-
Notifications
You must be signed in to change notification settings - Fork 14
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
mas install pre check fails on ARO cluster #561
Comments
Been meaning to make improvements in this area for a while, using this as the kick to finally do it... |
I have no access to a system to test the fix .. @kathleenhosang could you try please see if this change helps: Start a docker container with the fix: Inside the container, create a playbook like so - hosts: localhost
any_errors_fatal: true
vars:
verify_cluster: False
verify_catalogsources: False
verify_subscriptions: False
verify_workloads: False
verify_ingres: True
roles:
- ibm.mas_devops.ocp_verify Run the playbook: Should hopefully see output like this:
I don't have any clusters where the first 3 ways of finding the certificate fails, I had hoped the IngressController would be a universal way to get the secret name, but sadly it's as fallable as the others; there doesn't seem to be a single reliable way to look this up that works across all OCP clusters. |
Running the playbook failed:
|
@durera I need a little help getting around this issue in the short term :) When trying to run
Rather than try to debug, I thought it would be easier to have the pipeline skip the verify ingress task. I commented that task out in the following files locally:
But the pipeline is still checking for the ingress secret and failing. I must be missing something- how do you suggest I move forward? |
What's the output from before that? These are the 4 new tasks I added that would need to see what they returned in your cluster: https://github.com/ibm-mas/ansible-devops/blob/ec5f3f0a762cb72c3041d900c83b31e8dd4d8ad6/ibm/mas_devops/common_tasks/get_signed_ingress_cert.yml#L96-L139 |
This isn't an optional thing that can be skipped, we put this check at the front to avoid wasting time debugging install failures that will happen later if we can't identify what secret contains this certificate ... some of our dependencies use this secret on their routes, if we don't know what it is they are using then we can't set everything up. |
@durera ok, makes sense. But the ansible playbook to install mas core should work? I am getting the permissions error
I can't imagine this is related to the ingress secret? Is this a separate bug? |
Looks like a problem in the container with an inability to write to |
@durera you are correct, resolved that issue, but now seeing a new one. The Let me know what you think, we can't move forward with the mas cli or ansible playbooks. The client opened an IBM support ticket (TS014529626) which we will use to debug this issue. |
@kathleenhosang I asked for the mongoce logs in the support ticket. I'll create an internal issue when I receive the logs. Thanks. |
Just for anyone that comes across this - with respect to the MongoDB CE Operator and ARO - the following storage class should be leveraged for the PVCs:
|
In ARO 4.12, the default storage class is |
FYI, the initially noted ingress cert error surfaces when using ansible directly to install MAS core. This is being debugged in TS014555001 |
I am seeing same behavior when performing MAS core upgrade on the Openshift cluster hosted in Azure. TASK [ibm.mas_devops.ocp_verify : Debug cluster certificate secret search] *****
TASK [ibm.mas_devops.ocp_verify : Fail if one of the cluster required secrets does not exist] *** NO MORE HOSTS LEFT ************************************************************* PLAY RECAP ********************************************************************* Issue only occurs when we are using publicly signed certificates. Is there a way to define certificate secrets? |
Any progress on this? |
Closing as this has the original issue related to ingress was addressed with the following PR: |
Running
mas install
on ARO cluster yields the following error message:Saw issue in client environment and replicated issue in test ARO cluster.
I looked at the default ingress controller configuration in test env and can see the default ingress certificate as part of the yaml file:
I should be able to get around this by using the ansible playbooks directly, but wanted to raise, since it will be difficult to manage ARO clusters without mas cli support.
The text was updated successfully, but these errors were encountered: