Bug 1853915 - openshift-ose-ansible-operator:v4.5.0 contains an old python2-openshift package and blocks functionality of the k8s module
Summary: openshift-ose-ansible-operator:v4.5.0 contains an old python2-openshift packa...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Operator SDK
Version: 4.5
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: ---
: 4.5.z
Assignee: Jesus M. Rodriguez
QA Contact: yhui
URL:
Whiteboard:
Depends On: 1870406
Blocks:
TreeView+ depends on / blocked
 
Reported: 2020-07-05 14:44 UTC by Omer Yahud
Modified: 2020-10-27 16:12 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Cause: the 'apply' option in the k8s module required a newer python-openshift. Consequence: The 'apply' option of the k8s module would fail with an error that it requires python-openshift 0.9.2 or greater. Fix: Updated to newer python-openshift and python-kubernetes. Specifically python2-kubernetes-11.0.0-1.el7.noarch & python2-openshift-0.11.2-1.el7.noarch Result: After updating to latest packages the `apply` option works again.
Clone Of:
: 1870406 (view as bug list)
Environment:
Last Closed: 2020-10-27 16:12:20 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2020:4196 0 None None None 2020-10-27 16:12:53 UTC

Description Omer Yahud 2020-07-05 14:44:49 UTC
Description of problem:

The container image openshift-ose-ansible-operator:v4.5.0 is using python2-openshift-0.8.11, which produces this error:

---
Failed to import the required Python library (openshift >= 0.9.2) on kubevirt-ssp-operator-69c7fdb484-s97hc's Python /usr/bin/python2.
This is required for apply.
Please read module documentation and install in the appropriate location.
If the required library is installed, but Ansible is using the wrong Python interpreter, please consult the documentation on ansible_python_interpreter
---

when using the 'apply' option of the k8s module (https://docs.ansible.com/ansible/latest/modules/k8s_module.html):

---
- k8s:
    state: present
    namespace: "{{ namespace }}"
    definition: "{{ definition }}"
    apply: yes
---


Version-Release number of selected component (if applicable):
openshift-ose-ansible-operator:v4.5.0

How reproducible:
100%

Steps to Reproduce:
1. Write a playbook that utilizes the k8s module with the 'apply' option
2. Build a container image based on openshift-ose-ansible-operator:v4.5.0
3. Deploy the operator on an openshift cluster and read the logs

Actual results:
The above error occures


Expected results:
The container image openshift-ose-ansible-operator:v4.5.0 should provide all dependencies of the k8s module

Additional info:
A workaround I found was to use the 'merge_type' option instead of 'apply'

Comment 1 Jian Zhang 2020-07-06 06:30:27 UTC
I can reproduce this issue by using the module "community.kubernetes.k8s" and base image: "registry-proxy.engineering.redhat.com/rh-osbs/openshift-ose-ansible-operator:v4.5.0", details as follows:

1, Create an Ansible project, and write a playbook that utilizes the k8s module with the 'apply' option:
[root@preserve-olm-env foo-operator]# cat roles/foo/tasks/main.yml
---
# tasks file for foo
- name: set test namespace to "{{ state }}"
  community.kubernetes.k8s:
    api_version: v1
    kind: Namespace
    state: "{{ state }}"
    name: test
    apply: yes

2, Build a container image based on openshift-ose-ansible-operator:v4.5.0

[root@preserve-olm-env foo-operator]# cat build/Dockerfile 
FROM registry-proxy.engineering.redhat.com/rh-osbs/openshift-ose-ansible-operator:v4.5.0

COPY requirements.yml ${HOME}/requirements.yml
RUN ansible-galaxy collection install -r ${HOME}/requirements.yml \
 && chmod -R ug+rwx ${HOME}/.ansible

COPY watches.yaml ${HOME}/watches.yaml

COPY roles/ ${HOME}/roles/

[root@preserve-olm-env foo-operator]# operator-sdk build quay.io/olmqe/foo-operator:bug-ansible  --verbose
DEBU[0000] Debug logging is set                         
INFO[0000] Building OCI image quay.io/olmqe/foo-operator:bug-ansible 
DEBU[0000] Running []string{"docker", "build", "-f", "build/Dockerfile", "-t", "quay.io/olmqe/foo-operator:bug-ansible", "."} 
Sending build context to Docker daemon  52.74kB
Step 1/5 : FROM registry-proxy.engineering.redhat.com/rh-osbs/openshift-ose-ansible-operator:v4.5.0
 ---> c53cfde428cd
Step 2/5 : COPY requirements.yml ${HOME}/requirements.yml
 ---> 281ae0c325ff
...
Successfully tagged quay.io/olmqe/foo-operator:bug-ansible
INFO[0003] Operator build complete. 
[root@preserve-olm-env foo-operator]# docker push quay.io/olmqe/foo-operator:bug-ansible
The push refers to repository [quay.io/olmqe/foo-operator]
c6c55aa6e3c6: Pushed 
...
bug-ansible: digest: sha256:8d3de5992ee22827b711076f9e6bdea59aa5be2957a2c1839f511636f916efee size: 2202

3, Deploy the operator on an openshift cluster
[root@preserve-olm-env foo-operator]# oc project default
Now using project "default" on server "https://api.zzhao46n.qe.devcluster.openshift.com:6443".

[root@preserve-olm-env foo-operator]# oc create -f deploy/crds/foo.example.com_foos_crd.yaml 
customresourcedefinition.apiextensions.k8s.io/foos.foo.example.com created
[root@preserve-olm-env foo-operator]# oc create -f deploy/service_account.yaml 
serviceaccount/foo-operator created
[root@preserve-olm-env foo-operator]# oc create -f deploy/role.yaml 
role.rbac.authorization.k8s.io/foo-operator created
[root@preserve-olm-env foo-operator]# oc create -f deploy/role_binding.yaml 
rolebinding.rbac.authorization.k8s.io/foo-operator created

[root@preserve-olm-env foo-operator]# oc create -f deploy/operator.yaml 
deployment.apps/foo-operator created
[root@preserve-olm-env foo-operator]# oc get pods
NAME                            READY   STATUS              RESTARTS   AGE
foo-operator-6d8db94b8d-mb9xz   0/1     ContainerCreating   0          5s

[root@preserve-olm-env foo-operator]# oc get pods
NAME                            READY   STATUS    RESTARTS   AGE
foo-operator-6d8db94b8d-mb9xz   1/1     Running   0          58s

4, Deploy the CR. And, check the operator logs.
[root@preserve-olm-env foo-operator]# oc create -f deploy/crds/foo.example.com_v1alpha1_foo_cr.yaml 
foo.foo.example.com/example-foo created

[root@preserve-olm-env foo-operator]# oc get foo
NAME          AGE
example-foo   18s

[root@preserve-olm-env foo-operator]# oc logs foo-operator-6d8db94b8d-mb9xz 
...

--------------------------- Ansible Task StdOut -------------------------------

 TASK [set test namespace to "present"] ******************************** 
fatal: [localhost]: FAILED! => {"changed": false, "msg": "Failed to import the required Python library (openshift >= 0.9.2) on foo-operator-6d8db94b8d-mb9xz's Python /usr/bin/python2. This is required for apply. Please read module documentation and install in the appropriate location. If the required library is installed, but Ansible is using the wrong Python interpreter, please consult the documentation on ansible_python_interpreter"}

[root@preserve-olm-env example-inc]# operator-sdk version
operator-sdk version: "v0.17.2", commit: "0258db0119e8e18e15d035532427c329fce1e871", kubernetes version: "unknown", go version: "go1.13.10 linux/amd64"

Comment 12 yhui 2020-08-23 13:41:29 UTC
Version:
[root@preserve-olm-env foo-operator]# operator-sdk version
operator-sdk version: "v0.17.2", commit: "0258db0119e8e18e15d035532427c329fce1e871", kubernetes version: "unknown", go version: "go1.13.10 linux/amd64"
[root@preserve-olm-env foo-operator]# oc get clusterversion
NAME      VERSION                             AVAILABLE   PROGRESSING   SINCE   STATUS
version   4.5.0-0.nightly-2020-08-22-015330   True        False         44m     Cluster version is 4.5.0-0.nightly-2020-08-22-015330

Steps to test:
1, Create an Ansible project.
[root@preserve-olm-env 0.17.2]# operator-sdk new foo-operator --type=ansible --api-version=foo.example.com/v1alpha1 --kind=Foo
INFO[0000] Creating new Ansible operator 'foo-operator'. 
INFO[0000] Created deploy/service_account.yaml          
INFO[0000] Created deploy/role.yaml
...

2, Write a playbook that utilizes the k8s module with the 'apply' option:
[root@preserve-olm-env foo-operator]# cat roles/foo/tasks/main.yml
---
# tasks file for foo
- name: set test namespace to "{{ state }}"
  community.kubernetes.k8s:
    api_version: v1
    kind: Namespace
    state: "{{ state }}"
    name: test
    apply: yes

3, Build a container image based on openshift-ose-ansible-operator:v4.5.0

[root@preserve-olm-env foo-operator]# cat build/Dockerfile 
FROM registry-proxy.engineering.redhat.com/rh-osbs/openshift-ose-ansible-operator:v4.5.0

COPY requirements.yml ${HOME}/requirements.yml
RUN ansible-galaxy collection install -r ${HOME}/requirements.yml \
 && chmod -R ug+rwx ${HOME}/.ansible

COPY watches.yaml ${HOME}/watches.yaml

COPY roles/ ${HOME}/roles/

[root@preserve-olm-env foo-operator]# operator-sdk build quay.io/yuhui12/foo-operator:bug-ansible  --verbose
DEBU[0000] Debug logging is set                         
INFO[0000] Building OCI image quay.io/yuhui12/foo-operator:bug-ansible 
DEBU[0000] Running []string{"docker", "build", "-f", "build/Dockerfile", "-t", "quay.io/yuhui12/foo-operator:bug-ansible", "."} 
Sending build context to Docker daemon  51.71kB
Step 1/5 : FROM registry-proxy.engineering.redhat.com/rh-osbs/openshift-ose-ansible-operator:v4.5.0
 ---> d6513b64f5f5
...
Successfully built 1f52fe1015b3
Successfully tagged quay.io/yuhui12/foo-operator:bug-ansible
INFO[0001] Operator build complete.
[root@preserve-olm-env foo-operator]# docker push quay.io/yuhui12/foo-operator:bug-ansible
The push refers to repository [quay.io/yuhui12/foo-operator]
... 
2acea37b6b28: Pushed 
bug-ansible: digest: sha256:26a9380ddbe1e573039eb880183c35d14db5fb4be0a4bbbab71356b1b36784d2 size: 2202

4, Deploy the operator on an openshift cluster
[root@preserve-olm-env foo-operator]# oc project default
Now using project "default" on server "https://api.ci-ln-n856w2t-d5d6b.origin-ci-int-aws.dev.rhcloud.com:6443".

[root@preserve-olm-env foo-operator]# oc create -f deploy/crds/foo.example.com_foos_crd.yaml 
customresourcedefinition.apiextensions.k8s.io/foos.foo.example.com created
[root@preserve-olm-env foo-operator]# oc create -f deploy/service_account.yaml 
serviceaccount/foo-operator created
[root@preserve-olm-env foo-operator]# oc create -f deploy/role.yaml 
role.rbac.authorization.k8s.io/foo-operator created
[root@preserve-olm-env foo-operator]# oc create -f deploy/role_binding.yaml 
rolebinding.rbac.authorization.k8s.io/foo-operator created

[root@preserve-olm-env foo-operator]# oc create -f deploy/operator.yaml 
deployment.apps/foo-operator created
[root@preserve-olm-env foo-operator]# oc get pods
NAME                            READY   STATUS    RESTARTS   AGE
foo-operator-5f7c86b49f-zdmmz   1/1     Running   0          17m

5, Deploy the CR. And, check the operator logs.
[root@preserve-olm-env foo-operator]# oc create -f deploy/crds/foo.example.com_v1alpha1_foo_cr.yaml 
foo.foo.example.com/example-foo created

[root@preserve-olm-env foo-operator]# oc get foo
NAME          AGE
example-foo   17m

[root@preserve-olm-env foo-operator]# oc logs foo-operator-5f7c86b49f-zdmmz |grep import
[root@preserve-olm-env foo-operator]#

No such errors like "Failed to import the required Python library (openshift >= 0.9.2) on foo-operator-6d8db94b8d-mb9xz's Python /usr/bin/python2. This is required for apply. Please read module documentation and install in the appropriate location. If the required library is installed, but Ansible is using the wrong Python interpreter, please consult the documentation on ansible_python_interpreter".

Comment 13 yhui 2020-08-24 02:40:54 UTC
Verify the bug using 4.5.0 ansible operator image.

[root@preserve-olm-env ~]# docker run -it --entrypoint=/bin/bash  registry-proxy.engineering.redhat.com/rh-osbs/openshift-ose-ansible-operator:v4.5.0
bash-4.2$ rpm -qa | grep kubernetes
python2-kubernetes-11.0.0-1.el7.noarch
bash-4.2$ rpm -qa | grep openshift
python2-openshift-0.11.2-1.el7.noarch

Comment 15 errata-xmlrpc 2020-10-27 16:12:20 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (OpenShift Container Platform 4.6 GA Images), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:4196


Note You need to log in before you can comment on or make changes to this bug.