From jmatthew at redhat.com Sun Oct 1 23:17:31 2017 From: jmatthew at redhat.com (John Matthews) Date: Sun, 1 Oct 2017 19:17:31 -0400 Subject: [Ansible-service-broker] Error running latest origin 3.7 builds with catasb in ec2 environment: error: x509: certificate signed by unknown authority Message-ID: Has anyone else seen the below error when deploying to ec2 with latest origin 3.7 builds? I'm running with the below changes in my_vars.yml origin_image_tag: latest openshift_client_version: latest ./run_setup_environment.sh ... ... TASK [openshift_setup : Login as admin] ******************************************************************************* fatal: [34.233.221.91]: FAILED! => {"changed": true, "cmd": "/usr/bin/oc login -u admin -p admin", "delta": "0:00:00.177283", "end": "2017-10-01 13:56:55.907736", "failed": true, "rc": 1, "start": "2017-10-01 13:56:55.730453", "stderr": "error: x509: certificate signed by unknown authority", "stderr_lines": ["error: x509: certificate signed by unknown authority"], "stdout": "", "stdout_lines": []} If I log into the instance I see same error trying to execute "oc login": [ec2-user at ip-10-0-0-70 ~]$ sudo su - [root at ip-10-0-0-70 ~]# oc login error: x509: certificate signed by unknown authority This error is reproducible, have been seeing it since ~Thursday morning. -------------- next part -------------- An HTML attachment was scrubbed... URL: From cchase at redhat.com Mon Oct 2 12:50:28 2017 From: cchase at redhat.com (Christopher Chase) Date: Mon, 2 Oct 2017 08:50:28 -0400 Subject: [Ansible-service-broker] Error running latest origin 3.7 builds with catasb in ec2 environment: error: x509: certificate signed by unknown authority In-Reply-To: References: Message-ID: I had that error when running a local broker, so it might not be related, but it happens when the correct token ends up second in the list of secrets instead of first. I had a fix for ansible-service-broker, but it wasn't mac compliant and no one else was having the issue. https://github.com/openshift/ansible-service-broker/pull/459/files. Chris On Sun, Oct 1, 2017 at 7:17 PM, John Matthews wrote: > Has anyone else seen the below error when deploying to ec2 with latest > origin 3.7 builds? > > I'm running with the below changes in my_vars.yml > > origin_image_tag: latest > openshift_client_version: latest > > > > ./run_setup_environment.sh > ... > > ... > > TASK [openshift_setup : Login as admin] ****************************** > ************************************************* > fatal: [34.233.221.91]: FAILED! => {"changed": true, "cmd": "/usr/bin/oc > login -u admin -p admin", "delta": "0:00:00.177283", "end": "2017-10-01 > 13:56:55.907736", "failed": true, "rc": 1, "start": "2017-10-01 > 13:56:55.730453", "stderr": "error: x509: certificate signed by unknown > authority", "stderr_lines": ["error: x509: certificate signed by unknown > authority"], "stdout": "", "stdout_lines": []} > > > > If I log into the instance I see same error trying to execute "oc login": > > [ec2-user at ip-10-0-0-70 ~]$ sudo su - > [root at ip-10-0-0-70 ~]# oc login > error: x509: certificate signed by unknown authority > > > This error is reproducible, have been seeing it since ~Thursday morning. > > > > _______________________________________________ > Ansible-service-broker mailing list > Ansible-service-broker at redhat.com > https://www.redhat.com/mailman/listinfo/ansible-service-broker > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From jmatthew at redhat.com Mon Oct 2 18:54:01 2017 From: jmatthew at redhat.com (John Matthews) Date: Mon, 2 Oct 2017 14:54:01 -0400 Subject: [Ansible-service-broker] Error running latest origin 3.7 builds with catasb in ec2 environment: error: x509: certificate signed by unknown authority In-Reply-To: References: Message-ID: Thanks Chris, looks like that is the issue. It's strange I now see this consistently when I provision to ec2 with origin 3.7. I don't see this when I provision origin 3.7 on local linux. Looks like if I do a "oc login SERVERNAME" it will pick the right one. Will experiment some more and see if we need an update to catasb to account for this. On Mon, Oct 2, 2017 at 8:50 AM, Christopher Chase wrote: > I had that error when running a local broker, so it might not be related, > but it happens when the correct token ends up second in the list of secrets > instead of first. I had a fix for ansible-service-broker, but it wasn't > mac compliant and no one else was having the issue. https://github.com/ > openshift/ansible-service-broker/pull/459/files. > > Chris > > On Sun, Oct 1, 2017 at 7:17 PM, John Matthews wrote: > >> Has anyone else seen the below error when deploying to ec2 with latest >> origin 3.7 builds? >> >> I'm running with the below changes in my_vars.yml >> >> origin_image_tag: latest >> openshift_client_version: latest >> >> >> >> ./run_setup_environment.sh >> ... >> >> ... >> >> TASK [openshift_setup : Login as admin] ****************************** >> ************************************************* >> fatal: [34.233.221.91]: FAILED! => {"changed": true, "cmd": "/usr/bin/oc >> login -u admin -p admin", "delta": "0:00:00.177283", "end": "2017-10-01 >> 13:56:55.907736", "failed": true, "rc": 1, "start": "2017-10-01 >> 13:56:55.730453", "stderr": "error: x509: certificate signed by unknown >> authority", "stderr_lines": ["error: x509: certificate signed by unknown >> authority"], "stdout": "", "stdout_lines": []} >> >> >> >> If I log into the instance I see same error trying to execute "oc login": >> >> [ec2-user at ip-10-0-0-70 ~]$ sudo su - >> [root at ip-10-0-0-70 ~]# oc login >> error: x509: certificate signed by unknown authority >> >> >> This error is reproducible, have been seeing it since ~Thursday morning. >> >> >> >> _______________________________________________ >> Ansible-service-broker mailing list >> Ansible-service-broker at redhat.com >> https://www.redhat.com/mailman/listinfo/ansible-service-broker >> >> > -------------- next part -------------- An HTML attachment was scrubbed... URL: From jmatthew at redhat.com Tue Oct 3 11:37:50 2017 From: jmatthew at redhat.com (John Matthews) Date: Tue, 3 Oct 2017 07:37:50 -0400 Subject: [Ansible-service-broker] Error running latest origin 3.7 builds with catasb in ec2 environment: error: x509: certificate signed by unknown authority In-Reply-To: References: Message-ID: Below PR resolves the issue for me: https://github.com/fusor/catasb/pull/150 On Mon, Oct 2, 2017 at 2:54 PM, John Matthews wrote: > Thanks Chris, looks like that is the issue. > > It's strange I now see this consistently when I provision to ec2 with > origin 3.7. > I don't see this when I provision origin 3.7 on local linux. > > Looks like if I do a "oc login SERVERNAME" it will pick the right one. > > Will experiment some more and see if we need an update to catasb to > account for this. > > > > On Mon, Oct 2, 2017 at 8:50 AM, Christopher Chase > wrote: > >> I had that error when running a local broker, so it might not be related, >> but it happens when the correct token ends up second in the list of secrets >> instead of first. I had a fix for ansible-service-broker, but it wasn't >> mac compliant and no one else was having the issue. >> https://github.com/openshift/ansible-service-broker/pull/459/files. >> >> Chris >> >> On Sun, Oct 1, 2017 at 7:17 PM, John Matthews >> wrote: >> >>> Has anyone else seen the below error when deploying to ec2 with latest >>> origin 3.7 builds? >>> >>> I'm running with the below changes in my_vars.yml >>> >>> origin_image_tag: latest >>> openshift_client_version: latest >>> >>> >>> >>> ./run_setup_environment.sh >>> ... >>> >>> ... >>> >>> TASK [openshift_setup : Login as admin] ****************************** >>> ************************************************* >>> fatal: [34.233.221.91]: FAILED! => {"changed": true, "cmd": "/usr/bin/oc >>> login -u admin -p admin", "delta": "0:00:00.177283", "end": "2017-10-01 >>> 13:56:55.907736", "failed": true, "rc": 1, "start": "2017-10-01 >>> 13:56:55.730453", "stderr": "error: x509: certificate signed by unknown >>> authority", "stderr_lines": ["error: x509: certificate signed by unknown >>> authority"], "stdout": "", "stdout_lines": []} >>> >>> >>> >>> If I log into the instance I see same error trying to execute "oc login": >>> >>> [ec2-user at ip-10-0-0-70 ~]$ sudo su - >>> [root at ip-10-0-0-70 ~]# oc login >>> error: x509: certificate signed by unknown authority >>> >>> >>> This error is reproducible, have been seeing it since ~Thursday morning. >>> >>> >>> >>> _______________________________________________ >>> Ansible-service-broker mailing list >>> Ansible-service-broker at redhat.com >>> https://www.redhat.com/mailman/listinfo/ansible-service-broker >>> >>> >> > -------------- next part -------------- An HTML attachment was scrubbed... URL: From ernelson at redhat.com Wed Oct 4 20:44:23 2017 From: ernelson at redhat.com (Erik Nelson) Date: Wed, 4 Oct 2017 16:44:23 -0400 Subject: [Ansible-service-broker] Relist Feature Demo Message-ID: Just uploaded a demo of the relist feature to our youtube channel: https://www.youtube.com/watch?v=CYPwTDz9ybk - Erik From jesusr at redhat.com Wed Oct 4 22:11:37 2017 From: jesusr at redhat.com (jesus m. rodriguez) Date: Wed, 04 Oct 2017 18:11:37 -0400 Subject: [Ansible-service-broker] Relist Feature Demo In-Reply-To: References: Message-ID: <1507155097.20145.3.camel@redhat.com> On Wed, 2017-10-04 at 16:44 -0400, Erik Nelson wrote: > Just uploaded a demo of the relist feature to our youtube channel: > https://www.youtube.com/watch?v=CYPwTDz9ybk > > - Erik > Nicely done. Looks really good. jesus From rhallise at redhat.com Fri Oct 13 00:26:47 2017 From: rhallise at redhat.com (Ryan Hallisey) Date: Thu, 12 Oct 2017 20:26:47 -0400 Subject: [Ansible-service-broker] Move to 3.7 Message-ID: Hey team, As you are probably already aware, the CI is in progress to being moved to 3.7. So things are going to be broken until the transition is complete. In the meantime, ignore any red from travis until further notice. -Ryan From dymurray at redhat.com Mon Oct 30 17:24:45 2017 From: dymurray at redhat.com (Dylan Murray) Date: Mon, 30 Oct 2017 13:24:45 -0400 Subject: [Ansible-service-broker] PSA Regarding Dockerhub Credentials Message-ID: Team, As an FYI there are two open PRs about to be merged which will change the functionality of the broker so that Dockerhub credentials are no longer required if you are using a public repository. The open PRs are here: https://github.com/fusor/catasb/pull/172 https://github.com/openshift/ansible-service-broker/pull/502 By default you can simply leave the new fields blank and it will just work against any public repo (ansibleplaybookbundle). If you wish to use a private repository you need to somehow declare the auth_type/auth_name fields so that the broker knows your credentials. You can either use a `secret -------------- next part -------------- An HTML attachment was scrubbed... URL: From dymurray at redhat.com Mon Oct 30 17:26:16 2017 From: dymurray at redhat.com (Dylan Murray) Date: Mon, 30 Oct 2017 13:26:16 -0400 Subject: [Ansible-service-broker] PSA Regarding Dockerhub Credentials In-Reply-To: References: Message-ID: Sorry... sent too early. Either use a `secret` or a `file` and both ways are outlined in the comments of the PR. If you want a TLDR on what to do after this merges: Update catasb and remove your variable declarations for `dockerhub_user` and `dockerhub_pass` and things will work as expected. Let me know if you have any questions, Dylan On Mon, Oct 30, 2017 at 1:24 PM, Dylan Murray wrote: > Team, > > As an FYI there are two open PRs about to be merged which will change the > functionality of the broker so that Dockerhub credentials are no longer > required if you are using a public repository. The open PRs are here: > https://github.com/fusor/catasb/pull/172 > https://github.com/openshift/ansible-service-broker/pull/502 > > By default you can simply leave the new fields blank and it will just work > against any public repo (ansibleplaybookbundle). If you wish to use a > private repository you need to somehow declare the auth_type/auth_name > fields so that the broker knows your credentials. You can either use a > `secret > -------------- next part -------------- An HTML attachment was scrubbed... URL: From rhallise at redhat.com Mon Oct 30 20:50:31 2017 From: rhallise at redhat.com (Ryan Hallisey) Date: Mon, 30 Oct 2017 16:50:31 -0400 Subject: [Ansible-service-broker] passwordless dockerhub Message-ID: Hey Folks, We merged a patch that allows us to connect to dockerhub without using a username and password. Any open patches against catasb and the broker need to be rebased. Expect there to be some issues getting an environment up while we iron everything out. -Ryan From rhallise at redhat.com Tue Oct 31 14:08:33 2017 From: rhallise at redhat.com (Ryan Hallisey) Date: Tue, 31 Oct 2017 10:08:33 -0400 Subject: [Ansible-service-broker] 3.6 branch Message-ID: Hey folks, There have been a few of issues[1][2] reported in the broker about run_latest_build.sh failing with openshift 3.6. The master branch for about 2 weeks now no longer defaults and in some cases no longer has support for 3.6. I think it's time we consider having a 3.6 branch in the broker that corresponds with the 3.6 release so folks using it won't have issues with it. If folks agree, I'll gladly create the 3.6 branch in the next few days and contribute the patches to default to 3.6. Sincerely, - Ryan [1] - https://github.com/openshift/ansible-service-broker/issues/509 [2] - https://github.com/openshift/ansible-service-broker/issues/518 From jesusr at redhat.com Tue Oct 31 14:27:49 2017 From: jesusr at redhat.com (jesus m. rodriguez) Date: Tue, 31 Oct 2017 10:27:49 -0400 Subject: [Ansible-service-broker] 3.6 branch In-Reply-To: References: Message-ID: <1509460069.20002.2.camel@redhat.com> On Tue, 2017-10-31 at 10:08 -0400, Ryan Hallisey wrote: > Hey folks, > > There have been a few of issues[1][2] reported in the broker about > run_latest_build.sh failing with openshift 3.6. The master branch > for > about 2 weeks now no longer defaults and in some cases no longer has > support for 3.6. I think it's time we consider having a 3.6 branch > in > the broker that corresponds with the 3.6 release so folks using it > won't have issues with it. > > If folks agree, I'll gladly create the 3.6 branch in the next few > days > and contribute the patches to default to 3.6. > > Sincerely, > - Ryan > > [1] - https://github.com/openshift/ansible-service-broker/issues/509 > [2] - https://github.com/openshift/ansible-service-broker/issues/518 > Are we using the ASB version number or the OCP number? The last branch was release-0.9 which corresponded to the ASB version. IIRC that was the one that went out with OCP 3.6. My vote is still with ASB version OR a special branch to support 3.6 versus a release branch. jesus From rhallise at redhat.com Tue Oct 31 14:59:33 2017 From: rhallise at redhat.com (Ryan Hallisey) Date: Tue, 31 Oct 2017 10:59:33 -0400 Subject: [Ansible-service-broker] 3.6 branch In-Reply-To: <1509460069.20002.2.camel@redhat.com> References: <1509460069.20002.2.camel@redhat.com> Message-ID: Jesus, I think we're going with ASB version so it would be related to that number. I forgot about the 0.9 branch thanks for the reminder. If that branch corresponds with 3.6, then I'll communicate on the issues that master primarily targets 3.7 and point them at that branch. -Ryan On Tue, Oct 31, 2017 at 10:27 AM, jesus m. rodriguez wrote: > On Tue, 2017-10-31 at 10:08 -0400, Ryan Hallisey wrote: >> Hey folks, >> >> There have been a few of issues[1][2] reported in the broker about >> run_latest_build.sh failing with openshift 3.6. The master branch >> for >> about 2 weeks now no longer defaults and in some cases no longer has >> support for 3.6. I think it's time we consider having a 3.6 branch >> in >> the broker that corresponds with the 3.6 release so folks using it >> won't have issues with it. >> >> If folks agree, I'll gladly create the 3.6 branch in the next few >> days >> and contribute the patches to default to 3.6. >> >> Sincerely, >> - Ryan >> >> [1] - https://github.com/openshift/ansible-service-broker/issues/509 >> [2] - https://github.com/openshift/ansible-service-broker/issues/518 >> > > Are we using the ASB version number or the OCP number? The last branch > was release-0.9 which corresponded to the ASB version. IIRC that was > the one that went out with OCP 3.6. > > My vote is still with ASB version OR a special branch to support 3.6 > versus a release branch. > > jesus > > _______________________________________________ > Ansible-service-broker mailing list > Ansible-service-broker at redhat.com > https://www.redhat.com/mailman/listinfo/ansible-service-broker