WAS SSO configuration not idempontent
marde16 opened this issue · comments
As an admin I ran the following playbooks to implement a staging envrionment with a already exsiting LDAP server.
ansible-playbook -i environments/examples/cnx8/db2/inventory_examples/cnx8/db2.ini playbooks/third_party/setup-database.yml
ansible-playbook -i environments/examples/cnx8/db2/inventory_examples/cnx8/db2.ini playbooks/third_party/setup-nfs.yml
ansible-playbook -i environments/examples/cnx8/db2/inventory_examples/cnx8/db2.ini playbooks/hcl/setup-connections-wizards.yml
ansible-playbook -i environments/examples/cnx8/db2/inventory_examples/cnx8/db2.ini playbooks/third_party/setup-tdi.yml
ansible-playbook -i environments/examples/cnx8/db2/inventory_examples/cnx8/db2.ini playbooks/third_party/setup-webspherend.yml
ansible-playbook -i environments/examples/cnx8/db2/inventory_examples/cnx8/db2.ini playbooks/hcl/setup-connections-only.yml
ansible-playbook -i environments/examples/cnx8/db2/inventory_examples/cnx8/db2.ini playbooks/hcl/connections-post-install.yml
After the playbooks are finished and the Connections environment was tested successfully, I ran the playbook for the docs deploymenent, which failed with the following error because about a broken restart of the IHS server.
TASK [was-dmgr-config-add-cert-truststore : Add connections.mydomain.com certificate to cell scope truststore] ***************************************************************
FAILED - RETRYING: Add connections.mydomain.com certificate to cell scope truststore (5 retries left).
FAILED - RETRYING: Add connections.mydomain.com certificate to cell scope truststore (4 retries left).
FAILED - RETRYING: Add connections.mydomain.com certificate to cell scope truststore (3 retries left).
FAILED - RETRYING: Add connections.mydomain.com certificate to cell scope truststore (2 retries left).
FAILED - RETRYING: Add connections.mydomain.com certificate to cell scope truststore (1 retries left).
fatal: [dmgr.mydomain.com -> dmgr.mydomain.com]: FAILED! => {"attempts": 5, "changed": false, "cmd": ["/opt/IBM/WebSphere/AppServer/profiles/Dmgr01/bin/wsadmin.sh", "-lang", "jython", "-port", "8879", "-username", "wasadmin", "-password", "password", "-f", "/opt/IBM/WebSphere/AppServer/profiles/Dmgr01/bin/add_trust_signer_cert.py"], ....... "WASX7017E: Exception received while running file "/opt/IBM/WebSphere/AppServer/profiles/Dmgr01/bin/add_trust_signer_cert.py"; exception information: com.ibm.websphere.management.cmdframework.CommandException", "java.net.ConnectException: java.net.ConnectException: Connection refused (Connection refused)"]}
On this step the docs playbook failed:
connections-automation/roles/hcl/docs/tasks/main.yml
Lines 65 to 71 in 84b57ec
In my opinion there is a missing step e.g. check_env and set the necessary variable __sso_config_enable
(or sso.config.success file) before starting the config_sso.yml
.
... because in my situation the sso config should have been skipped.
It's error-prone when a admin have to rethink all settings before starting the playbook.
BTW: I had another failed run with the docs playbooks (some steps before), because I forgot to disable the setup_connections_wizards
variable, because db2 scripts were missing (about skipped wizard download / extraction).