openshift-ansible: 3.7 fails on etcd container pull
Description
open /etc/docker/certs.d/registry.access.redhat.com/redhat-ca.crt: no such file or directory
Version
Please put the following version information in the code block indicated below.
ansible 2.3.2.0
config file =
configured module search path = Default w/o overrides
python version = 2.7.14 (default, Sep 25 2017, 09:53:22) [GCC 4.2.1 Compatible Apple LLVM 9.0.0 (clang-900.0.37)]
If you’re operating from a git clone:
openshift-ansible-3.7.9-1-23-g78f029e37
Steps To Reproduce
[OSEv3:children]
masters
nodes
[masters]
<IP> openshift_schedulable=true
[nodes]
<IP> openshift_schedulable=true openshift_node_labels="{'region': 'infra', 'zone': 'default'}"
[etcd]
<IP>
[OSEv3:vars]
ansible_user=openshift
ansible_become=yes
enable_excluders=false
enable_docker_excluder=false
containerized=True
#openshift_use_system_containers=True
os_sdn_network_plugin_name='redhat/openshift-ovs-multitenant'
openshift_disable_check=disk_availability,docker_storage,memory_availability,docker_image_availability
openshift_node_kubelet_args={'pods-per-core': ['10']}
deployment_type=origin
openshift_deployment_type=origin
openshift_release=v3.7.0
openshift_pkg_version=v3.7.0-rc.0
osm_use_cockpit=true
openshift_metrics_install_metrics=True
openshift_hosted_prometheus_deploy=True
openshift_logging_install_logging=True
openshift_logging_image_version=v3.7.0-rc.0
openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider', 'filename': '/etc/origin/master/htpasswd'}]
openshift_public_hostname=<DNS>
openshift_master_default_subdomain=<DNS>
Expected Results
The container pull should not fail.
Observed Results
stdout => fatal: [<IP>]: FAILED! => {"changed": false, "cmd": ["docker", "pull", "registry.access.redhat.com/rhel7/etcd"], "delta": "0:00:00.068668", "end": "2017-11-22 14:19:06.892003", "failed": true, "rc": 1, "start": "2017-11-22 14:19:06.823335", "stderr": "open /etc/docker/certs.d/registry.access.redhat.com/redhat-ca.crt: no such file or directory", "stderr_lines": ["open /etc/docker/certs.d/registry.access.redhat.com/redhat-ca.crt: no such file or directory"], "stdout": "Using default tag: latest\nTrying to pull repository registry.access.redhat.com/rhel7/etcd ... ", "stdout_lines": ["Using default tag: latest", "Trying to pull repository registry.access.redhat.com/rhel7/etcd ... "]}
Additional Information
CentOS Linux release 7.4.1708 (Core)
Linux cluster01-master 3.10.0-693.5.2.el7.x86_64 #1 SMP Fri Oct 20 20:32:50 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
About this issue
- Original URL
- State: closed
- Created 7 years ago
- Comments: 15 (2 by maintainers)
Don’t delete stuff that’s needed for pulling securely from a secure registry 😉
Just install
yum install python-rhsm-certificates -yon all nodes and it works.@carct you can try to download the cert from here: https://github.com/candlepin/python-rhsm/blob/master/etc-conf/ca/redhat-uep.pem
For me it worked just fine, just that I created a file with the contents of the file provided in the link
also, keep in mind that redhat-ca.crt is just a link towards another file: /etc/rhsm/ca/redhat-uep.pem
so you need to ensure the existence of the later one (also, be sure to have +rx rights on the file)
thanks & cheers!