You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is it possible to get this validated pattern to work in an OpenShift cluster deployed into AWS using ROSA? I keep running into vault related errors during make install. I can consistently reproduce the failure when deploying to a brand new OpenShift 4.11.31 cluster created with ROSA.
Cluster info:
Nodes:
- Control plane: 3
- Infra: 2
- Compute: 3
Compute Node Instance Type: m5a.4xlarge
Error:
Running helm:
Release "medical-diagnosis" does not exist. Installing it now.
NAME: medical-diagnosis
LAST DEPLOYED: Wed Apr 5 00:54:42 2023
NAMESPACE: default
STATUS: deployed
REVISION: 1
TEST SUITE: None
make[1]: Leaving directory `/home/cloudshell-user/medical-diagnosis'make load-secretsmake[1]: Entering directory `/home/cloudshell-user/medical-diagnosis'echo"Delegating load-secrets target"Delegating load-secrets targetmake -f common/Makefile load-secretsmake[2]: Entering directory `/home/cloudshell-user/medical-diagnosis'common/scripts/vault-utils.sh push_secrets medical-diagnosis[DEPRECATION WARNING]: Ansible will require Python 3.8 or newer on the controller starting with Ansible 2.12. Current version: 3.7.16 (default, Mar 10 2023, 03:25:26) [GCC 7.3.1 20180712 (Red Hat 7.3.1-15)]. This feature will be removed from ansible-core in version 2.12. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.[WARNING]: No inventory was parsed, only implicit localhost is availablePLAY [Vault initialization] *****************************************************************************************************************TASK [vault_utils : Vault pre checks] *******************************************************************************************************included: /home/cloudshell-user/medical-diagnosis/common/ansible/roles/vault_utils/tasks/pre_check.yaml for localhostTASK [vault_utils : Check if the kubernetes python module is usable from ansible] ***********************************************************ok: [localhost]TASK [vault_utils : Check if KUBECONFIG is correctly set] ***********************************************************************************ok: [localhost] => { "msg": "KUBECONFIG is not set, falling back to ~/.kube/config"}TASK [vault_utils : Check if ~/.kube/config exists] *****************************************************************************************ok: [localhost]TASK [vault_utils : Check if we're running inside an OCP cluster directly] ******************************************************************
ok: [localhost]
TASK [vault_utils : Fail if both KUBECONFIG and ~/.kube/config do not exist but only when not running in a cluster] *************************
ok: [localhost]
TASK [vault_utils : Vault status check] *****************************************************************************************************
included: /home/cloudshell-user/medical-diagnosis/common/ansible/roles/vault_utils/tasks/vault_status.yaml for localhost
FAILED - RETRYING: Check for vault namespace (20 retries left).
FAILED - RETRYING: Check for vault namespace (19 retries left).
FAILED - RETRYING: Check for vault namespace (18 retries left).
FAILED - RETRYING: Check for vault namespace (17 retries left).
FAILED - RETRYING: Check for vault namespace (16 retries left).
FAILED - RETRYING: Check for vault namespace (15 retries left).
TASK [vault_utils : Check for vault namespace] **********************************************************************************************
ok: [localhost]
TASK [vault_utils : Check if the vault pod is present] **************************************************************************************
ok: [localhost]
FAILED - RETRYING: Check for the vault status (20 retries left).
FAILED - RETRYING: Check for the vault status (19 retries left).
FAILED - RETRYING: Check for the vault status (18 retries left).
FAILED - RETRYING: Check for the vault status (17 retries left).
FAILED - RETRYING: Check for the vault status (16 retries left).
FAILED - RETRYING: Check for the vault status (15 retries left).
FAILED - RETRYING: Check for the vault status (14 retries left).
FAILED - RETRYING: Check for the vault status (13 retries left).
FAILED - RETRYING: Check for the vault status (12 retries left).
FAILED - RETRYING: Check for the vault status (11 retries left).
FAILED - RETRYING: Check for the vault status (10 retries left).
FAILED - RETRYING: Check for the vault status (9 retries left).
FAILED - RETRYING: Check for the vault status (8 retries left).
FAILED - RETRYING: Check for the vault status (7 retries left).
FAILED - RETRYING: Check for the vault status (6 retries left).
FAILED - RETRYING: Check for the vault status (5 retries left).
FAILED - RETRYING: Check for the vault status (4 retries left).
FAILED - RETRYING: Check for the vault status (3 retries left).
FAILED - RETRYING: Check for the vault status (2 retries left).
FAILED - RETRYING: Check for the vault status (1 retries left).
TASK [vault_utils : Check for the vault status] *********************************************************************************************
changed: [localhost]
TASK [vault_utils : Set vault status output json fact] **************************************************************************************
ok: [localhost]
TASK [vault_utils : List Vault pods] ********************************************************************************************************
ok: [localhost]
TASK [vault_utils : Get pods] ***************************************************************************************************************
ok: [localhost] => (item=vault-0)
TASK [vault_utils : Followers] **************************************************************************************************************
ok: [localhost]
TASK [vault_utils : If the vault is still sealed we need to retry] **************************************************************************
changed: [localhost]
TASK [vault_utils : Make sure that the vault auth policy exists] ****************************************************************************
fatal: [localhost]: FAILED! => {"msg": "The conditional check 'vault_role_cmd.rc == 0' failed. The error was: error while evaluating conditional (vault_role_cmd.rc == 0): 'dict object' has no attribute 'rc'"}
PLAY RECAP **********************************************************************************************************************************
localhost : ok=15 changed=2 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0
The text was updated successfully, but these errors were encountered:
Is it possible to get this validated pattern to work in an OpenShift cluster deployed into AWS using ROSA? I keep running into
vaultrelated errors duringmake install. I can consistently reproduce the failure when deploying to a brand new OpenShift 4.11.31 cluster created with ROSA.Cluster info:
Compute Node Instance Type:
m5a.4xlargeError:
The text was updated successfully, but these errors were encountered: