Appendix C. Failure When Adding Node(s)

At the time of writing there is a known bug in the OpenShift installation routine that may cause a failure when adding nodes either with the add-cns-storage.py or add-node.py playbooks. The failure occurs during the step “Generate the node client config”. In this case the output of the the installation routine is similar to the following:

failed: [ose-ocp-cns01-node03.sysdeseng.com -> ose-master03.sysdeseng.com] (item=ose-ocp-cns01-node03.sysdeseng.com) => {
    "changed": true,
    "cmd": [
        "oc",
        "adm",
        "create-api-client-config",
        "--certificate-authority=/etc/origin/master/ca.crt",
        "--client-dir=/etc/origin/generated-configs/node-ip-10-20-6-56.us-west-2.compute.internal",
        "--groups=system:nodes",
        "--master=https://internal-openshift-master.sysdeseng.com",
        "--signer-cert=/etc/origin/master/ca.crt",
        "--signer-key=/etc/origin/master/ca.key",
        "--signer-serial=/etc/origin/master/ca.serial.txt",
        "--user=system:node:ip-10-20-6-56.us-west-2.compute.internal"
    ],
    "delta": "0:00:00.158849",
    "end": "2017-04-17 17:27:29.789575",
    "failed": true,
    "item": "ose-ocp-cns01-node03.sysdeseng.com",
    "rc": 1,
    "start": "2017-04-17 17:27:29.630726",
    "warnings": []
}

STDERR:

error: --signer-serial, "/etc/origin/master/ca.serial.txt" must be a valid file
See 'oc adm create-api-client-config -h' for help and examples.

In this case the Ansible deployment routine picks the wrong OpenShift master node to create the client configuration. Only one of the 3 master nodes has the file /etc/origin/master/ca.serial.txt present and in the case above an OpenShift master was used, that doesn’t have this file. If this error occurs, find the master node on which this file exists and copy the file to the all master nodes where this file does not exist in the /etc/origin/master directory. The file should only contain 2 hexadecimal digits therefore creating the file in /etc/origin/master path on the master nodes by copy/pasting the content is sufficient as well. The file needs to be owned by the user and group “root” and carries the permission mask 0644. When done, simply re-run the deployment script again with the same arguments and this error should not reappear. Once the node installation is successful remove the ca.serial.txt from the masters that did not initially have the file.