Hide Forgot
Description of problem: Using openshift-ansible, it is not validating if SELinux is enabled on the nodes, additionally it does not appear to be validating the installation or enablement of NetworkManager either Version-Release number of the following components: rpm -q openshift-ansible - openshift-ansible-3.11.98-1.git.0.3cfa7c3.el7.noarch rpm -q ansible - ansible-2.6.16-1.el7ae.noarch ansible --version - ansible 2.6.16 How reproducible: Every attempt to run install fails because SELinux and/or NetworkManager are not enabled Steps to Reproduce: 1. Run /usr/share/ansible/openshift-ansible/playbooks/prerequisites.yml 2. Run /usr/share/ansible/openshift-ansible/playbooks/deploy_cluster.yml 3. Actual results: TASK [openshift_node : fail] ************************************************************************************************************************** fatal: [tpavcpax101s4.vici.verizon.com]: FAILED! => {"changed": false, "msg": "SELinux is disabled, This deployment type requires that SELinux is enabled."} fatal: [tpavcpax101s5.vici.verizon.com]: FAILED! => {"changed": false, "msg": "SELinux is disabled, This deployment type requires that SELinux is enabled."} fatal: [tpavcpax101s6.vici.verizon.com]: FAILED! => {"changed": false, "msg": "SELinux is disabled, This deployment type requires that SELinux is enabled."} fatal: [tpavcpax101s7.vici.verizon.com]: FAILED! => {"changed": false, "msg": "SELinux is disabled, This deployment type requires that SELinux is enabled."} fatal: [tpavcpax101s8.vici.verizon.com]: FAILED! => {"changed": false, "msg": "SELinux is disabled, This deployment type requires that SELinux is enabled."} fatal: [tpavcpax101s9.vici.verizon.com]: FAILED! => {"changed": false, "msg": "SELinux is disabled, This deployment type requires that SELinux is enabled."} fatal: [tpavcpax101s10.vici.verizon.com]: FAILED! => {"changed": false, "msg": "SELinux is disabled, This deployment type requires that SELinux is enabled."} fatal: [tpavcpax101s13.vici.verizon.com]: FAILED! => {"changed": false, "msg": "SELinux is disabled, This deployment type requires that SELinux is enabled."} [WARNING]: Could not create retry file '/usr/share/ansible/openshift-ansible/playbooks/deploy_cluster.retry'. [Errno 13] Permission denied: u'/usr/share/ansible/openshift-ansible/playbooks/deploy_cluster.retry' Expected results: Successful installation Additional info:
TASK [fail] ******************************************************************************************************************************************* fatal: [tpavcpax101s4.vici.verizon.com]: FAILED! => {"changed": false, "msg": "Currently, NetworkManager must be installed and enabled prior to installation."} fatal: [tpavcpax101s5.vici.verizon.com]: FAILED! => {"changed": false, "msg": "Currently, NetworkManager must be installed and enabled prior to installation."} fatal: [tpavcpax101s6.vici.verizon.com]: FAILED! => {"changed": false, "msg": "Currently, NetworkManager must be installed and enabled prior to installation."} fatal: [tpavcpax101s7.vici.verizon.com]: FAILED! => {"changed": false, "msg": "Currently, NetworkManager must be installed and enabled prior to installation."} fatal: [tpavcpax101s8.vici.verizon.com]: FAILED! => {"changed": false, "msg": "Currently, NetworkManager must be installed and enabled prior to installation."} fatal: [tpavcpax101s9.vici.verizon.com]: FAILED! => {"changed": false, "msg": "Currently, NetworkManager must be installed and enabled prior to installation."} fatal: [tpavcpax101s10.vici.verizon.com]: FAILED! => {"changed": false, "msg": "Currently, NetworkManager must be installed and enabled prior to installation."} fatal: [tpavcpax101s13.vici.verizon.com]: FAILED! => {"changed": false, "msg": "Currently, NetworkManager must be installed and enabled prior to installation."} [WARNING]: Could not create retry file '/usr/share/ansible/openshift-ansible/playbooks/deploy_cluster.retry'. [Errno 13] Permission denied: u'/usr/share/ansible/openshift-ansible/playbooks/deploy_cluster.retry'
Are you stating that selinux is enabled and the installer is failing to correctly identify the state? SELinux is a documented prerequisite, https://docs.openshift.com/container-platform/3.11/install/prerequisites.html#prereq-selinux Are you stating that NetworkManager is enable and the installer is failing to correctly identigy the state? NetworkManager is a documented prerequisite, https://docs.openshift.com/container-platform/3.11/install/prerequisites.html#prereq-networkmanager
No, I am stating SELinux is disabled and the prerequisites playbook is failing to identify the state. Shouldn't the prereq playbook identify this as an issue? No, I am stating NetworkManager is disabled and the prerequisites playbook is failing to identify the state. Shouldn't the prereq playbook identify this as an issue?
https://github.com/openshift/openshift-ansible/pull/11695 NetworkManager and SELinux checks will now run in prerequisites.yml.
Fixed in openshift-ansible-3.11.120-1 and later
Seem like this PR introduce some regression: https://bugzilla.redhat.com/show_bug.cgi?id=1724718
(In reply to Johnny Liu from comment #6) > Seem like this PR introduce some regression: > https://bugzilla.redhat.com/show_bug.cgi?id=1724718 That bug is not introduced by PR for this bug, it has been there silently before PR for this bug. It is not triggered because the first condition is false, then the other conditions are not tested. - fail: msg: "SELinux is disabled, This deployment type requires that SELinux is enabled." when: - (ansible_selinux is not defined or ansible_selinux.status != 'enabled') - openshift_deployment_type == 'openshift-enterprise' - not openshift_use_crio | bool
Fixed. openshift-ansible-3.11.124 TASK [Verify SELinux is enabled] *********************************************** task path: /usr/share/ansible/openshift-ansible/playbooks/init/sanity_checks.yml:45 fatal: [ci-vm-10-0-151-214.hosted.upshift.rdu2.redhat.com]: FAILED! => { "changed": false, "msg": "The openshift-enterprise deployment type requires SELinux is 'enforcing' with type 'targeted'\nSELinux status: \"enabled\"\nSELinux mode: \"permissive\"\nSELinux type: \"targeted\"\n" } to retry, use: --limit @/usr/share/ansible/openshift-ansible/playbooks/prerequisites.retry
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2019:1753