openshift-ansible: missing OpenSSL python bindings
Description
Ansible failes wiht the message
missing OpenSSL python bindings(on my master), although I have installed the pyOpenSSL package on my CentOS7 server.
Version
openshift-ansible-3.6.123.1002-1
ansible 2.3.1.0
Steps To Reproduce
- inventory:
[OSEv3:children]
masters
nodes
[OSEv3:vars]
ansible_ssh_user=root
deployment_type=origin
openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider', 'filename': '/etc/origin/master/htpasswd'}]
containerized=true
openshift_release=v1.5.1
openshift_image_tag=v1.5.1
openshift_public_hostname=master.domain.tld
openshift_master_default_subdomain=origin.domain.tld
openshift_hosted_metrics_deploy=true
openshift_disable_check=docker_storage,memory_availability
openshift_master_overwrite_named_certificates=true
openshift_master_named_certificates=[{"certfile": "/etc/letsencrypt/live/master.domain.tld/cert.pem", "keyfile": "/etc/letsencrypt/live/master.domain.tld/privkey.pem", "cafile": "/etc/letsencrypt/live/master.domain.tld/fullchain.pem"}]
[masters]
master.domain.tld openshift_schedulable=true
[nodes]
master.domain.tld openshift_node_labels="{'region': 'infra', 'zone': 'default'}" openshift_schedulable=true
node1.domain.tld openshift_node_labels="{'region': 'primary', 'zone': 'default'}" openshift_schedulable=true
ansible-playbook -i inventory openshift-ansible/playbooks/byo/config.yml
Observed Results
Failure summary:
1. Host: master.domain.tld
Play: Configure masters
Task: openshift_named_certificates : set_fact
Message: |missing OpenSSL python bindings
(of course using an actual domain.tld)
About this issue
- Original URL
- State: closed
- Created 7 years ago
- Comments: 17 (6 by maintainers)
Commits related to this issue
- Add pyOpenSSL openshift-ansible dep This regressed in 801779eeb6f6308f81ae7c48409de7686c04a0aa Related #4617 — committed to sdodson/openshift-ansible by sdodson 6 years ago
- Add pyOpenSSL openshift-ansible dep This regressed in 801779eeb6f6308f81ae7c48409de7686c04a0aa Related #4617 — committed to openshift-cherrypick-robot/openshift-ansible by sdodson 6 years ago
- Add pyOpenSSL openshift-ansible dep This regressed in 801779eeb6f6308f81ae7c48409de7686c04a0aa Related #4617 — committed to openshift-cherrypick-robot/openshift-ansible by sdodson 6 years ago
- Add pyOpenSSL openshift-ansible dep This regressed in 801779eeb6f6308f81ae7c48409de7686c04a0aa Related #4617 — committed to infonova/openshift-ansible by sdodson 6 years ago
This regressed in 801779eeb6f6308f81ae7c48409de7686c04a0aa #10733 to reintroduce the dependency
@sdodson still here in 3.11.125-1
UPD 26.11.2019: Still here 3.11.153-2
OK so this was caused because we ran the ansible scripts from a management server. The assumption here is that your running ansible from a host in the cluster which is probably not a good thing given that a Bastion host is included in the reference architecture. This assumption also causes api tests to fail. In short the assumption should be that ansible is executed from a host outside of the OCP cluster.
The RPM dependencies include pyOpenSSL if you were to install openshift-ansible via RPMs. But we should make sure that we create a role that ensures control host deps are fulfilled.