Bug 1853915
| Summary: | openshift-ose-ansible-operator:v4.5.0 contains an old python2-openshift package and blocks functionality of the k8s module | |||
|---|---|---|---|---|
| Product: | OpenShift Container Platform | Reporter: | Omer Yahud <oyahud> | |
| Component: | Operator SDK | Assignee: | Jesus M. Rodriguez <jesusr> | |
| Status: | CLOSED ERRATA | QA Contact: | yhui | |
| Severity: | high | Docs Contact: | ||
| Priority: | high | |||
| Version: | 4.5 | CC: | aos-bugs, dollierp, jesusr, jiazha, marobrie, ncredi | |
| Target Milestone: | --- | Keywords: | TestBlockerForLayeredProduct, UpcomingSprint | |
| Target Release: | 4.5.z | |||
| Hardware: | Unspecified | |||
| OS: | Unspecified | |||
| Whiteboard: | ||||
| Fixed In Version: | Doc Type: | Bug Fix | ||
| Doc Text: |
Cause:
the 'apply' option in the k8s module required a newer python-openshift.
Consequence:
The 'apply' option of the k8s module would fail with an error that it requires python-openshift 0.9.2 or greater.
Fix:
Updated to newer python-openshift and python-kubernetes. Specifically python2-kubernetes-11.0.0-1.el7.noarch & python2-openshift-0.11.2-1.el7.noarch
Result:
After updating to latest packages the `apply` option works again.
|
Story Points: | --- | |
| Clone Of: | ||||
| : | 1870406 (view as bug list) | Environment: | ||
| Last Closed: | 2020-10-27 16:12:20 UTC | Type: | Bug | |
| Regression: | --- | Mount Type: | --- | |
| Documentation: | --- | CRM: | ||
| Verified Versions: | Category: | --- | ||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
| Cloudforms Team: | --- | Target Upstream Version: | ||
| Embargoed: | ||||
| Bug Depends On: | 1870406 | |||
| Bug Blocks: | ||||
|
Description
Omer Yahud
2020-07-05 14:44:49 UTC
I can reproduce this issue by using the module "community.kubernetes.k8s" and base image: "registry-proxy.engineering.redhat.com/rh-osbs/openshift-ose-ansible-operator:v4.5.0", details as follows:
1, Create an Ansible project, and write a playbook that utilizes the k8s module with the 'apply' option:
[root@preserve-olm-env foo-operator]# cat roles/foo/tasks/main.yml
---
# tasks file for foo
- name: set test namespace to "{{ state }}"
community.kubernetes.k8s:
api_version: v1
kind: Namespace
state: "{{ state }}"
name: test
apply: yes
2, Build a container image based on openshift-ose-ansible-operator:v4.5.0
[root@preserve-olm-env foo-operator]# cat build/Dockerfile
FROM registry-proxy.engineering.redhat.com/rh-osbs/openshift-ose-ansible-operator:v4.5.0
COPY requirements.yml ${HOME}/requirements.yml
RUN ansible-galaxy collection install -r ${HOME}/requirements.yml \
&& chmod -R ug+rwx ${HOME}/.ansible
COPY watches.yaml ${HOME}/watches.yaml
COPY roles/ ${HOME}/roles/
[root@preserve-olm-env foo-operator]# operator-sdk build quay.io/olmqe/foo-operator:bug-ansible --verbose
DEBU[0000] Debug logging is set
INFO[0000] Building OCI image quay.io/olmqe/foo-operator:bug-ansible
DEBU[0000] Running []string{"docker", "build", "-f", "build/Dockerfile", "-t", "quay.io/olmqe/foo-operator:bug-ansible", "."}
Sending build context to Docker daemon 52.74kB
Step 1/5 : FROM registry-proxy.engineering.redhat.com/rh-osbs/openshift-ose-ansible-operator:v4.5.0
---> c53cfde428cd
Step 2/5 : COPY requirements.yml ${HOME}/requirements.yml
---> 281ae0c325ff
...
Successfully tagged quay.io/olmqe/foo-operator:bug-ansible
INFO[0003] Operator build complete.
[root@preserve-olm-env foo-operator]# docker push quay.io/olmqe/foo-operator:bug-ansible
The push refers to repository [quay.io/olmqe/foo-operator]
c6c55aa6e3c6: Pushed
...
bug-ansible: digest: sha256:8d3de5992ee22827b711076f9e6bdea59aa5be2957a2c1839f511636f916efee size: 2202
3, Deploy the operator on an openshift cluster
[root@preserve-olm-env foo-operator]# oc project default
Now using project "default" on server "https://api.zzhao46n.qe.devcluster.openshift.com:6443".
[root@preserve-olm-env foo-operator]# oc create -f deploy/crds/foo.example.com_foos_crd.yaml
customresourcedefinition.apiextensions.k8s.io/foos.foo.example.com created
[root@preserve-olm-env foo-operator]# oc create -f deploy/service_account.yaml
serviceaccount/foo-operator created
[root@preserve-olm-env foo-operator]# oc create -f deploy/role.yaml
role.rbac.authorization.k8s.io/foo-operator created
[root@preserve-olm-env foo-operator]# oc create -f deploy/role_binding.yaml
rolebinding.rbac.authorization.k8s.io/foo-operator created
[root@preserve-olm-env foo-operator]# oc create -f deploy/operator.yaml
deployment.apps/foo-operator created
[root@preserve-olm-env foo-operator]# oc get pods
NAME READY STATUS RESTARTS AGE
foo-operator-6d8db94b8d-mb9xz 0/1 ContainerCreating 0 5s
[root@preserve-olm-env foo-operator]# oc get pods
NAME READY STATUS RESTARTS AGE
foo-operator-6d8db94b8d-mb9xz 1/1 Running 0 58s
4, Deploy the CR. And, check the operator logs.
[root@preserve-olm-env foo-operator]# oc create -f deploy/crds/foo.example.com_v1alpha1_foo_cr.yaml
foo.foo.example.com/example-foo created
[root@preserve-olm-env foo-operator]# oc get foo
NAME AGE
example-foo 18s
[root@preserve-olm-env foo-operator]# oc logs foo-operator-6d8db94b8d-mb9xz
...
--------------------------- Ansible Task StdOut -------------------------------
TASK [set test namespace to "present"] ********************************
fatal: [localhost]: FAILED! => {"changed": false, "msg": "Failed to import the required Python library (openshift >= 0.9.2) on foo-operator-6d8db94b8d-mb9xz's Python /usr/bin/python2. This is required for apply. Please read module documentation and install in the appropriate location. If the required library is installed, but Ansible is using the wrong Python interpreter, please consult the documentation on ansible_python_interpreter"}
[root@preserve-olm-env example-inc]# operator-sdk version
operator-sdk version: "v0.17.2", commit: "0258db0119e8e18e15d035532427c329fce1e871", kubernetes version: "unknown", go version: "go1.13.10 linux/amd64"
Version:
[root@preserve-olm-env foo-operator]# operator-sdk version
operator-sdk version: "v0.17.2", commit: "0258db0119e8e18e15d035532427c329fce1e871", kubernetes version: "unknown", go version: "go1.13.10 linux/amd64"
[root@preserve-olm-env foo-operator]# oc get clusterversion
NAME VERSION AVAILABLE PROGRESSING SINCE STATUS
version 4.5.0-0.nightly-2020-08-22-015330 True False 44m Cluster version is 4.5.0-0.nightly-2020-08-22-015330
Steps to test:
1, Create an Ansible project.
[root@preserve-olm-env 0.17.2]# operator-sdk new foo-operator --type=ansible --api-version=foo.example.com/v1alpha1 --kind=Foo
INFO[0000] Creating new Ansible operator 'foo-operator'.
INFO[0000] Created deploy/service_account.yaml
INFO[0000] Created deploy/role.yaml
...
2, Write a playbook that utilizes the k8s module with the 'apply' option:
[root@preserve-olm-env foo-operator]# cat roles/foo/tasks/main.yml
---
# tasks file for foo
- name: set test namespace to "{{ state }}"
community.kubernetes.k8s:
api_version: v1
kind: Namespace
state: "{{ state }}"
name: test
apply: yes
3, Build a container image based on openshift-ose-ansible-operator:v4.5.0
[root@preserve-olm-env foo-operator]# cat build/Dockerfile
FROM registry-proxy.engineering.redhat.com/rh-osbs/openshift-ose-ansible-operator:v4.5.0
COPY requirements.yml ${HOME}/requirements.yml
RUN ansible-galaxy collection install -r ${HOME}/requirements.yml \
&& chmod -R ug+rwx ${HOME}/.ansible
COPY watches.yaml ${HOME}/watches.yaml
COPY roles/ ${HOME}/roles/
[root@preserve-olm-env foo-operator]# operator-sdk build quay.io/yuhui12/foo-operator:bug-ansible --verbose
DEBU[0000] Debug logging is set
INFO[0000] Building OCI image quay.io/yuhui12/foo-operator:bug-ansible
DEBU[0000] Running []string{"docker", "build", "-f", "build/Dockerfile", "-t", "quay.io/yuhui12/foo-operator:bug-ansible", "."}
Sending build context to Docker daemon 51.71kB
Step 1/5 : FROM registry-proxy.engineering.redhat.com/rh-osbs/openshift-ose-ansible-operator:v4.5.0
---> d6513b64f5f5
...
Successfully built 1f52fe1015b3
Successfully tagged quay.io/yuhui12/foo-operator:bug-ansible
INFO[0001] Operator build complete.
[root@preserve-olm-env foo-operator]# docker push quay.io/yuhui12/foo-operator:bug-ansible
The push refers to repository [quay.io/yuhui12/foo-operator]
...
2acea37b6b28: Pushed
bug-ansible: digest: sha256:26a9380ddbe1e573039eb880183c35d14db5fb4be0a4bbbab71356b1b36784d2 size: 2202
4, Deploy the operator on an openshift cluster
[root@preserve-olm-env foo-operator]# oc project default
Now using project "default" on server "https://api.ci-ln-n856w2t-d5d6b.origin-ci-int-aws.dev.rhcloud.com:6443".
[root@preserve-olm-env foo-operator]# oc create -f deploy/crds/foo.example.com_foos_crd.yaml
customresourcedefinition.apiextensions.k8s.io/foos.foo.example.com created
[root@preserve-olm-env foo-operator]# oc create -f deploy/service_account.yaml
serviceaccount/foo-operator created
[root@preserve-olm-env foo-operator]# oc create -f deploy/role.yaml
role.rbac.authorization.k8s.io/foo-operator created
[root@preserve-olm-env foo-operator]# oc create -f deploy/role_binding.yaml
rolebinding.rbac.authorization.k8s.io/foo-operator created
[root@preserve-olm-env foo-operator]# oc create -f deploy/operator.yaml
deployment.apps/foo-operator created
[root@preserve-olm-env foo-operator]# oc get pods
NAME READY STATUS RESTARTS AGE
foo-operator-5f7c86b49f-zdmmz 1/1 Running 0 17m
5, Deploy the CR. And, check the operator logs.
[root@preserve-olm-env foo-operator]# oc create -f deploy/crds/foo.example.com_v1alpha1_foo_cr.yaml
foo.foo.example.com/example-foo created
[root@preserve-olm-env foo-operator]# oc get foo
NAME AGE
example-foo 17m
[root@preserve-olm-env foo-operator]# oc logs foo-operator-5f7c86b49f-zdmmz |grep import
[root@preserve-olm-env foo-operator]#
No such errors like "Failed to import the required Python library (openshift >= 0.9.2) on foo-operator-6d8db94b8d-mb9xz's Python /usr/bin/python2. This is required for apply. Please read module documentation and install in the appropriate location. If the required library is installed, but Ansible is using the wrong Python interpreter, please consult the documentation on ansible_python_interpreter".
Verify the bug using 4.5.0 ansible operator image. [root@preserve-olm-env ~]# docker run -it --entrypoint=/bin/bash registry-proxy.engineering.redhat.com/rh-osbs/openshift-ose-ansible-operator:v4.5.0 bash-4.2$ rpm -qa | grep kubernetes python2-kubernetes-11.0.0-1.el7.noarch bash-4.2$ rpm -qa | grep openshift python2-openshift-0.11.2-1.el7.noarch Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (OpenShift Container Platform 4.6 GA Images), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:4196 |