Closed przemyslavic closed 1 year ago
Hello Team,
Infra was created successfully on azure via Epiphany terraform. Next, was started ansible for provisioning cluster on azure failed.
OS : Linux (ubuntu 20.04)
Error message:
2023-01-17T14:53:19.2707177Z 14:53:19 INFO cli.src.ansible.AnsibleCommand - TASK [opensearch : Generate admin certificate] *�[0m 2023-01-17T14:53:20.0145871Z 14:53:20 INFO cli.src.ansible.AnsibleCommand - �[0;31mAn exception occurred during task execution. To see the full traceback, use -vvv. The error was: ValueError: The not valid after date must be after the not valid before date.�[0m�[0m 2023-01-17T14:53:20.0167162Z 14:53:20 INFO cli.src.ansible.AnsibleCommand - �[0;31mfatal: [Ass-prod-mt-gulf-cluster-logging-vm-0]: FAILED! => {"changed": false, "module_stderr": "Shared connection to 10.x.x.x closed.\r\n", "module_stdout": "Traceback (most recent call last):\r\n File "/home/operations/.ansible/tmp/ansible-tmp-1673967199.3290002-13177-79662590870260/AnsiballZ_x509_certificate.py", line 107, in \r\n _ansiballz_main()\r\n File "/home/operations/.ansible/tmp/ansible-tmp-1673967199.3290002-13177-79662590870260/AnsiballZ_x509_certificate.py", line 99, in _ansiballz_main\r\n invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)\r\n File "/home/operations/.ansible/tmp/ansible-tmp-1673967199.3290002-13177-79662590870260/AnsiballZ_x509_certificate.py", line 47, in invoke_module\r\n runpy.run_module(mod_name='ansible_collections.community.crypto.plugins.modules.x509_certificate', init_globals=dict(_module_fqn='ansible_collections.community.crypto.plugins.modules.x509_certificate', _modlib_path=modlib_path),\r\n File "/usr/lib/python3.8/runpy.py", line 207, in run_module\r\n return _run_module_code(code, init_globals, run_name, mod_spec)\r\n File "/usr/lib/python3.8/runpy.py", line 97, in _run_module_code\r\n _run_code(code, mod_globals, init_globals,\r\n File "/usr/lib/python3.8/runpy.py", line 87, in _run_code\r\n exec(code, run_globals)\r\n File "/tmp/ansible_community.crypto.x509_certificate_payload_1qriqgdk/ansible_community.crypto.x509_certificate_payload.zip/ansible_collections/community/crypto/plugins/modules/x509_certificate.py", line 413, in \r\n File "/tmp/ansible_community.crypto.x509_certificate_payload_1qriqgdk/ansible_community.crypto.x509_certificate_payload.zip/ansible_collections/community/crypto/plugins/modules/x509_certificate.py", line 404, in main\r\n File "/tmp/ansible_community.crypto.x509_certificate_payload_1qriqgdk/ansible_community.crypto.x509_certificate_payload.zip/ansible_collections/community/crypto/plugins/modules/x509_certificate.py", line 328, in generate\r\n File "/tmp/ansible_community.crypto.x509_certificate_payload_1qriqgdk/ansible_community.crypto.x509_certificate_payload.zip/ansible_collections/community/crypto/plugins/module_utils/crypto/module_backends/certificate_ownca.py", line 125, in generate_certificate\r\n File "/usr/lib/python3/dist-packages/cryptography/x509/base.py", line 552, in not_valid_after\r\n raise ValueError(\r\nValueError: The not valid after date must be after the not valid before date.\r\n", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 1}�[0m�[0m 2023-01-17T14:53:20.0245139Z 14:53:20 INFO cli.src.ansible.AnsibleCommand - �[0m 2023-01-17T14:53:20.0246529Z 14:53:20 INFO cli.src.ansible.AnsibleCommand - PLAY RECAP *****�[0m 2023-01-17T14:53:20.0248521Z 14:53:20 INFO cli.src.ansible.AnsibleCommand - �[0;31mAss-prod-mt-gulf-cluster-logging-vm-0�[0m : �[0;32mok=30 �[0m �[0;33mchanged=20 �[0m unreachable=0 �[0;31mfailed=1 �[0m skipped=0 rescued=0 ignored=0 �[0m 2023-01-17T14:53:20.0250040Z 14:53:20 INFO cli.src.ansible.AnsibleCommand - �[0m 2023-01-17T14:53:20.1490135Z 14:53:20 INFO cli.src.commands.Apply - Step finished in: 50m 30.43s�[0m 2023-01-17T14:53:20.1501168Z �[31m14:53:20 ERROR epicli - Error running: "ansible-playbook -i /shared/build/prod-mt-gulf-cluster/inventory --vault-password-file /home/epiuser/.epicli/vault.cfg /shared/build/prod-mt-gulf-cluster/ansible/logging.yml"�[0m 2023-01-17T14:53:21.8814650Z 14:53:21 INFO dump_debug_info - Error dump has been written to: /shared/epicli_error_20230117-145320.dump�[0m 2023-01-17T14:53:21.8816413Z �[33m14:53:21 WARNING dump_debug_info - This dump might contain sensitive information. Check before sharing.�[0m 2023-01-17T14:53:21.8840524Z 14:53:21 INFO run_time - Total run time: 50m 32.17s�[0m 2023-01-17T14:53:21.9620599Z ##[error]Bash exited with code '1'. 2023-01-17T14:53:21.9643824Z ##[section]Finishing: Execute the yaml file skipping the infra
Hi @MurugaAzure As already replied here, this has already been fixed in v2.0.3.
Describe the bug OpenSearch installation fails trying to generate admin certificate with the following error
The not valid after date must be after the not valid before
. This is becauseownca_not_after
parameter is set to20221231235959Z
which is currently a date in the past.https://github.com/epiphany-platform/epiphany/blob/develop/ansible/playbooks/roles/opensearch/tasks/generate-certs.yml#L111
https://github.com/epiphany-platform/epiphany/blob/develop/ansible/playbooks/roles/opensearch/defaults/main.yml#L44
How to reproduce Steps to reproduce the behavior:
epicli init ... (with params)
epicli apply ...
Expected behavior A clear and concise description of what you expected to happen.
Config files If applicable, add config files to help explain your problem.
Environment
epicli version: [2.0.2]
Additional context Add any other context about the problem here.
DoD checklist