Closed ikke-t closed 3 years ago
@ikke-t A couple of us have tried to reproduce this quoting of the entire line problem and cannot do it. I'm not using RHEL8 and I'm running python 3.8, but I used the same versions of Ansible and the openshift client (fresh install in virtualenv).
Have you tried reproducing this using different versions of ansible or python or OSs? Is it only to_json
on that one specific annotation?
odd, now I made a simplified reproducal for you guys, and tested again before sending, and it works. However, I updated my rhel8 ansible, and ocp clustere from 4.5 to 4.6. I will re-test the fevermap one too.
od. Now it works with fevermap too. I wonder how this is possible, I've put so many hours into figuring this out. Something behaves diferently after the updates. Well, I'll close this one. Sorry for the trouble, and thanks for looking into it.
SUMMARY
I'm doing GitOps with Ansilbe k8s module. I setup jenkins, but k8s definition for jenkins oauth route fails to be set due ansible adding extra " around the json. Jenkins is so picky, that it will fail. I find no way to remove the extra " around json in k8s definition, other than doing a template and doing it in jinja. Which is ugly, as none of the other files are not templated.
How to escape internal json properly, or avoid ansible adding the quotes around json to avoid failure?
ISSUE TYPE
COMPONENT NAME
k8s
ANSIBLE VERSION
rhel8
CONFIGURATION
OS / ENVIRONMENT
STEPS TO REPRODUCE
The problematic SA definition is here. I had to move away from specifying json there directly since ansible parser gets confused if having variables in middle of json. So I moved the definition into var, and instead use json filter to palce it into definiton.
https://gitlab.com/fevermap/fevermap/-/blob/master/ocp/ansible/roles/pipelines/tasks/main.yml#L20
The lines should end up with:
Instead, it is like this (not the extra " wrapping):
Instead, there is no way to have it without " or ' around it, which ruins the jenkins conf. Thus, it's not possible to end up with working config.
Jenkins redirect guide has examples: https://docs.openshift.com/container-platform/4.6/authentication/using-service-accounts-as-oauth-client.html
I run the fevermap playbook https://gitlab.com/fevermap/fevermap/-/blob/master/ocp/ansible/fevermap.yml
like this:
EXPECTED RESULTS
Able to login to jenkins.
ACTUAL RESULTS
Jenkins redirect does not work, and login fails.