details]
Requested deployment file

I dont thin you guys have access to an ACI cluster. The acc_provision will not help, acc_provision utility is the one that generates the deployment file it is not available on CCO. I am attaching the generated deployment file, but without ACI the CNI will not come up which means you will not be able to verify the deployment completely.

We can also get on a webex where I can let you test it on our ACI cluster, we have everything ready to go in that case.

Comment 10 zhaozhanqi 2019-06-19 10:04:23 UTC
hi Mike:

I'm not sure what's make above happen since I'm not familiar the Cisco CNI. but seems it's not related this bug according to the fixed PR #https://github.com/openshift/openshift-ansible/pull/11507. 

From the ansible logs:

TASK [aci : Annotate namespace created] ****************************************
task path: /home/slave3/workspace/Run-Ansible-Playbooks-Nextge/private-openshift-ansible/roles/aci/tasks/main.yml:25
Using module file /usr/lib/python2.7/site-packages/ansible/modules/commands/command.py
<vm-10-0-76-240.hosted.upshift.rdu2.redhat.com> ESTABLISH SSH CONNECTION FOR USER: root
<vm-10-0-76-240.hosted.upshift.rdu2.redhat.com> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="/home/slave3/workspace/Run-Ansible-Playbooks-Nextge/private/config/keys/libra.pem"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=root -o ConnectTimeout=10 -o ControlPath=/home/slave3/.ansible/cp/%C vm-10-0-76-240.hosted.upshift.rdu2.redhat.com '/bin/sh -c '"'"'/usr/bin/python && sleep 0'"'"''
Using module file /usr/lib/python2.7/site-packages/ansible/modules/commands/command.py
<vm-10-0-76-240.hosted.upshift.rdu2.redhat.com> ESTABLISH SSH CONNECTION FOR USER: root
<vm-10-0-76-240.hosted.upshift.rdu2.redhat.com> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="/home/slave3/workspace/Run-Ansible-Playbooks-Nextge/private/config/keys/libra.pem"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=root -o ConnectTimeout=10 -o ControlPath=/home/slave3/.ansible/cp/%C vm-10-0-76-240.hosted.upshift.rdu2.redhat.com '/bin/sh -c '"'"'/usr/bin/python && sleep 0'"'"''
Using module file /usr/lib/python2.7/site-packages/ansible/modules/commands/command.py
<vm-10-0-76-240.hosted.upshift.rdu2.redhat.com> ESTABLISH SSH CONNECTION FOR USER: root
<vm-10-0-76-240.hosted.upshift.rdu2.redhat.com> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="/home/slave3/workspace/Run-Ansible-Playbooks-Nextge/private/config/keys/libra.pem"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=root -o ConnectTimeout=10 -o ControlPath=/home/slave3/.ansible/cp/%C vm-10-0-76-240.hosted.upshift.rdu2.redhat.com '/bin/sh -c '"'"'/usr/bin/python && sleep 0'"'"''
<vm-10-0-76-240.hosted.upshift.rdu2.redhat.com> (0, '\n{"changed": true, "end": "2019-06-19 05:10:43.302137", "stdout": "namespace \\"openshift-console\\" annotated", "cmd": ["oc", "annotate", "namespace", "openshift-console", "opflex.cisco.com/endpoint-group={\\"policy-space\\":\\"nested_oshift_domain\\", \\"name\\": \\"kubernetes|kube-system\\"}", "--overwrite=True"], "rc": 0, "start": "2019-06-19 05:10:43.097130", "stderr": "", "delta": "0:00:00.205007", "invocation": {"module_args": {"warn": true, "executable": null, "_uses_shell": false, "_raw_params": "oc annotate namespace openshift-console opflex.cisco.com/endpoint-group=\'{\\"policy-space\\":\\"nested_oshift_domain\\", \\"name\\": \\"kubernetes|kube-system\\"}\' --overwrite=True", "removes": null, "creates": null, "chdir": null, "stdin": null}}}\n', '')
changed: [vm-10-0-77-6.hosted.upshift.rdu2.redhat.com -> vm-10-0-76-240.hosted.upshift.rdu2.redhat.com] => (item=openshift-console) => {
    "changed": true, 
    "cmd": [
        "oc", 
        "annotate", 
        "namespace", 
        "openshift-console", 
        "opflex.cisco.com/endpoint-group={\"policy-space\":\"nested_oshift_domain\", \"name\": \"kubernetes|kube-system\"}", 
        "--overwrite=True"
    ], 
    "delta": "0:00:00.205007", 
    "end": "2019-06-19 05:10:43.302137", 
    "failed": false, 
    "invocation": {
        "module_args": {
            "_raw_params": "oc annotate namespace openshift-console opflex.cisco.com/endpoint-group='{\"policy-space\":\"nested_oshift_domain\", \"name\": \"kubernetes|kube-system\"}' --overwrite=True", 
            "_uses_shell": false, 
            "chdir": null, 
            "creates": null, 
            "executable": null, 
            "removes": null, 
            "stdin": null, 
            "warn": true
        }
    }, 
    "item": "openshift-console", 
    "rc": 0, 
    "start": "2019-06-19 05:10:43.097130", 
    "stderr": "", 
    "stderr_lines": [], 
    "stdout": "namespace \"openshift-console\" annotated", 
    "stdout_lines": [
        "namespace \"openshift-console\" annotated"
    ]
}

the fixed PR is working well. So this bug should be fixed.  if so, I will verify this bug. Please correct me if I'm wrong.

Comment 11 Mike Cohen 2019-06-20 00:24:20 UTC
You are correct. You can mark it as verified.

Comment 12 zhaozhanqi 2019-06-20 02:34:34 UTC
Verified this bug according to above comment.

Comment 13 Antonios Dakopoulos 2019-06-25 17:58:34 UTC
Hello Juan Luis,
Per the RH Case,  it was mentioned that both 3.10 and 3.11 fixes will be available today, June 25th

Can we confirm if this will be available today and what is the delivery model to share with Cisco ACI?

Any feedback would be appreciated..

-Antonios

Comment 15 errata-xmlrpc 2019-06-26 09:08:11 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2019:1605


Note You need to log in before you can comment on or make changes to this bug.