Openshift-ansible: Metrics installation fails on Atomic host as passlib module is required

Created on 7 Jun 2017  Â·  7Comments  Â·  Source: openshift/openshift-ansible

Description

Attempting to deploy metrics on our OCP v3.5 enterprise installation. We are using Atomic hosts for everything and as such python-passlib is not installed. This task appears to require it from the openshift-metrics.yml playbook.

Version
ansible 2.3.0.0
  config file = /etc/ansible/ansible.cfg
  configured module search path = Default w/o overrides
  python version = 2.7.5 (default, Aug  2 2016, 04:20:16) [GCC 4.8.5 20150623 (Red Hat 4.8.5-4)]

package atomic-openshift-utils is not installed
openshift-ansible-3.5.71-1.git.0.128c2db.el7.noarch
Steps To Reproduce
  1. Run the openshift-metrics.yml playbook against an Atomic host
Observed Results

Describe what is actually happening.

TASK [openshift_metrics : generate htpasswd file for hawkular metrics] *****************************************************************************************************************************************************
 [WARNING]: when statements should not include jinja2 templating delimiters such as {{ }} or {% %}. Found: not {{ openshift_metrics_heapster_standalone | bool }}

fatal: [x.x.x.x -> localhost]: FAILED! => {"censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result"}


â–½
MSG:

This module requires the passlib Python library

For long output or logs, consider using a gist

Additional Information

I haven't provided inventory used to drive Ansible as I believe that is not to blame for this issue.

cat /etc/redhat-release
Red Hat Enterprise Linux Atomic Host release 7.3
picture IronicBadger
👍4

Most helpful comment

The proper fix for this is to install python-passlib on the control host, the one you're running ansible on.

There are few problems why its not done automatically:

  • its dangerous to request root permissions to install the RPM from the ansible script. It would also complicate the CLI, as sudo settings on control host and target hosts might be different
  • since both ansible-playbook and ansible-playbook-3 are supported, its hard to determine which RPM should be installed
  • the playbook may run from a docker container, venv or on Ubuntu host, so RPM may not be available
picture vrutkovs on 14 Jun 2018
👍2

All 7 comments

for CentOS 7.3 the exact name of the missing dependency is python2-passlib

mschaefers picture mschaefers on 7 Jun 2017
👍2

Running Ansible installer from RHEL 7.3 and passlib is installed on that host.

yum install python-passlib -y
Loaded plugins: amazon-id, rhui-lb, search-disabled-repos
Package python-passlib-1.6.5-2.el7.noarch already installed and latest version
Nothing to do

My issue that it looks like Ansible expects this to be available on the first master and because it's an atomic host, it is not.

IronicBadger picture IronicBadger on 7 Jun 2017

I see. I am running a multi-master installation via ansible (branch release-1.5) and get the exact error message, but I am not using atomic hosts. Installtion python2-passlib via yum on all master machines before running ansible fixes the error for me.

mschaefers picture mschaefers on 7 Jun 2017

Looking at #1071, it looks like it's something that's (deliberately?) missing from the base atomic image that ought to be there given the installer relies on it.

The offending Ansible line is:
- name: generate htpasswd file for hawkular metrics local_action: htpasswd path="{{ local_tmp.stdout }}/hawkular-metrics.htpasswd" name=hawkular password="{{ hawkular_metrics_pwd.content | b64decode }}" no_log: true

https://github.com/openshift/openshift-ansible/blob/a04128cf36792640a84ad0e1914922dffbf2bd5c/roles/openshift_metrics/tasks/generate_hawkular_certificates.yaml

I could use a workaround if possible please.

IronicBadger picture IronicBadger on 7 Jun 2017
👍1

I have same problem with Openshift Origin 3.9
OS: Centos 7 Project Atomic

PLAY [Initialization Checkpoint End] *******************************************

TASK [Set install initialization 'Complete'] ***********************************
Thursday 14 June 2018  10:31:42 +0400 (0:00:01.349)       0:00:21.612 ********* 
ok: [pub-caas-e-1.srv.lan]

PLAY [Metrics Install Checkpoint Start] ****************************************

TASK [Set Metrics install 'In Progress'] ***************************************
Thursday 14 June 2018  10:31:42 +0400 (0:00:00.159)       0:00:21.772 ********* 
ok: [pub-caas-e-1.srv.lan]

PLAY [OpenShift Metrics] *******************************************************

TASK [openshift_metrics : shell] ***********************************************
Thursday 14 June 2018  10:31:42 +0400 (0:00:00.177)       0:00:21.950 ********* 
changed: [pub-caas-e-1.srv.lan -> localhost]

TASK [openshift_metrics : Check that python-passlib is available on the control host] ***
Thursday 14 June 2018  10:31:42 +0400 (0:00:00.322)       0:00:22.273 ********* 
fatal: [pub-caas-e-1.srv.lan]: FAILED! => {
    "assertion": "'not installed' not in passlib_result.stdout", 
    "changed": false, 
    "evaluated_to": false, 
    "msg": "python-passlib rpm must be installed on control host"
}

PLAY RECAP *********************************************************************
localhost                  : ok=11   changed=0    unreachable=0    failed=0   
pub-caas-e-1.srv.lan       : ok=40   changed=2    unreachable=0    failed=1   
pub-caas-e-2.srv.lan       : ok=0    changed=0    unreachable=0    failed=0   


INSTALLER STATUS ***************************************************************
Initialization             : Complete (0:00:22)
Metrics Install            : In Progress (0:00:00)
    This phase can be restarted by running: playbooks/openshift-metrics/config.yml
gris-gris picture gris-gris on 14 Jun 2018

The proper fix for this is to install python-passlib on the control host, the one you're running ansible on.

There are few problems why its not done automatically:

  • its dangerous to request root permissions to install the RPM from the ansible script. It would also complicate the CLI, as sudo settings on control host and target hosts might be different
  • since both ansible-playbook and ansible-playbook-3 are supported, its hard to determine which RPM should be installed
  • the playbook may run from a docker container, venv or on Ubuntu host, so RPM may not be available
vrutkovs picture vrutkovs on 14 Jun 2018
👍2

The proper fix for this is to install python-passlib on the control host, the one you're running ansible on.

There are few problems why its not done automatically:

  • its dangerous to request root permissions to install the RPM from the ansible script. It would also complicate the CLI, as sudo settings on control host and target hosts might be different
  • since both ansible-playbook and ansible-playbook-3 are supported, its hard to determine which RPM should be installed
  • the playbook may run from a docker container, venv or on Ubuntu host, so RPM may not be available

that's it. The problem as on the host and not at the remote host. Man... what a hell

marcelomrwin picture marcelomrwin on 14 Sep 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

outcoldman picture outcoldman  Â·  6Comments
anhnguyenbk picture anhnguyenbk  Â·  7Comments
leoluk picture leoluk  Â·  4Comments
wongkafai picture wongkafai  Â·  7Comments
dharmit picture dharmit  Â·  4Comments