From d669cb491cf1b2e8748071afbdcac95c1a43bac5 Mon Sep 17 00:00:00 2001 From: "Patrick T. Rutledge III" Date: Mon, 27 Apr 2026 15:19:25 -0500 Subject: [PATCH] Handle CSR approval race condition with machine-approver MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The uri PUT to approve a CSR can fail with 409/422 if another controller (e.g. machine-approver) touches the CSR between the time we list it and when we try to approve it. This killed the entire playbook for LB2863 — one CSR raced, the task failed, and the playbook aborted. Add failed_when to only fail on server errors (5xx), not on conflicts or already-approved responses which are harmless. --- .../host_ocp4_assisted_scale/tasks/approve_csr_nodes.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ansible/roles/host_ocp4_assisted_scale/tasks/approve_csr_nodes.yaml b/ansible/roles/host_ocp4_assisted_scale/tasks/approve_csr_nodes.yaml index 24e9488..76f7a0e 100644 --- a/ansible/roles/host_ocp4_assisted_scale/tasks/approve_csr_nodes.yaml +++ b/ansible/roles/host_ocp4_assisted_scale/tasks/approve_csr_nodes.yaml @@ -44,6 +44,9 @@ ] } } + status_code: [200, 201] + register: _r_approve_csr + failed_when: _r_approve_csr.status >= 500 loop: "{{ pending_csrs }}" - name: Get worker-only nodes (exclude control-plane/master)