Openshift-ansible: 3.7 file not found: /etc/origin/logging/ca.crl.srl

Seeing the same with OpenShift Enterprise 3.7 on RHEL 7.4 utilizing the Release-3.7 branch playbooks.

Same here - OpenShift Container Platform 3.7 (3.7.23) on RHEL 7.4 with the release-3.7 branch.

Same with - Openshift Origin 3.9 on Centos 7 with release-3.9 branch and ansible --version 2.5.0

this is even showing on 3.6 as well.

Using: openshift-ansible-3.7.42-1-5-g39058c1
Ansible 2.5.0

Seeing the same for Openshift Container Platform 3.9 (enterprise) with ansible version 2.5.0 on RHEL 7.

Possibly error with generating certificates (which refer to a .crt.srl)

- name: Checking for ca.crt.srl
  stat: path="{{generated_certs_dir}}/ca.crt.srl"
  register: ca_cert_srl_file
  check_mode: no
- copy: content="" dest={{generated_certs_dir}}/ca.crt.srl
  check_mode: no
  when:
    not ca_cert_srl_file.stat.exists

in openshift-ansible/roles/openshift_logging/tasks/generate_certs.yaml

installed via

Installed Packages
Name        : openshift-ansible
Arch        : noarch
Version     : 3.9.14
Release     : 1.git.3.c62bc34.el7
Size        : 56 k
Repo        : installed
From repo   : rhel-7-server-ose-3.9-rpms

FYI: this has been fixed by the above linked PR - https://github.com/openshift/openshift-ansible/pull/7764

Can confirm after manually patching #7764 into openshift-ansible.noarch.3.9.14-1.git.3.c62bc34.el7.rpm problem is fixed.

Just need it to be released now

Also, can confirm after manually patching in #7764 into release-3.6 problem is fixed and logging deploys as expected. See details below

diff --git a/roles/openshift_logging/tasks/generate_certs.yaml b/roles/openshift_logging/tasks/generate_certs.yaml
index 9c8f0986a..8e1da834d 100644
--- a/roles/openshift_logging/tasks/generate_certs.yaml
+++ b/roles/openshift_logging/tasks/generate_certs.yaml
@@ -98,15 +98,15 @@
   when:
     - not ca_db_file.stat.exists

-- name: Checking for ca.crt.srl
-  stat: path="{{generated_certs_dir}}/ca.crt.srl"
-  register: ca_cert_srl_file
+- name: Checking for ca.crl.srl
+  stat: path="{{generated_certs_dir}}/ca.crl.srl"
+  register: ca_crl_srl_file
   check_mode: no

-- copy: content="" dest={{generated_certs_dir}}/ca.crt.srl
+- copy: content="" dest={{generated_certs_dir}}/ca.crl.srl
   check_mode: no
   when:
-    - not ca_cert_srl_file.stat.exists
+    - not ca_crl_srl_file.stat.exists

 - name: Generate PEM certs
   include: generate_pems.yaml component={{node_name}}

[jfmatth@fedora openshift-ansible]$ git branch -v
  master      e65d4d60f [behind 8] Merge pull request #8184 from mwoodson/master
* release-3.6 6af1fb203 Merge pull request #8181 from vrutkovs/3.6-etcd-backport
  release-3.7 99331aeb5 Merge pull request #7801 from nak3/fix-single-master-etcd-up
  release-3.8 be319af3b Automatic commit of package [openshift-ansible] release [3.8.37-1].
  release-3.9 9ac6bf469 Merge pull request #8186 from jim-minter/azurecreds
[jfmatth@fedora openshift-ansible]$

Issues go stale after 90d of inactivity.

Mark the issue as fresh by commenting /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.
Exclude this issue from closing by commenting /lifecycle frozen.

If this issue is safe to close now please do so with /close.

/lifecycle stale

Stale issues rot after 30d of inactivity.

Mark the issue as fresh by commenting /remove-lifecycle rotten.
Rotten issues close after an additional 30d of inactivity.
Exclude this issue from closing by commenting /lifecycle frozen.

If this issue is safe to close now please do so with /close.

/lifecycle rotten
/remove-lifecycle stale

Rotten issues close after 30d of inactivity.

Reopen the issue by commenting /reopen.
Mark the issue as fresh by commenting /remove-lifecycle rotten.
Exclude this issue from closing again by commenting /lifecycle frozen.

/close

@openshift-bot: Closing this issue.