mas gitops-efs fails to install and configure EFS CSI Driver on ROSA HCP #1920
Description
MAS CLI version
16.0.0
CLI function used
other
What happened?
Running mas gitops-efs on a ROSA HCP cluster fails during the EFS setup phase when the Ansible role attempts to add an ingress rule to the security group.
[ibmmas/cli:16.0.0]mascli$ echo $AWS_DEFAULT_REGION
eu-south-1
[ibmmas/cli:16.0.0]mascli$ echo $AWS_REGION
eu-south-1
[ibmmas/cli:16.0.0]mascli$
[ibmmas/cli:16.0.0]mascli$ mas gitops-efs --cloud-provider "aws" --aws-region "${AWS_REGION}"
...
ASK [ibm.mas_devops.ocp_efs : efs-setup : Add New Rule for Security Group]
*********************************************************************************************************************************************************************************
fatal: [localhost]: FAILED! => {"changed": true, "cmd": "aws ec2 authorize-security-group-ingress --group-id --source-group --protocol tcp --port 2049", "delta": "0:00:00.706745", "end": "2025-11-24 10:00:45.378426", "failed_when_result": true, "msg": "non-zero return code", "rc": 252, "start": "2025-11-24 10:00:44.671681", "stderr": "\naws: [ERROR]: argument --group-id: expected one argument\n\nusage: aws [options] <command> <subcommand> [<subcommand> ...] [parameters]\nTo see help text, you can run:\n\n aws help\n aws <command> help\n aws <command> <subcommand> help", "stderr_lines": ["", "aws: [ERROR]: argument --group-id: expected one argument", "", "usage: aws [options] <command> <subcommand> [<subcommand> ...] [parameters]", "To see help text, you can run:", "", " aws help", " aws <command> help", " aws <command> <subcommand> help"], "stdout": "", "stdout_lines": []}From the logs:
-
AWS region and credentials are correctly configured:
echo $AWS_REGION eu-south-1 aws configure set region eu-south-1 aws ec2 describe-vpcs # returns multiple VPCs
aws ec2 describe-vpcs correctly returns a list of VPCs, including the ROSA network stack VPC:
{ "Vpcs": [ { "VpcId": "vpc-0324f1f83795e4a01", "Tags": [ { "Key": "service", "Value": "ROSA" }, { "Key": "Name", "Value": "rosa-network-stack-<aws-account-id>" }, ... ], "CidrBlock": "10.0.0.0/16", ... }, ... ] } -
The MAS Ansible role ibm.mas_devops.ocp_efs tries to determine the cluster VPC ID, but the fact vpcid ends up empty:
TASK [ibm.mas_devops.ocp_efs : efs-setup : Query to Filter the Cluster VPC Id from the list of VPCs] ok: [localhost] => {"ansible_facts": {"vpcid": []}, "changed": false} TASK [ibm.mas_devops.ocp_efs : efs-setup : Debug VPC Id] ok: [localhost] => { "msg": "VPC Id is........................................[]" }
-
Because vpcid is empty, subsequent commands that rely on it also fail to resolve a security group:
TASK [ibm.mas_devops.ocp_efs : efs-setup : Get Security Group of the EC2 Instance] changed: [localhost] => { "cmd": " aws ec2 describe-security-groups --filters Name=vpc-id,Values=[] Name=tag:Name,Values='*node*' --query \"SecurityGroups[*].{ID:GroupId}[0]\" ", "stdout": "null" } TASK [ibm.mas_devops.ocp_efs : efs-setup : Get Security Group Id from Output] ok: [localhost] => {"ansible_facts": {"security_group_id": ""}, "changed": false} TASK [ibm.mas_devops.ocp_efs : efs-setup : 2nd Attempt : Get Security Group of the EC2 Instance] changed: [localhost] => { "cmd": "aws ec2 describe-security-groups --filters Name=vpc-id,Values=[] Name=tag:api.openshift.com/id,Values='*' --query \"SecurityGroups[*].{ID:GroupId}[0]\"", "stdout": "null" } TASK [ibm.mas_devops.ocp_efs : efs-setup : 2nd Attempt: Get Security Group Id from Output] ok: [localhost] => {"ansible_facts": {"security_group_id": ""}, "changed": false} TASK [ibm.mas_devops.ocp_efs : efs-setup : Debug Security Group Id] ok: [localhost] => { "msg": "Security Group Id is.............................." }
-
Finally, the role attempts to add an ingress rule using an empty security_group_id, which causes the AWS CLI to fail:
TASK [ibm.mas_devops.ocp_efs : efs-setup : Add New Rule for Security Group] fatal: [localhost]: FAILED! => { "cmd": "aws ec2 authorize-security-group-ingress --group-id --source-group --protocol tcp --port 2049", "rc": 252, "stderr": "\naws: [ERROR]: argument --group-id: expected one argument\n..." }
So the root cause appears to be:
- The Ansible task that derives the cluster VPC ID (vpcid) from the list of VPCs does not recognize the VPC where the ROSA HCP cluster is actually running (likely due to tag filters or assumptions that do not apply to ROSA HCP in eu-south-1).
- As a consequence, vpcid is
[], all subsequent describe-security-groups calls useName=vpc-id,Values=[], and the security group ID remains empty. aws ec2 authorize-security-group-ingressis then invoked with--group-idand--source-groupempty, which leads to the failure shown above.
Expected behavior:
ibm.mas_devops.ocp_efsshould correctly identify the cluster VPC ID in a ROSA HCP environment (e.g. by: using ROSA tags likerosa_cluster_idor other ROSA-specific tags, or by allowing the VPC ID to be passed explicitly as a parameter / environment variable when auto‑detection fails).- If vpcid cannot be determined, the role should:
- Rail early with a clear, actionable error (e.g. "Could not detect cluster VPC ID; please provide it via parameter X"), and
- Avoid executing aws ec2 authorize-security-group-ingress with empty --group-id.
Relevant log output
[ibmmas/cli:16.0.0]mascli$ echo $AWS_DEFAULT_REGION
eu-south-1
[ibmmas/cli:16.0.0]mascli$ echo $AWS_REGION
eu-south-1
[ibmmas/cli:16.0.0]mascli$
[ibmmas/cli:16.0.0]mascli$ mas gitops-efs --cloud-provider "aws" --aws-region "${AWS_REGION}"
IBM Maximo Application Suite GitOps Manager (v16.0.0)
Powered by https://github.com/ibm-mas/gitops/
1) Review Settings
2) Target
Cloud Provider .......................... aws
Cluster ID .............................. masdemo1
Instance ID ............................. inst1
AWS Region .............................. eu-south-1
AWS Access Key ....................... .. REDACTED<snip>
AWS Secret Key........................... REDACTED<snip>
Logging into AWS SecretsManager ...
NAME : VALUE : TYPE : LOCATION
profile : <not set> : None : None
access_key : ******************** : env :
secret_key : ******************** : env :
region : eu-south-1 : env : ['AWS_REGION', 'AWS_DEFAULT_REGION']
Using /opt/app-root/src/ansible.cfg as config file
[WARNING]: No inventory was parsed, only implicit localhost is available
[WARNING]: provided hosts list is empty, only localhost is available. Note that the implicit localhost does not match 'all'
running playbook inside collection ibm.mas_devops
[WARNING]: Collection kubernetes.core does not support Ansible version 2.15.13
PLAY [localhost]
********************************************************************************************************************************************************************************************************************************************
TASK [Gathering Facts]
**************************************************************************************************************************************************************************************************************************************
ok: [localhost]
TASK [ibm.mas_devops.ansible_version_check : Verify minimum Ansible version is 2.10.3]
**********************************************************************************************************************************************************************
ok: [localhost] => {
"changed": false,
"msg": "All assertions passed"
}
TASK [ibm.mas_devops.ocp_efs : include_tasks]
***************************************************************************************************************************************************************************************************************
included: /opt/app-root/lib64/python3.9/site-packages/ansible_collections/ibm/mas_devops/roles/ocp_efs/tasks/efs-setup.yml for localhost
TASK [ibm.mas_devops.ocp_efs : efs-setup : Login]
***********************************************************************************************************************************************************************************************************
changed: [localhost] => {"changed": true, "cmd": "aws configure set aws_access_key_id REDACTED;\naws configure set aws_secret_access_key REDACTED;\naws configure set output json;\naws configure set region eu-south-1\n", "delta": "0:00:02.258538", "end": "2025-11-24 10:00:39.733948", "msg": "", "rc": 0, "start": "2025-11-24 10:00:37.475410", "stderr": "", "stderr_lines": [], "stdout": "", "stdout_lines": []}
TASK [ibm.mas_devops.ocp_efs : efs-setup : Get List of VPC Ids]
*********************************************************************************************************************************************************************************************
changed: [localhost] => {"changed": true, "cmd": "aws ec2 describe-vpcs", "delta": "0:00:00.954447", "end": "2025-11-24 10:00:40.880734", "msg": "", "rc": 0, "start": "2025-11-24 10:00:39.926287", "stderr": "", "stderr_lines": [], "stdout": "{\n \"Vpcs\": [\n {\n \"OwnerId\": \"<aws-account-id>\",\n \"InstanceTenancy\": \"default\",\n \"CidrBlockAssociationSet\": [\n {\n \"AssociationId\": \"vpc-cidr-assoc-0d7ea12adf57784d1\",\n \"CidrBlock\": \"10.0.0.0/16\",\n \"CidrBlockState\": {\n \"State\": \"associated\"\n }\n },\n {\n \"AssociationId\": \"vpc-cidr-assoc-08f684bd7af53e859\",\n \"CidrBlock\": \"10.1.0.0/23\",\n \"CidrBlockState\": {\n \"State\": \"associated\"\n }\n }\n ],\n \"IsDefault\": false,\n \"Tags\": [\n {\n \"Key\": \"rosa_hcp_policies\",\n \"Value\": \"true\"\n },\n {\n \"Key\": \"rosa_managed_policies\",\n \"Value\": \"true\"\n },\n {\n \"Key\": \"Cost\",\n \"Value\": \"Cost Center\"\n },\n {\n \"Key\": \"service\",\n \"Value\": \"ROSA\"\n },\n {\n \"Key\": \"Name\",\n \"Value\": \"rosa-network-stack-<aws-account-id>\"\n },\n {\n \"Key\": \"aws:cloudformation:stack-name\",\n \"Value\": \"rosa-network-stack-<aws-account-id>\"\n },\n {\n \"Key\": \"aws:cloudformation:stack-id\",\n \"Value\": \"arn:aws:cloudformation:eu-south-1:<aws-account-id>:stack/rosa-network-stack-<aws-account-id>/6e18871e-7122-40e4-96cf-69652d3dc552\"\n },\n {\n \"Key\": \"aws:cloudformation:logical-id\",\n \"Value\": \"VPC\"\n }\n ],\n \"BlockPublicAccessStates\": {\n \"InternetGatewayBlockMode\": \"off\"\n },\n \"VpcId\": \"vpc-0324f1f83795e4a01\",\n \"State\": \"available\",\n \"CidrBlock\": \"10.0.0.0/16\",\n \"DhcpOptionsId\": \"dopt-06993c19903741d31\"\n },\n {\n \"OwnerId\": \"<aws-account-id>\",\n \"InstanceTenancy\": \"default\",\n \"CidrBlockAssociationSet\": [\n {\n \"AssociationId\": \"vpc-cidr-assoc-0fa25ed8d6e3f7bd1\",\n \"CidrBlock\": \"172.31.0.0/16\",\n \"CidrBlockState\": {\n \"State\": \"associated\"\n }\n }\n ],\n \"IsDefault\": true,\n \"BlockPublicAccessStates\": {\n \"InternetGatewayBlockMode\": \"off\"\n },\n \"VpcId\": \"vpc-033add6e77a34adb0\",\n \"State\": \"available\",\n \"CidrBlock\": \"172.31.0.0/16\",\n \"DhcpOptionsId\": \"dopt-06993c19903741d31\"\n },\n {\n \"OwnerId\": \"<aws-account-id>\",\n \"InstanceTenancy\": \"default\",\n \"CidrBlockAssociationSet\": [\n {\n \"AssociationId\": \"vpc-cidr-assoc-0c989daf6b535e04e\",\n \"CidrBlock\": \"10.0.0.0/16\",\n \"CidrBlockState\": {\n \"State\": \"associated\"\n }\n }\n ],\n \"IsDefault\": false,\n \"Tags\": [\n {\n \"Key\": \"Cost\",\n \"Value\": \"Cost Center\"\n },\n {\n \"Key\": \"Name\",\n \"Value\": \"dummy-poc-vpc\"\n }\n ],\n \"BlockPublicAccessStates\": {\n \"InternetGatewayBlockMode\": \"off\"\n },\n \"VpcId\": \"vpc-0ba9c0a9928b29508\",\n \"State\": \"available\",\n \"CidrBlock\": \"10.0.0.0/16\",\n \"DhcpOptionsId\": \"dopt-06993c19903741d31\"\n },\n {\n \"OwnerId\": \"<aws-account-id>\",\n \"InstanceTenancy\": \"default\",\n \"CidrBlockAssociationSet\": [\n {\n \"AssociationId\": \"vpc-cidr-assoc-0058a64b72a23ceb6\",\n \"CidrBlock\": \"172.16.0.0/16\",\n \"CidrBlockState\": {\n \"State\": \"associated\"\n }\n }\n ],\n \"IsDefault\": false,\n \"Tags\": [\n {\n \"Key\": \"Management_Platform\",\n \"Value\": \"Apache\"\n },\n {\n \"Key\": \"Owner\",\n \"Value\": \"User 5\"\n },\n {\n \"Key\": \"Cost\",\n \"Value\": \"Cost Center\"\n },\n {\n \"Key\": \"Management_Tool\",\n \"Value\": \"Terraform\"\n },\n {\n \"Key\": \"Name\",\n \"Value\": \"terraform-morpheus-test-vpc\"\n },\n {\n \"Key\": \"Group\",\n \"Value\": \"My Company\"\n }\n ],\n \"BlockPublicAccessStates\": {\n \"InternetGatewayBlockMode\": \"off\"\n },\n \"VpcId\": \"vpc-0be76587f048aba0d\",\n \"State\": \"available\",\n \"CidrBlock\": \"172.16.0.0/16\",\n \"DhcpOptionsId\": \"dopt-06993c19903741d31\"\n }\n ]\n}", "stdout_lines": ["{", " \"Vpcs\": [", " {", " \"OwnerId\": \"<aws-account-id>\",", " \"InstanceTenancy\": \"default\",", " \"CidrBlockAssociationSet\": [", " {", " \"AssociationId\": \"vpc-cidr-assoc-0d7ea12adf57784d1\",", " \"CidrBlock\": \"10.0.0.0/16\",", " \"CidrBlockState\": {", " \"State\": \"associated\"", " }", " },", " {", " \"AssociationId\": \"vpc-cidr-assoc-08f684bd7af53e859\",", " \"CidrBlock\": \"10.1.0.0/23\",", " \"CidrBlockState\": {", " \"State\": \"associated\"", " }", " }", " ],", " \"IsDefault\": false,", " \"Tags\": [", " {", " \"Key\": \"rosa_hcp_policies\",", " \"Value\": \"true\"", " },", " {", " \"Key\": \"rosa_managed_policies\",", " \"Value\": \"true\"", " },", " {", " \"Key\": \"Cost\",", " \"Value\": \"Cost Center\"", " },", " {", " \"Key\": \"service\",", " \"Value\": \"ROSA\"", " },", " {", " \"Key\": \"Name\",", " \"Value\": \"rosa-network-stack-<aws-account-id>\"", " },", " {", " \"Key\": \"aws:cloudformation:stack-name\",", " \"Value\": \"rosa-network-stack-<aws-account-id>\"", " },", " {", " \"Key\": \"aws:cloudformation:stack-id\",", " \"Value\": \"arn:aws:cloudformation:eu-south-1:<aws-account-id>:stack/rosa-network-stack-<aws-account-id>/6e18871e-7122-40e4-96cf-69652d3dc552\"", " },", " {", " \"Key\": \"aws:cloudformation:logical-id\",", " \"Value\": \"VPC\"", " }", " ],", " \"BlockPublicAccessStates\": {", " \"InternetGatewayBlockMode\": \"off\"", " },", " \"VpcId\": \"vpc-0324f1f83795e4a01\",", " \"State\": \"available\",", " \"CidrBlock\": \"10.0.0.0/16\",", " \"DhcpOptionsId\": \"dopt-06993c19903741d31\"", " },", " {", " \"OwnerId\": \"<aws-account-id>\",", " \"InstanceTenancy\": \"default\",", " \"CidrBlockAssociationSet\": [", " {", " \"AssociationId\": \"vpc-cidr-assoc-0fa25ed8d6e3f7bd1\",", " \"CidrBlock\": \"172.31.0.0/16\",", " \"CidrBlockState\": {", " \"State\": \"associated\"", " }", " }", " ],", " \"IsDefault\": true,", " \"BlockPublicAccessStates\": {", " \"InternetGatewayBlockMode\": \"off\"", " },", " \"VpcId\": \"vpc-033add6e77a34adb0\",", " \"State\": \"available\",", " \"CidrBlock\": \"172.31.0.0/16\",", " \"DhcpOptionsId\": \"dopt-06993c19903741d31\"", " },", " {", " \"OwnerId\": \"<aws-account-id>\",", " \"InstanceTenancy\": \"default\",", " \"CidrBlockAssociationSet\": [", " {", " \"AssociationId\": \"vpc-cidr-assoc-0c989daf6b535e04e\",", " \"CidrBlock\": \"10.0.0.0/16\",", " \"CidrBlockState\": {", " \"State\": \"associated\"", " }", " }", " ],", " \"IsDefault\": false,", " \"Tags\": [", " {", " \"Key\": \"Cost\",", " \"Value\": \"Cost Center\"", " },", " {", " \"Key\": \"Name\",", " \"Value\": \"dummy-poc-vpc\"", " }", " ],", " \"BlockPublicAccessStates\": {", " \"InternetGatewayBlockMode\": \"off\"", " },", " \"VpcId\": \"vpc-0ba9c0a9928b29508\",", " \"State\": \"available\",", " \"CidrBlock\": \"10.0.0.0/16\",", " \"DhcpOptionsId\": \"dopt-06993c19903741d31\"", " },", " {", " \"OwnerId\": \"<aws-account-id>\",", " \"InstanceTenancy\": \"default\",", " \"CidrBlockAssociationSet\": [", " {", " \"AssociationId\": \"vpc-cidr-assoc-0058a64b72a23ceb6\",", " \"CidrBlock\": \"172.16.0.0/16\",", " \"CidrBlockState\": {", " \"State\": \"associated\"", " }", " }", " ],", " \"IsDefault\": false,", " \"Tags\": [", " {", " \"Key\": \"Management_Platform\",", " \"Value\": \"Apache\"", " },", " {", " \"Key\": \"Owner\",", " \"Value\": \"User 5\"", " },", " {", " \"Key\": \"Cost\",", " \"Value\": \"Cost Center\"", " },", " {", " \"Key\": \"Management_Tool\",", " \"Value\": \"Terraform\"", " },", " {", " \"Key\": \"Name\",", " \"Value\": \"terraform-test-vpc\"", " },", " {", " \"Key\": \"Group\",", " \"Value\": \"My Company\"", " }", " ],", " \"BlockPublicAccessStates\": {", " \"InternetGatewayBlockMode\": \"off\"", " },", " \"VpcId\": \"vpc-0be76587f048aba0d\",", " \"State\": \"available\",", " \"CidrBlock\": \"172.16.0.0/16\",", " \"DhcpOptionsId\": \"dopt-06993c19903741d31\"", " }", " ]", "}"]}
TASK [ibm.mas_devops.ocp_efs : efs-setup : Query to Filter the Cluster VPC Id from the list of VPCs]
********************************************************************************************************************************************************
[WARNING]: Collection community.general does not support Ansible version 2.15.13
ok: [localhost] => {"ansible_facts": {"vpcid": []}, "changed": false}
TASK [ibm.mas_devops.ocp_efs : efs-setup : Debug VPC Id]
****************************************************************************************************************************************************************************************************
ok: [localhost] => {
"msg": "VPC Id is........................................[]"
}
TASK [ibm.mas_devops.ocp_efs : Look up cluster ocp version]
*************************************************************************************************************************************************************************************************
ok: [localhost] => {"api_found": true, "changed": false, "resources": [{"apiVersion": "config.openshift.io/v1", "kind": "ClusterVersion", "metadata": {"annotations": {"kubectl.kubernetes.io/last-applied-configuration": "{\"apiVersion\":\"config.openshift.io/v1\",\"kind\":\"ClusterVersion\",\"metadata\":{\"annotations\":{},\"creationTimestamp\":null,\"name\":\"version\"},\"spec\":{\"clusterID\":\"b35bbfd9-032f-4c6e-aba8-edb434a41428\",\"signatureStores\":null},\"status\":{\"availableUpdates\":null,\"capabilities\":{},\"desired\":{\"image\":\"\",\"version\":\"\"},\"observedGeneration\":0,\"versionHash\":\"\"}}\n"}, "creationTimestamp": "2025-10-06T10:39:16Z", "generation": 2, "labels": {"hypershift.openshift.io/managed": "true"}, "managedFields": [{"apiVersion": "config.openshift.io/v1", "fieldsType": "FieldsV1", "fieldsV1": {"f:metadata": {"f:annotations": {".": {}, "f:kubectl.kubernetes.io/last-applied-configuration": {}}}, "f:spec": {".": {}, "f:clusterID": {}}}, "manager": "kubectl-client-side-apply", "operation": "Update", "time": "2025-10-06T10:39:16Z"}, {"apiVersion": "config.openshift.io/v1", "fieldsType": "FieldsV1", "fieldsV1": {"f:metadata": {"f:labels": {".": {}, "f:hypershift.openshift.io/managed": {}}}, "f:spec": {"f:channel": {}}}, "manager": "hosted-cluster-config-operator-manager", "operation": "Update", "time": "2025-10-06T10:39:36Z"}, {"apiVersion": "config.openshift.io/v1", "fieldsType": "FieldsV1", "fieldsV1": {"f:status": {".": {}, "f:availableUpdates": {}, "f:capabilities": {".": {}, "f:enabledCapabilities": {}, "f:knownCapabilities": {}}, "f:conditions": {".": {}, "k:{\"type\":\"Available\"}": {".": {}, "f:lastTransitionTime": {}, "f:message": {}, "f:status": {}, "f:type": {}}, "k:{\"type\":\"Failing\"}": {".": {}, "f:lastTransitionTime": {}, "f:status": {}, "f:type": {}}, "k:{\"type\":\"ImplicitlyEnabledCapabilities\"}": {".": {}, "f:lastTransitionTime": {}, "f:message": {}, "f:reason": {}, "f:status": {}, "f:type": {}}, "k:{\"type\":\"Progressing\"}": {".": {}, "f:lastTransitionTime": {}, "f:message": {}, "f:status": {}, "f:type": {}}, "k:{\"type\":\"ReleaseAccepted\"}": {".": {}, "f:lastTransitionTime": {}, "f:message": {}, "f:reason": {}, "f:status": {}, "f:type": {}}, "k:{\"type\":\"RetrievedUpdates\"}": {".": {}, "f:lastTransitionTime": {}, "f:status": {}, "f:type": {}}, "k:{\"type\":\"Upgradeable\"}": {".": {}, "f:lastTransitionTime": {}, "f:message": {}, "f:reason": {}, "f:status": {}, "f:type": {}}}, "f:desired": {".": {}, "f:channels": {".": {}, "v:\"candidate-4.18\"": {}, "v:\"candidate-4.19\"": {}, "v:\"candidate-4.20\"": {}, "v:\"eus-4.18\"": {}, "v:\"fast-4.18\"": {}, "v:\"fast-4.19\"": {}, "v:\"stable-4.18\"": {}, "v:\"stable-4.19\"": {}}, "f:image": {}, "f:url": {}, "f:version": {}}, "f:history": {}, "f:observedGeneration": {}, "f:versionHash": {}}}, "manager": "cluster-version-operator", "operation": "Update", "subresource": "status", "time": "2025-11-21T11:16:38Z"}], "name": "version", "resourceVersion": "21467949", "uid": "3d163da2-771f-40c3-8414-fd84da045832"}, "spec": {"channel": "stable-4.18", "clusterID": "b35bbfd9-032f-4c6e-aba8-edb434a41428"}, "status": {"availableUpdates": null, "capabilities": {"enabledCapabilities": ["Build", "CSISnapshot", "CloudControllerManager", "CloudCredential", "Console", "DeploymentConfig", "ImageRegistry", "Ingress", "Insights", "MachineAPI", "NodeTuning", "OperatorLifecycleManager", "OperatorLifecycleManagerV1", "Storage", "baremetal", "marketplace", "openshift-samples"], "knownCapabilities": ["Build", "CSISnapshot", "CloudControllerManager", "CloudCredential", "Console", "DeploymentConfig", "ImageRegistry", "Ingress", "Insights", "MachineAPI", "NodeTuning", "OperatorLifecycleManager", "OperatorLifecycleManagerV1", "Storage", "baremetal", "marketplace", "openshift-samples"]}, "conditions": [{"lastTransitionTime": "2025-10-20T21:46:30Z", "status": "True", "type": "RetrievedUpdates"}, {"lastTransitionTime": "2025-10-06T10:39:20Z", "message": "Capabilities match configured spec", "reason": "AsExpected", "status": "False", "type": "ImplicitlyEnabledCapabilities"}, {"lastTransitionTime": "2025-10-06T10:39:20Z", "message": "Payload loaded version=\"4.18.28\" image=\"quay.io/openshift-release-dev/ocp-release@sha256:876d292e2e54e4cee4b03de0867fc92a73b9fba09f133645ca9f63766032f82f\" architecture=\"Multi\"", "reason": "PayloadLoaded", "status": "True", "type": "ReleaseAccepted"}, {"lastTransitionTime": "2025-10-06T10:48:05Z", "message": "Done applying 4.18.28", "status": "True", "type": "Available"}, {"lastTransitionTime": "2025-11-21T11:05:31Z", "status": "False", "type": "Failing"}, {"lastTransitionTime": "2025-11-21T11:16:38Z", "message": "Cluster version is 4.18.28", "status": "False", "type": "Progressing"}, {"lastTransitionTime": "2025-10-06T10:39:35Z", "message": "Kubernetes 1.32 and therefore OpenShift 4.19 remove several APIs which require admin consideration. Please see the knowledge article https://access.redhat.com/articles/7112216 for details and instructions.", "reason": "AdminAckRequired", "status": "False", "type": "Upgradeable"}], "desired": {"channels": ["candidate-4.18", "candidate-4.19", "candidate-4.20", "eus-4.18", "fast-4.18", "fast-4.19", "stable-4.18", "stable-4.19"], "image": "quay.io/openshift-release-dev/ocp-release@sha256:876d292e2e54e4cee4b03de0867fc92a73b9fba09f133645ca9f63766032f82f", "url": "https://access.redhat.com/errata/RHBA-2025:19865", "version": "4.18.28"}, "history": [{"completionTime": "2025-11-21T11:16:38Z", "image": "quay.io/openshift-release-dev/ocp-release@sha256:876d292e2e54e4cee4b03de0867fc92a73b9fba09f133645ca9f63766032f82f", "startedTime": "2025-11-21T11:09:38Z", "state": "Completed", "verified": false, "version": "4.18.28"}, {"completionTime": "2025-11-04T08:45:32Z", "image": "quay.io/openshift-release-dev/ocp-release@sha256:60c8a8f9fc46d4a78c768569b1fa3a41282a602e121a358e7b1777f6129be10b", "startedTime": "2025-11-04T08:45:02Z", "state": "Completed", "verified": false, "version": "4.18.26"}, {"completionTime": "2025-11-04T08:45:02Z", "image": "pull.q1w2.quay.rhcloud.com/openshift-release-dev/ocp-release@sha256:60c8a8f9fc46d4a78c768569b1fa3a41282a602e121a358e7b1777f6129be10b", "startedTime": "2025-11-04T08:43:47Z", "state": "Partial", "verified": false, "version": "4.18.26"}, {"completionTime": "2025-10-21T08:41:46Z", "image": "quay.io/openshift-release-dev/ocp-release@sha256:60c8a8f9fc46d4a78c768569b1fa3a41282a602e121a358e7b1777f6129be10b", "startedTime": "2025-10-21T08:33:01Z", "state": "Completed", "verified": false, "version": "4.18.26"}, {"completionTime": "2025-10-20T21:35:19Z", "image": "quay.io/openshift-release-dev/ocp-release@sha256:1df844c177e987ffcb6ef64ce63987fc0efc94745f19a1b6cfa28aabcd8d3089", "startedTime": "2025-10-20T21:34:50Z", "state": "Completed", "verified": false, "version": "4.18.24"}, {"completionTime": "2025-10-20T21:34:50Z", "image": "pull.q1w2.quay.rhcloud.com/openshift-release-dev/ocp-release@sha256:1df844c177e987ffcb6ef64ce63987fc0efc94745f19a1b6cfa28aabcd8d3089", "startedTime": "2025-10-20T21:34:00Z", "state": "Partial", "verified": false, "version": "4.18.24"}, {"completionTime": "2025-10-20T14:11:51Z", "image": "quay.io/openshift-release-dev/ocp-release@sha256:1df844c177e987ffcb6ef64ce63987fc0efc94745f19a1b6cfa28aabcd8d3089", "startedTime": "2025-10-20T14:11:21Z", "state": "Completed", "verified": false, "version": "4.18.24"}, {"completionTime": "2025-10-20T14:11:21Z", "image": "pull.q1w2.quay.rhcloud.com/openshift-release-dev/ocp-release@sha256:1df844c177e987ffcb6ef64ce63987fc0efc94745f19a1b6cfa28aabcd8d3089", "startedTime": "2025-10-20T14:10:39Z", "state": "Partial", "verified": false, "version": "4.18.24"}, {"completionTime": "2025-10-20T10:32:13Z", "image": "quay.io/openshift-release-dev/ocp-release@sha256:1df844c177e987ffcb6ef64ce63987fc0efc94745f19a1b6cfa28aabcd8d3089", "startedTime": "2025-10-20T10:31:44Z", "state": "Completed", "verified": false, "version": "4.18.24"}, {"completionTime": "2025-10-20T10:31:44Z", "image": "pull.q1w2.quay.rhcloud.com/openshift-release-dev/ocp-release@sha256:1df844c177e987ffcb6ef64ce63987fc0efc94745f19a1b6cfa28aabcd8d3089", "startedTime": "2025-10-20T10:30:44Z", "state": "Partial", "verified": false, "version": "4.18.24"}, {"completionTime": "2025-10-20T06:53:15Z", "image": "quay.io/openshift-release-dev/ocp-release@sha256:1df844c177e987ffcb6ef64ce63987fc0efc94745f19a1b6cfa28aabcd8d3089", "startedTime": "2025-10-20T06:52:45Z", "state": "Completed", "verified": false, "version": "4.18.24"}, {"completionTime": "2025-10-20T06:52:45Z", "image": "pull.q1w2.quay.rhcloud.com/openshift-release-dev/ocp-release@sha256:1df844c177e987ffcb6ef64ce63987fc0efc94745f19a1b6cfa28aabcd8d3089", "startedTime": "2025-10-20T06:52:00Z", "state": "Partial", "verified": false, "version": "4.18.24"}, {"completionTime": "2025-10-15T17:12:05Z", "image": "quay.io/openshift-release-dev/ocp-release@sha256:1df844c177e987ffcb6ef64ce63987fc0efc94745f19a1b6cfa28aabcd8d3089", "startedTime": "2025-10-15T17:11:35Z", "state": "Completed", "verified": false, "version": "4.18.24"}, {"completionTime": "2025-10-15T17:11:35Z", "image": "pull.q1w2.quay.rhcloud.com/openshift-release-dev/ocp-release@sha256:1df844c177e987ffcb6ef64ce63987fc0efc94745f19a1b6cfa28aabcd8d3089", "startedTime": "2025-10-15T17:10:43Z", "state": "Partial", "verified": false, "version": "4.18.24"}, {"completionTime": "2025-10-06T10:48:05Z", "image": "quay.io/openshift-release-dev/ocp-release@sha256:1df844c177e987ffcb6ef64ce63987fc0efc94745f19a1b6cfa28aabcd8d3089", "startedTime": "2025-10-06T10:39:20Z", "state": "Completed", "verified": false, "version": "4.18.24"}], "observedGeneration": 2, "versionHash": "bStkA_aJ7SY="}}]}
TASK [ibm.mas_devops.ocp_efs : Set ocp version number]
******************************************************************************************************************************************************************************************************
ok: [localhost] => {"ansible_facts": {"ocp_version_num": "4.18.28"}, "changed": false}
TASK [ibm.mas_devops.ocp_efs : Debug information]
***********************************************************************************************************************************************************************************************************
ok: [localhost] => {
"msg": "OCP Release Version ................ 4.18.28"
}
TASK [ibm.mas_devops.ocp_efs : efs-setup : Get Security Group of the EC2 Instance]
**************************************************************************************************************************************************************************
changed: [localhost] => {"changed": true, "cmd": " aws ec2 describe-security-groups --filters Name=vpc-id,Values=[] Name=tag:Name,Values='*node*' --query \"SecurityGroups[*].{ID:GroupId}[0]\" \n", "delta": "0:00:00.933462", "end": "2025-11-24 10:00:43.108279", "msg": "", "rc": 0, "start": "2025-11-24 10:00:42.174817", "stderr": "", "stderr_lines": [], "stdout": "null", "stdout_lines": ["null"]}
TASK [ibm.mas_devops.ocp_efs : efs-setup : Get Security Group Id from Output]
*******************************************************************************************************************************************************************************
[WARNING]: Collection community.general does not support Ansible version 2.15.13
ok: [localhost] => {"ansible_facts": {"security_group_id": ""}, "changed": false}
TASK [ibm.mas_devops.ocp_efs : efs-setup : 2nd Attempt : Get Security Group of the EC2 Instance]
************************************************************************************************************************************************************
changed: [localhost] => {"changed": true, "cmd": "aws ec2 describe-security-groups --filters Name=vpc-id,Values=[] Name=tag:api.openshift.com/id,Values='*' --query \"SecurityGroups[*].{ID:GroupId}[0]\"", "delta": "0:00:00.960304", "end": "2025-11-24 10:00:44.362744", "msg": "", "rc": 0, "start": "2025-11-24 10:00:43.402440", "stderr": "", "stderr_lines": [], "stdout": "null", "stdout_lines": ["null"]}
TASK [ibm.mas_devops.ocp_efs : efs-setup : 2nd Attempt: Get Security Group Id from Output]
******************************************************************************************************************************************************************
[WARNING]: Collection community.general does not support Ansible version 2.15.13
ok: [localhost] => {"ansible_facts": {"security_group_id": ""}, "changed": false}
TASK [ibm.mas_devops.ocp_efs : efs-setup : Debug Security Group Id]
*****************************************************************************************************************************************************************************************
ok: [localhost] => {
"msg": "Security Group Id is.............................."
}
TASK [ibm.mas_devops.ocp_efs : efs-setup : Add New Rule for Security Group]
*********************************************************************************************************************************************************************************
fatal: [localhost]: FAILED! => {"changed": true, "cmd": "aws ec2 authorize-security-group-ingress --group-id --source-group --protocol tcp --port 2049", "delta": "0:00:00.706745", "end": "2025-11-24 10:00:45.378426", "failed_when_result": true, "msg": "non-zero return code", "rc": 252, "start": "2025-11-24 10:00:44.671681", "stderr": "\naws: [ERROR]: argument --group-id: expected one argument\n\nusage: aws [options] <command> <subcommand> [<subcommand> ...] [parameters]\nTo see help text, you can run:\n\n aws help\n aws <command> help\n aws <command> <subcommand> help", "stderr_lines": ["", "aws: [ERROR]: argument --group-id: expected one argument", "", "usage: aws [options] <command> <subcommand> [<subcommand> ...] [parameters]", "To see help text, you can run:", "", " aws help", " aws <command> help", " aws <command> <subcommand> help"], "stdout": "", "stdout_lines": []}
NO MORE HOSTS LEFT
******************************************************************************************************************************************************************************************************************************************
PLAY RECAP
**************************************************************************************************************************************************************************************************************************************************
localhost : ok=15 changed=4 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0
[ERROR] Error occurred at /mascli/functions/gitops_efs, line 134, exited with 2
[ibmmas/cli:16.0.0]mascli$ aws --version
aws-cli/2.31.28 Python/3.13.9 Linux/6.6.87.1-microsoft-standard-WSL2 exe/x86_64.rhel.9
[ibmmas/cli:16.0.0]mascli$