From artem.goncharov at gmail.com Mon Jul 2 08:20:54 2018 From: artem.goncharov at gmail.com (Artem Goncharov) Date: Mon, 2 Jul 2018 10:20:54 +0200 Subject: [Ansible-service-broker] openstack-service-broker Message-ID: Hi everybody, we have started a small POC in openstack to cover openstack services as APB, since it looks very promising. Doing some further analysis of APB I came up to a set of questions, which should be answered before we can really start effective development. A current very high level idea is to provide multiple APBs for each individual resource type (i.e. compute, keypair, database, heat stack, etc.). Provisioning might in this case do "nothing", or simply prepare secrets for connecting to openstack. And then `bind` will take care of real assignation/allocation. - It would have been nice to offer a single `OpenStack APB` with multiple actions, but it seems not to be possible. Right? Advantage here would have been, that once the connection is configured, the user might simply select which type of resource he wants to allocate, instead of each time provisioning new resource, repeating connection information. - Is it possible to consume deployed Secrets or ConfigMaps in the APB parameters? One approach is to create separate APB to store connection configuration (let's say openstack-configuration-apb) and then to give user possibility to select connection for provisioning/binding individual resource. So probably this item consists of 2 questions: - Is it possible to do a "query" to populate APB parameter values (i.e. check if some service is provisioned)? - Is there a security concern (assume there is) of consuming secrets from other APBs? As I mentioned one APB might install openstack connection configuration and store it as a secret, and other APBs are consuming it - What is the state of binding parameters support? Those are not clearly present in the official documentation, but present in some blog posts, hello-world-db-apb and mentioned as experimental feature ( https://github.com/ansibleplaybookbundle/ansible-playbook-bundle/blob/master/docs/getting_started_async_bind.md#bind)? Is it already supported, that I might bind multiple resource instances (i.e. different databases or keypairs) and have possibility to unbind them individually? How should I process `asb_encode_binding` to store bindings individually? - What is the expected timeline for async binding? I guess with lots of openstack resources we will definitely rely on this (creating KeyPair takes seconds, while creating/allocating DB or host might take minutes). - There are 2 approaches found for creating APB: - single APB with multiple roles per action type (documentation and some example APBs) - single APB with single role (some example APBs, i.e. https://github.com/ansibleplaybookbundle/postgresql-apb) I personally find second approach better, since it allows to reuse vars, defaults, publish role, use k8_raw, openshift_raw with "reusable" templates of the direct API instead of wrappers (with unfortunate parameters renaming). This method is however not documented and not used by `apb init`. So what is the "best practice" method? - Also I have found with try-error method, that i.e. StatefulSet apiVersion should be `v1` for use with k8s_raw and not `apps/v1` or `apps/v1beta1` or `apps/v1beta2`, as with ansible-kubernetes-modules. Might be wrong to ask it here, but anyway - any docs available? - postgresql-apb, hello-world-apb and lots of other example APBs are defining special variables (i.e. app_name, pod_lookup, deployment_query). Those are not documented anywhere, but seems to be magically expected by openshift to detect status of the "service" in the openshift. At least using documentation approach of writing APB (without defining those) I was not able to see my "app" provisioned under "provisioned services". Writing sample APB (defining those variables following samples), which simply creates config map and secrets during "provision" phase shows my app in a status "failed", but `apb run` was completed successfully. What is the requirement here? How do I define those, if my "service" provides combination of multiple deployments and StatefulSets? - What is really the recommended purpose of `apb test`? https://github.com/ansibleplaybookbundle/ansible-playbook-bundle/blob/master/docs/getting_started_async_bind.md#test - mentioned it is for the basic sanity checks, but https://github.com/ansibleplaybookbundle/ansible-playbook-bundle/blob/master/docs/proposals/testing_implementation.md does the real verification of a `apb run` with some test values. - What is the recommendation of testing APBs in CI? How can we implement tests of APBs in Openstack Zuul? Do we need a "full blown" openshift/k8, or is there some stubbing/lite version available and recommended? - How do I define default service broker repositiory to be used for bootstrapping APB in openshift? If I install minishift with service catalog it is being pre-populated with docker and local registries. While I can consume APBs (provision APB) I am not able to do a `apb push`, which fails with '504', unless I remove docker registry from configuration. Unfortunately I was not able to find an answer in docs - How does openshift categorize APBs. I see in minishift, that all APBs are landing in the "other" category. Any requirements or future ideas here? I would really appreciate answers to any of those questions. Thanks a lot in advance, Artem -------------- next part -------------- An HTML attachment was scrubbed... URL: From jesusr at redhat.com Tue Jul 3 14:05:22 2018 From: jesusr at redhat.com (jesusr at redhat.com) Date: Tue, 03 Jul 2018 10:05:22 -0400 Subject: [Ansible-service-broker] Automation Broker IRC meeting July 3, 2018 Message-ID: =================================== #asbroker: Automation Broker 7-3-18 =================================== Meeting started by jmrodri at 13:34:32 UTC. The full logs are available at asbroker/2018/asbroker.2018-07-03-13.34.log.html . Meeting summary --------------- * Attendance (jmrodri, 13:34:38) * News (jmrodri, 13:36:37) * Broker @ OpenInfraDays China and LinuxCon China (jmrodri, 13:36:46) * Previous Actions (jmrodri, 13:42:02) * errors no longer displayed (jmrodri, 13:42:39) * LINK: https://github.com/openshift/ansible-service-broker/issues/94 1 (jmrodri, 13:42:42) * Attempt to list APBs in broker returns 503 (jmrodri, 13:43:54) * LINK: https://github.com/openshift/ansible-service-broker/issues/97 4 (jmrodri, 13:43:57) * Doc Link for complicated parameters (jmrodri, 13:44:24) * LINK: https://github.com/openshift/ansible-service-broker/issues/97 3 (jmrodri, 13:44:31) * move away from panic in the lib (jmrodri, 13:45:58) * LINK: https://github.com/automationbroker/bundle-lib/issues/94 (jmrodri, 13:45:59) * ACTION: jmrodri get info for bundle-lib issue 94 (jmrodri, 13:46:29) * shurley and jmrodri to triage bundle-lib issues (jmrodri, 13:46:51) * bundle-lib license: Apache 2 (jmrodri, 13:47:40) * LINK: https://github.com/automationbroker/bundle-lib/blob/master/LICENSE (jmrodri, 13:47:44) * manage shared services (jmrodri, 13:48:15) * LINK: https://github.com/openshift/ansible-service-broker/issues/97 9 (jmrodri, 13:48:18) * allow dependencies on params (jmrodri, 13:49:20) * LINK: https://github.com/automationbroker/bundle-lib/pull/70 (jmrodri, 13:49:22) * bug/issue triage (jmrodri, 13:50:51) * LINK: https://github.com/openshift/ansible-service-broker/issues (jmrodri, 13:51:01) * bundle lib issues (jmrodri, 13:52:00) * LINK: https://github.com/automationbroker/bundle-lib/issues/118 (jmrodri, 13:52:09) * ACTION: jmrodri assign bundle-lib issue 118 to a bundle-lib release and implementer (jmrodri, 13:53:25) * ACTION: shurley https://github.com/automationbroker/bundle-lib/issues/1111 (jmrodr i, 13:54:17) * ACTION: jmrodri https://github.com/automationbroker/bundle-lib/issues/1111 (jmrodr i, 13:54:20) * ACTION: jmrodri close issue 104 (jmrodri, 13:56:07) * ACTION: jmrodri bind and unbind tests for bundle-lib issue 55 (jmrodri, 13:56:41) * Features (jmrodri, 13:58:30) * ansible 2.6 is released and the rpm is available in epel-testing (jmrodri, 14:00:17) * LINK: https://docs.ansible.com/ansible/devel/modules/k8s_module.htm l (jmrodri, 14:00:49) * The namespaced PRs have merged to service catalog (jmrodri, 14:00:34) * open discussion (jmrodri, 14:01:29) Meeting ended at 14:03:35 UTC. Action Items ------------ * jmrodri get info for bundle-lib issue 94 * jmrodri assign bundle-lib issue 118 to a bundle-lib release and implementer * shurley https://github.com/automationbroker/bundle-lib/issues/111 * jmrodri https://github.com/automationbroker/bundle-lib/issues/111 * jmrodri close issue 104 * jmrodri bind and unbind tests for bundle-lib issue 55 Action Items, by person ----------------------- * jmrodri * jmrodri get info for bundle-lib issue 94 * jmrodri assign bundle-lib issue 118 to a bundle-lib release and implementer * jmrodri https://github.com/automationbroker/bundle-lib/issues/111 * jmrodri close issue 104 * jmrodri bind and unbind tests for bundle-lib issue 55 * **UNASSIGNED** * shurley https://github.com/automationbroker/bundle-lib/issues/111 People Present (lines said) --------------------------- * jmrodri (87) * brokerbot (39) * mhrivnak (9) * ernelson (7) * maleck13 (4) * dymurray (2) * dzager (2) * philipgough (1) * rhallisey (1) * fabianvf (1) Generated by `MeetBot`_ 0.1.4 .. _`MeetBot`: http://wiki.debian.org/MeetBot From jmatthew at redhat.com Tue Jul 3 19:06:20 2018 From: jmatthew at redhat.com (John Matthews) Date: Tue, 3 Jul 2018 15:06:20 -0400 Subject: [Ansible-service-broker] openstack-service-broker In-Reply-To: References: Message-ID: Hi Artem, On Mon, Jul 2, 2018 at 4:20 AM, Artem Goncharov wrote: > Hi everybody, > > we have started a small POC in openstack to cover openstack services as > APB, since it looks very promising. Doing some further analysis of APB I > came up to a set of questions, which should be answered before we can > really start effective development. > A current very high level idea is to provide multiple APBs for each > individual resource type (i.e. compute, keypair, database, heat stack, > etc.). Provisioning might in this case do "nothing", or simply prepare > secrets for connecting to openstack. And then `bind` will take care of real > assignation/allocation. > > - It would have been nice to offer a single `OpenStack APB` with multiple > actions, but it seems not to be possible. Right? Advantage here would have > been, that once the connection is configured, the user might simply select > which type of resource he wants to allocate, instead of each time > provisioning new resource, repeating connection information. > Concept does sound good, there may be some gaps with what we can do today with dynamic parameters yet this sounds like an interesting area to dig into more. Jason Montleon (jmontleo at redhat.com) has done related work with publishing service classes in a dynamic manner (allowing introspection of a remote endpoint, then build up service class information based on the remote endpoints offerings). I encourage you to take a look at what Jason has done. Below are 2 of the repos related to Jason's work: https://github.com/jmontleon/openstack-broker https://github.com/jmontleon/openstack-runner > - Is it possible to consume deployed Secrets or ConfigMaps in the APB > parameters? One approach is to create separate APB to store connection > configuration (let's say openstack-configuration-apb) and then to give user > possibility to select connection for provisioning/binding individual > resource. So probably this item consists of 2 questions: > > - Is it possible to do a "query" to populate APB parameter values (i.e. > check if some service is provisioned)? > > - Is there a security concern (assume there is) of consuming secrets from > other APBs? As I mentioned one APB might install openstack connection > configuration and store it as a secret, and other APBs are consuming it > > We need to identify a better solution for dynamic parameters, that is likely the heart of the issue which stops this from working today. When I say dynamic parameters, I mean that APBs today publish static data from the apb.yml file...ideally we'd allow queries to run, for example to find all secrets in a namespace and present them as valid options to an enum. This is an area we've identified for more R&D investigations. What you're asking for is something we want to support and something we have planned for investigating, open to collaborate if you find this interesting as well. > > - What is the state of binding parameters support? Those are not clearly > present in the official documentation, but present in some blog > posts, hello-world-db-apb and mentioned as experimental feature ( > https://github.com/ansibleplaybookbundle/ansible- > playbook-bundle/blob/master/docs/getting_started_async_bind.md#bind)? Is > it already supported, that I might bind multiple resource instances (i.e. > different databases or keypairs) and have possibility to unbind them > individually? How should I process `asb_encode_binding` to store bindings > individually? > > Async bind support is in the broker and implemented yet it is not enabled by default. You need to set launch_apb_on_bind: true in the broker's config, then this will allow individual binding/unbinding. If you run into specific questions on async bind I would reach out to "Jesus Rodriguez" > - What is the expected timeline for async binding? I guess with lots of > openstack resources we will definitely rely on this (creating KeyPair takes > seconds, while creating/allocating DB or host might take minutes). > It's ready to go now for usage. We've been waiting for feedback to enable it by default, up to now we haven't had many use cases for async binding. > > - There are 2 approaches found for creating APB: > > - single APB with multiple roles per action type (documentation and some > example APBs) > > - single APB with single role (some example APBs, i.e. https://github.com/ > ansibleplaybookbundle/postgresql-apb) > > I personally find second approach better, since it allows to reuse vars, > defaults, publish role, use k8_raw, openshift_raw with "reusable" templates > of the direct API instead of wrappers (with unfortunate parameters > renaming). This method is however not documented and not used by `apb > init`. So what is the "best practice" method? > > We are moving to a single APB with a single role, part of this has been influenced with the recent work to integrate with ansible-galaxy. For example: `ansible-galaxy init --type=apb` will be the new recommend way to init an APB Also worth calling out, the work Jason has explored where the intention is to create a custom broker/adapter to populate APB's in the service catalog and then use os_stack/heat templates to create resources in openstack. It's been pretty easy to create a single role/runner container that can handle all services. https://github.com/jmontleon/openstack-runner/blob/master/tasks/main.yml https://github.com/jmontleon/openstack-runner/blob/master/tasks/vm.yml > - Also I have found with try-error method, that i.e. StatefulSet > apiVersion should be `v1` for use with k8s_raw and not `apps/v1` or > `apps/v1beta1` or `apps/v1beta2`, as with ansible-kubernetes-modules. > Might be wrong to ask it here, but anyway - any docs available? > Perhaps this link will help https://docs.ansible.com/ansible/latest/modules/k8s_module.html We are moving away from the ansible-kubernetes-modules and aligning with the `k8s_module` shipping with Ansible 2.6 (released 6/28). The next build of apb-base:latest should have ansible 2.6 based on the new dynamic client. Note: the `k8s_module` will expect apps/v1 > - postgresql-apb, hello-world-apb and lots of other example APBs are > defining special variables (i.e. app_name, pod_lookup, deployment_query). > Those are not documented anywhere, but seems to be magically expected by > openshift to detect status of the "service" in the openshift. At least > using documentation approach of writing APB (without defining those) I was > not able to see my "app" provisioned under "provisioned services". Writing > sample APB (defining those variables following samples), which simply > creates config map and secrets during "provision" phase shows my app in a > status "failed", but `apb run` was completed successfully. What is the > requirement here? How do I define those, if my "service" provides > combination of multiple deployments and StatefulSets? > > I think this might be better handled through a github issue, then we can be sure to address any gaps in docs. Would you mind filing an issue? > - What is really the recommended purpose of `apb test`? > https://github.com/ansibleplaybookbundle/ansible- > playbook-bundle/blob/master/docs/getting_started_async_bind.md#test - > mentioned it is for the basic sanity checks, but https://github.com/ > ansibleplaybookbundle/ansible-playbook-bundle/blob/master/ > docs/proposals/testing_implementation.md does the real verification of a > `apb run` with some test values. > > It?s a way to treat an APB as a black box and perform a basic sanity check, focused more for administrators/integrators to setup CI jobs to ensure APBs they are consuming pass a basic sanity check - What is the recommendation of testing APBs in CI? How can we implement > tests of APBs in Openstack Zuul? Do we need a "full blown" openshift/k8, or > is there some stubbing/lite version available and recommended? > > We use a minimal k8s/openshift version from one of: minikube/minishift/oc cluster up We have CI coverage with travis setup on the example APBs published to https://github.com/ansibleplaybookbundle, Ryan Hallisey is a good point of contact for questions related to CI setup for APBs. - How do I define default service broker repositiory to be used for > bootstrapping APB in openshift? If I install minishift with service catalog > it is being pre-populated with docker and local registries. While I can > consume APBs (provision APB) I am not able to do a `apb push`, which fails > with '504', unless I remove docker registry from configuration. > Unfortunately I was not able to find an answer in docs > > You need to configure docker to use the VM's daemon behind the scenes along with correct certs, etc. I would start off with trying: eval $(minishift docker-env) If you run into issues poke us in IRC (#asbroker on freenode) or follow up with mailing list > - How does openshift categorize APBs. I see in minishift, that all APBs > are landing in the "other" category. Any requirements or future ideas here? > The APB metadata for 'tags' will map to categories in the webui. Note that the web-console only supports a few choices at present for tag values. Here is an example: https://github.com/ansibleplaybookbundle/postgresql-apb/blob/master/apb.yml#L8 > > I would really appreciate answers to any of those questions. > Hope this helps, you can also reach us in IRC if you want to chat on anything in real-time, we are in #asbroker on freenode. Best, John > > Thanks a lot in advance, > > Artem > > _______________________________________________ > Ansible-service-broker mailing list > Ansible-service-broker at redhat.com > https://www.redhat.com/mailman/listinfo/ansible-service-broker > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From jesusr at redhat.com Tue Jul 3 19:57:25 2018 From: jesusr at redhat.com (jesusr at redhat.com) Date: Tue, 03 Jul 2018 15:57:25 -0400 Subject: [Ansible-service-broker] Bootstrap recap Message-ID: <8d551ebd58052fada6f917c570b5e39f3b42f2e8.camel@redhat.com> All, I met with Erik & Alay to discuss the bootstrap. The main issue is deleting ALL specs causes many bugs, primarily in the cases where they are going to be added again. Each of the 3 bugs identified in the proposal was case where we deleted the specs, before we were able to process the specs from the registry. Either, we didn't add the spec yet or there was an error reaching the registry. Both scenarios exhibited the same behavior because our process was to delete ALL specs first. Given the above, we came to the conclusion that the simplest solution to this problem is to simply not delete all of the specs, but to process them inline. Basically back to approach #1 as outlined by: https://github.com/openshift/ansible-service-broker/pull/997#discussion _r198575908 1. Fetch the specs from a registry 2. Fetch the specs from the datastore 3. Delete any specs in the datastore currently marked for deletion, assuming there is no instance that has a reference to this spec which is marked for deletion. i. if there is a reference, leave the spec alone ii. if there is no reference, delete the spec 4. For each spec from the registry, get the spec from the datastore i. if found, update it, and save to datastore ii. if not found, add it to the datastore 5. For each spec in the datastore, NOT in registry list, mark it for deletion. This removes all of the concurrency issues we were trying to "solve" in all of the calls. It's easy to understand. Because we will be doing the handling of the delete (#3 above) in-place this will cause the bootstrap to take longer. We can make the bootstrap endpoint async so that it won't be affected by how long the bootstrap takes to reconcile. The topic of adding a last_operation like endpoint for bootstrap came up, but for now, we are forgoing that portion of the solution. The last_operation is only of interest to clients that interact with the broker directly, for instance, sbcli. We can implement the same polling mechanism that that catalog uses for the standard OSB methods. The above will fix the original bugs we outlined, without too much intrusion. We didn't go too deep into backwards compatibility with existing clients, which seems to only affect apb tool. Apb tool is being replaced by sbcli anyway. The plan is as follows: 1) send out this email 2) add the above solution as a comment to the proposal PR 3) close proposal PR 4) create trello card with above steps 5) Alay will implement the solution from the trello card If anyone has any strong objections please speak up now. Sincerely, jesus From jesusr at redhat.com Tue Jul 3 20:30:42 2018 From: jesusr at redhat.com (jesusr at redhat.com) Date: Tue, 03 Jul 2018 16:30:42 -0400 Subject: [Ansible-service-broker] Automation Broker meeting *June 26, 2018* Message-ID: I forgot to send this out last week. ==================================== #asbroker: Automation Broker 6-26-18 ==================================== Meeting started by jmrodri at 13:33:00 UTC. Meeting summary --------------- * Attendance (jmrodri, 13:34) * News (jmrodri, 13:35) * mhrivnak in China at OpenInfraDays and LinuxCon * Service class and instance loop PRs merged into Service Catalog * maleck13 to share a doc on shared services * dymurray merged PR 115 into ansible-asb-modules * Review Previous Actions (jmrodri, 13:39) * errors no longer displayed (jmrodri, 13:39) * LINK: https://github.com/openshift/ansible-service-broker/issues/94 1 (jmrodri, 13:39) * Attempt to list APBs in broker returns 503 (jmrodri, 13:40) * LINK: https://github.com/openshift/ansible-service-broker/issues/97 4 (jmrodri, 13:40) * determine places we use panic (jmrodri, 13:42) * LINK: https://github.com/automationbroker/bundle-lib/issues/94 (jmrodri, 13:42) * Possible use case for bundle-lib and operator framework (jmrodri, 13:43) * LINK: https://github.com/automationbroker/bundle-lib/issues/79 (jmrodri, 13:43) * Make registry more consumable (jmrodri, 13:43) * LINK: https://github.com/automationbroker/bundle-lib/issues/2 * Bugs/issues triage (jmrodri 13:46) * LINK: https://github.com/ansibleplaybookbundle/ansible-playbook-bun dle/issues/188 (jmrodri, 13:46) * LINK: https://github.com/automationbroker/sbcli/issues/57 (jmrodri, 13:47) * LINK: https://github.com/openshift/ansible-service-broker/issues/97 9 (jmrodri, 13:49) * features (jmrodri, 13:57) * Test Cases for bundle lib/bundle package ~0% -> 52% want to get to ~100% (jmrodri 13:57) * ACTION: jmrodri write tests for bind/unbind in bundle-lib (jmrodri, 13:58) * philipgough would like to get PR 926 merged (philipgough, 13:59) * LINK: https://github.com/openshift/ansible-service-broker/pull/926 * ACTION: dzager jmrodri shurley work to get PR 926 on broker merged : debuggable image (jmrodri, 14:01) * ACTION: shurley work to get PR 70 into bundle-lib, cut release for philipgough (jmrodri, 14:04) Action Items ------------ * ernelson to look at Issue #974 * jmrodri determine the places we use panic from bundle-lib, add to the issue. * jmrodri write tests for bind/unbind in bundle-lib * dzager jmrodri shurley work to get PR 926 on broker merged : debuggable image (jmrodri, 14:01) * shurley work to get PR 70 into bundle-lib, cut release for philipgough Action Items, by person ----------------------- * ernelson * ernelson to look at Issue #974 * jmrodri * jmrodri determine the places we use panic from bundle-lib, add to the issue. * jmrodri write tests for bind/unbind in bundle-lib * dzager * dzager jmrodri shurley work to get PR 926 on broker merged : debuggable image * shurley * shurley work to get PR 70 into bundle-lib, cut release for philipgough People Present -------------- * jmrodri * shurley * maleck13 * philipgough * ernelson * dymurray * open discussions (jmrodri, 14:04) * removing subject rules review auth (jmrodri, 14:04) * LINK: https://github.com/openshift/ansible-service-broker/pull/995 (jmrodri, 14:04) Meeting ended at 14:17 UTC. From artem.goncharov at gmail.com Thu Jul 5 07:12:07 2018 From: artem.goncharov at gmail.com (Artem Goncharov) Date: Thu, 5 Jul 2018 09:12:07 +0200 Subject: [Ansible-service-broker] minishift and ASB Message-ID: Hi all, I am facing troubles developing APBs on minishift. Following https://docs.openshift.org/latest/minishift/using/experimental-features.html I have started minishift with service-broker enabled. So far everything works fine. In the started instance I see and able to provision APB. However I am not able to push any of my APBs, unless I comment out "dockerhub" entry in the broker-config (no other changes are done, it's really freshly created minishift instance). This happen even after `eval $(minishift docker-env)`. ``` $ eval $(minishift docker-env) $ apb push ... Finished writing dockerfile. Building APB using tag: [172.30.1.1:5000/openshift/zuul-apb] Successfully built APB image: 172.30.1.1:5000/openshift/zuul-apb Pushing the image, this could take a minute... Successfully pushed image: 172.30.1.1:5000/openshift/zuul-apb Contacting the ansible-service-broker at: https://asb-1338-ansible-service-broker.192.168.42.39.nip.io/ansible-service-broker/v2/bootstrap Error: Attempt to bootstrap Broker returned status: 504 Unable to bootstrap Ansible Service Broker. ``` Any hints on what is the correct procedure on using minishift for local APB development? Is it really expected, that I disable dockerhub registry entry? This is bad, since I then loose opportunity to provision APBs from there. Thanks in advance, Artem -------------- next part -------------- An HTML attachment was scrubbed... URL: From artem.goncharov at gmail.com Thu Jul 5 07:38:47 2018 From: artem.goncharov at gmail.com (Artem Goncharov) Date: Thu, 5 Jul 2018 09:38:47 +0200 Subject: [Ansible-service-broker] problems with k8s module and multiline variables Message-ID: Hi all, I have posted already in the IRC, but wanted to have a broader discussion with responses tracking. When I am using apb-base:canary and try to create configMap reading description content from template and passing it to k8s module (how it is currently done in the prostgresql-apb) with the value of a specific key being taken completely from variable ansible corrupts it randomly replacing line breaks with a text '\n'. What worse, this happens not vor every value. I was not able to figure out what is the deciding factor here. Example (templates/zuul_config.yaml): ``` - kind: ConfigMap apiVersion: v1 metadata: name: "zuul-config" namespace: "{{ namespace }}" data: zuul_base_revision: {{ zuul_base_revision }} zuul.conf: |+ {{ zuul_zuul_conf | indent(6, false) }} main.yaml: |+ {{ zuul_main_yaml | indent(6, false) }} logging.conf: |+ {{ zuul_logging_conf | indent(6, false) }} variables.yaml: |+ {{ zuul_variables_yaml | indent(6, false) }} ``` Here all the variables are being defined in defaults (or from APB parameters as pure multiline text). This results in following (from `oc describe`): ``` apiVersion: v1 data: logging.conf: |+ [loggers] keys=root,zuul,gear,kazoo [handlers] keys=console,debug,normal [formatters] keys=simple [logger_root] level=INFO handlers=console [logger_zuul] level=DEBUG handlers=debug,normal qualname=zuul [logger_gear] level=DEBUG handlers=debug,normal qualname=gear [logger_kazoo] level=WARNING handlers=debug,normal qualname=kazoo [handler_console] level=INFO class=StreamHandler formatter=simple args=(sys.stdout,) [handler_debug] level=DEBUG class=logging.handlers.TimedRotatingFileHandler formatter=simple args=('/var/log/zuul/debug.log', 'midnight', 1, 30,) [handler_normal] level=INFO class=logging.handlers.TimedRotatingFileHandler formatter=simple args=('/var/log/zuul/zuul.log', 'midnight', 1, 30,) [formatter_simple] format=%(asctime)s %(levelname)s %(name)s: %(message)s datefmt= main.yaml: >- ---\n- tenant:\n name: otc\n source:\n github:\n config-projects:\n - gtema/zuul-project-config\n untrusted-projects:\n - OpenTelekomCloud/zuul-jobs:\n shadow: gtema/zuul-project-config\n - OpenTelekomCloud/otc-zuul-jobs\n\n\n\n variables.yaml: '---\n# Optional site variables\n\n' zuul.conf: >- [gearman]\nserver=gearman\nssl_ca=/etc/ssl/gearman-client/root-ca.pem\nssl_cert=/etc/ssl/gearman-client/client.pem\nssl_key=/etc/ssl/gearman-client/client.key\n\n[gearman_server]\nstart=true\nssl_ca=/etc/ssl/gearman-server/root-ca.pem\nssl_cert=/etc/ssl/gearman-server/server.pem\nssl_key=/etc/ssl/gearman-server/server.key\nlog_config=/etc/zuul/logging.conf\n\n[zookeeper]\nhosts=zookeeper-0.zookeeper-svc\n\n[zuul]\npidfile=/var/run/zuul/zuul.pid\n\n[executor]\nlog_config=/etc/zuul/logging.conf\nprivate_key_file=/etc/zuul/ssl/ssh.pem\nfinger_port=7900\ntrusted_rw_paths=/var/log/zuul/zuul-logs\n# hostname=${EXECUTOR_HOSTNAME}\nvariables=/etc/zuul/variables/variables.yaml\n\n# [merger]\n# log_config=/etc/zuul/logging.conf\n\n[scheduler]\nlog_config=/etc/zuul/logging.conf\ntenant_config=/etc/zuul/main.yaml\n\n[web]\nstatus_url=https:// ${PUBLIC_HOST_NAME}/zuul/t/{tenant.name }/status.html\nlog_config=/etc/zuul/logging.conf\nlisten_address=0.0.0.0\ngearman_server=gearman\nstatic_path=/opt/app-root/static_html\n\n[connection github]\ndriver=github\napp_id=11628\napp_key=/etc/zuul/ssl/github.pem\nwebhook_token=WZcstRtt2HowPt/xIbFDRjzvJ8sX8E0IWqu0aSa0Xkw=\n\n\n\n zuul_base_revision: 3.1.0 kind: ConfigMap metadata: creationTimestamp: '2018-07-05T07:17:56Z' name: zuul-config namespace: zuul resourceVersion: '5146' selfLink: /api/v1/namespaces/zuul/configmaps/zuul-config uid: 8a2b901c-8023-11e8-95ab-5254009918b1 ``` For ref, the template is being processed with the following ansible block (tasks/main.yaml): ``` - name: "set s2i state = {{ state }}" k8s: state: '{{ state }}' definition: "{{ item }}" when: use_s2i and cluster == 'openshift' with_items: - "{{ lookup('template', 'zuul_config.yaml') | from_yaml }}" ``` If you look - logging.conf maintains line breaks, while others not (this happens each time same). This would also happen if I define content in the template explicitly (not through variables). The "nice" thing, if I use my own *apb-base *(forked from *canary*), which uses *stable-2.6* branch of ansible - the problem does not exist. There seems to be really ansible change in *devel* branch, which I was not able to nail down (do not even have time for that). I would really appreciate if anyone have a look there and potentially also switch *apb-base:canary *from *devel* to *stable-2.6* branch, or finally switch *apb-base:latest* to ansible 2.6. I prefer the later, since releasing APB based on *devel* branches gives 0 stability. Additional question (wrong channel, but still): does anyone have ideas, on how is it possible to improve the following ansible block: ``` - name: "Set general configs and secrets state={{ state }}" k8s: state: '{{ state }}' definition: "{{ item }}" with_items: - "{{ lookup('template', 'common_config.yaml') | from_yaml }}" - "{{ lookup('template', 'zuul_config.yaml') | from_yaml }}" - "{{ lookup('template', 'nodepool_config.yaml') | from_yaml }}" ``` I have multiple templates with particular elements for my complex application. So issue here, how can I pass list of templates to `lookup`? I can of course try to first read all elements with `set_fact`, group them and then process with k8s, but this is not really better than this. Thanks a lot, Artem -------------- next part -------------- An HTML attachment was scrubbed... URL: From artem.goncharov at gmail.com Mon Jul 9 15:28:29 2018 From: artem.goncharov at gmail.com (Artem Goncharov) Date: Mon, 9 Jul 2018 17:28:29 +0200 Subject: [Ansible-service-broker] Help needed in a dev setup Message-ID: Hi all, I have tried couple of times to ask in IRC, but due to the TZ difference there is only a small slot. I need help in getting a development setup. Using minishift is nice and "quick", but I need to remove GitHub provider from the ASB configMap to be able to execute 'apb push'. In addition I need to enable 'launch_apb_on_bind' and enable Async gating in kube-service-catalog. But even that I often get problems, stucked ServiceInstances (seems kind of race condition, since often are errors like: can't update service, since it was updated. Please apply changes to latest instance). Binding usually works fine, but deprovisioning fails nearly permanently with the same error. The only possibility for cleanup I found is to recreate minishift instance. It takes time and I need to reapply config changes. Since most of you say in IRC you are not using minishift I decided to switch to catasb, but it is not better. I also need to disable dockerhub repo to be able to push, enable Async bind. And then I have found, that list, push, relist, remove operations are receiving 404 from the broker. If you get the ASB route in UI and go there, among paths there is 'openshift-automation-service-broker' (which is also a project name, route). What I see trying to do 'apb push' is that it correctly finds the domain of the ASB, but it requests /ansible-service-broker/V2/bootstrap or /aansible-service-broker/V2/catalog and gets 404. So I wonder, whether catasb should install ASB as 'ansible-service-broker' (instead of openshift-automation-service-broker), or APB cli should be able to resolve path it requests from ASB correctly. In addition to that catasb/oc cluster up seems to require much more resources and there are lots of failures in journalctl (there is more red, than green colour) and I am lost on where to start from and figure out the reason (sometimes work, but complains; sometimes feels stuck) So I would like to ask, what is the recommended way to setup developer workspace for developing APBs? Following posts from blog.openshift.org or other tutorials does not bring me really further. And another things I noticed, in rare succeeded attempts: - if I use Async binding I NEED to have asb_encode_binding even if I have nothing to pass; - trying to pass complex content to asb_encode_binding seems to bring a total chaos to ASB. Log of the ASB is then filled with errors, provisioning fails and automatic deprovisioning starts, but also fails and retries ever. Doing base64encode to my Multiline yaml I consider passing to bind result still in line breaks being removed and content still plain text in UI, and still errors. Only removing those completely from asb_encode_bindings bring successful provisioning. To tell the truth I am becoming really frustrated with all those issues, but ASB looks really promising. I am not a newbie, but still can't manage it. Is it too early to start using it productively? Thanks a lot in advance, Artem -------------- next part -------------- An HTML attachment was scrubbed... URL: From jmontleo at redhat.com Mon Jul 9 20:38:31 2018 From: jmontleo at redhat.com (Jason Montleon) Date: Mon, 9 Jul 2018 16:38:31 -0400 Subject: [Ansible-service-broker] Help needed in a dev setup In-Reply-To: References: Message-ID: <831d213a-705c-6bd3-ff46-dbde2cd8499c@redhat.com> Hi Artem, catasb should work. Essentially what you're getting here is an oc cluster up that installs the automation-service broker as well as a bunch of other components. Basically: oc cluster up --routing-suffix=172.17.0.1.nip.io --public-hostname=172.17.0.1 --base-dir=/tmp/openshift.local.clusterup --tag=latest --image=docker.io/openshift/origin-\${component}:\${version} --enable=service-catalog,template-service-broker,router,registry,web-console,persistent-volumes,sample-templates,rhel-imagestreams,automation-service-broker I reproduced the 404 with apb push and I think I spotted the issue. It looks like a PR that was intended for just downstream slipped into an upstream build. If you do a dnf update you should be apb 1.3.1-1 and apb push should work. On 07/09/2018 11:28 AM, Artem Goncharov wrote: > Hi all, > > I have tried couple of times to ask in IRC, but due to the TZ difference > there is only a small slot. I need help in getting a development setup. > > Using minishift is nice and "quick", but I need to remove GitHub > provider from the ASB configMap to be able to execute 'apb push'. In > addition I need to enable 'launch_apb_on_bind' and enable Async gating > in kube-service-catalog. But even that I often get problems, stucked > ServiceInstances (seems kind of race condition, since often are errors > like: can't update service, since it was updated. Please apply changes > to latest instance). Binding usually works fine, but deprovisioning > fails nearly permanently with the same error. The only possibility for > cleanup I found is to recreate minishift instance. It takes time and I > need to reapply config changes. > Since most of you say in IRC you are not using minishift I decided to > switch to catasb, but it is not better. I also need to disable dockerhub > repo to be able to push, enable Async bind. And then I have found, that > list, push, relist, remove operations are receiving 404 from the broker. > If you get the ASB route in UI and go there, among paths there is > 'openshift-automation-service-broker' (which is also a project name, > route). What I see trying to do 'apb push' is that it correctly finds > the domain of the ASB, but it requests > /ansible-service-broker/V2/bootstrap or > /aansible-service-broker/V2/catalog and gets 404. So I wonder, whether > catasb should install ASB as 'ansible-service-broker' (instead of > openshift-automation-service-broker), or APB cli should be able to > resolve path it requests from ASB correctly. In addition to that > catasb/oc cluster up seems to require much more resources and there are > lots of failures in journalctl (there is more red, than green colour) > and I am lost on where to start from and figure out the reason > (sometimes work, but complains; sometimes feels stuck) > > So I would like to ask, what is the recommended way to setup developer > workspace for developing APBs? > > Following posts from blog.openshift.org or > other tutorials does not bring me really further. > > > And another things I noticed, in rare succeeded attempts: > - if I use Async binding I NEED to have asb_encode_binding even if I > have nothing to pass; > - trying to pass complex content to asb_encode_binding seems to bring a > total chaos to ASB. Log of the ASB is then filled with errors, > provisioning fails and automatic deprovisioning starts, but also fails > and retries ever. Doing base64encode to my Multiline yaml I consider > passing to bind result still in line breaks being removed and content > still plain text in UI, and still errors. Only removing those completely > from asb_encode_bindings bring successful provisioning. > > To tell the truth I am becoming really frustrated with all those issues, > but ASB looks really promising. I am not a newbie, but still can't > manage it. Is it too early to start using it productively? > > > Thanks a lot in advance, > Artem > > > _______________________________________________ > Ansible-service-broker mailing list > Ansible-service-broker at redhat.com > https://www.redhat.com/mailman/listinfo/ansible-service-broker > -- Jason Montleon | email: jmontleo at redhat.com Software Engineer | gpg key: 0x069E3022 Red Hat, Inc. | irc: jmontleo desk: 978-392-3930 | cell: 508-496-0663 From jesusr at redhat.com Tue Jul 10 15:01:46 2018 From: jesusr at redhat.com (jesusr at redhat.com) Date: Tue, 10 Jul 2018 11:01:46 -0400 Subject: [Ansible-service-broker] Automation Broker IRC meeting July 10th, 2018 Message-ID: <0757e15fa8c031e57f9b924949f077b2e373d63b.camel@redhat.com> ====================================== #asbroker: Automation Broker 7/10/2018 ====================================== Meeting started by jmrodri at 13:33:11 UTC. The full logs are available at asbroker/2018/asbroker.2018-07-10-13.33.log.html . Meeting summary --------------- * Attendance (jmrodri, 13:33:22) * News (jmrodri, 13:34:44) * bundle-lib 0.2.4 release to happen today (pending a couple PRs) (jmrodri, 13:35:03) * apb 2.0.0 alpha? release tomorrow (deprecating python tool -> golang). Working to make it available in Copr (jmrodri, 13:35:57) * LINK: https://github.com/automationbroker/apbb (jmrodri, 13:36:50) * OSB F2F and service-catalog F2F happening this week in Sunnyvale, CA (jmrodri, 13:38:51) * review previous actions (jmrodri, 13:39:43) * attempt to list APBs in broker returned status 503 (jmrodri, 13:40:07) * LINK: https://github.com/openshift/ansible-service-broker/issues/974 (jmrodri, 13:40:11) * move away from panic in the lib (jmrodri, 13:41:31) * LINK: https://github.com/automationbroker/bundle-lib/issues/94 (jmrodri, 13:41:36) * Binding errors are no longer displayed (jmrodri, 13:44:05) * LINK: https://github.com/openshift/ansible-service-broker/issues/941 (jmrodri, 13:44:10) * Add parsing of param dependencies (jmrodri, 13:44:48) * LINK: https://github.com/openshift/ansible-service-broker/pull/928 (jmrodri, 13:44:50) * ACTION: jmrodri review PR 928 on service broker. (jmrodri, 13:45:30) * allow dependencies to be defined on params (jmrodri, 13:45:55) * LINK: https://github.com/automationbroker/bundle-lib/pull/70 (jmrodri, 13:46:01) * assign bundle-lib issue 118 (jmrodri, 13:47:07) * consider renmaing a few things for readability (jmrodri, 13:47:36) * LINK: https://github.com/automationbroker/bundle-lib/issues/104 (jmrodri, 13:47:39) * bundle package should have a errors sub package (jmrodri, 13:48:18) * LINK: https://github.com/automationbroker/bundle-lib/issues/111 (jmrodri, 13:48:20) * ACTION: jmrodri issue 111 (jmrodri, 13:48:59) * ACTION: shurley issue 111 (jmrodri, 13:49:05) * bugs/issue triage (jmrodri, 13:49:47) * bundle-lib issues (jmrodri, 13:49:58) * LINK: https://github.com/openshift/ansible-service-broker/issues (jmrodri, 13:50:00) * LINK: https://github.com/openshift/ansible-service-broker/issues/999 (jmrodri, 13:50:30) * ACTION: jmrodri read and comment on bundle-lib issue 999 (jmrodri, 13:51:15) * ACTION: jmrodri review 3.11/release 1.3 broker bug list. (jmrodri, 13:56:04) * bundle-lib bug list (for realz this time) (jmrodri, 13:56:19) * LINK: https://github.com/automationbroker/bundle-lib/issues (jmrodri, 13:56:27) * bundle.Spec needs a mark for deletion field (jmrodri, 13:56:57) * LINK: https://github.com/automationbroker/bundle-lib/issues/120 (jmrodri, 13:56:59) * ACTION: alay post PR for issue #120 (jmrodri, 13:57:21) * LINK: https://godoc.org/k8s.io/apimachinery/pkg/apis/meta/v1#ObjectMeta (shurley, 13:59:46) * features (jmrodri, 14:02:10) * open discussion (jmrodri, 14:11:14) * LINK: https://github.com/automationbroker/bundle-lib/issues/94 (jmrodri, 14:11:24) * LINK: https://github.com/automationbroker/bundle-lib/blob/master/runtime/runt ime.go#L102-L127 (jmrodri, 14:13:37) Meeting ended at 14:26:33 UTC. Action Items ------------ * jmrodri review PR 928 on service broker. * jmrodri issue 111 * shurley issue 111 * jmrodri read and comment on bundle-lib issue 999 * jmrodri review 3.11/release 1.3 broker bug list. * alay post PR for issue #120 Action Items, by person ----------------------- * jmrodri * jmrodri review PR 928 on service broker. * jmrodri issue 111 * jmrodri read and comment on bundle-lib issue 999 * jmrodri review 3.11/release 1.3 broker bug list. * shurley * shurley issue 111 * **UNASSIGNED** * alay post PR for issue #120 People Present (lines said) --------------------------- * jmrodri (158) * brokerbot (46) * shurley (23) * philipgough (11) * ernelson (7) * dymurray (5) * mhrivnak (2) * fabianvf (1) Generated by `MeetBot`_ 0.1.4 .. _`MeetBot`: http://wiki.debian.org/MeetBot From jmatthew at redhat.com Tue Jul 10 18:43:50 2018 From: jmatthew at redhat.com (John Matthews) Date: Tue, 10 Jul 2018 14:43:50 -0400 Subject: [Ansible-service-broker] Help needed in a dev setup In-Reply-To: <831d213a-705c-6bd3-ff46-dbde2cd8499c@redhat.com> References: <831d213a-705c-6bd3-ff46-dbde2cd8499c@redhat.com> Message-ID: Artem, Please let us know if you are still seeing 404's with apb development. As to the async bind issues you noted: - needing to use asb_encode_binding even if no data needs to be passed back Sounds like a bug, we can address if you would open an issue. - issue with complex content in asb_encode_binding This may be more challenging to address, if you'd open an issue with an example we can investigate. Thank you for sharing the issues you've hit. On Mon, Jul 9, 2018 at 4:38 PM, Jason Montleon wrote: > Hi Artem, > catasb should work. Essentially what you're getting here is an oc cluster > up that installs the automation-service broker as well as a bunch of other > components. > > Basically: > oc cluster up --routing-suffix=172.17.0.1.nip.io > --public-hostname=172.17.0.1 --base-dir=/tmp/openshift.local.clusterup > --tag=latest --image=docker.io/openshift/origin-\${component} > :\${version} > --enable=service-catalog,template-service-broker,router, > registry,web-console,persistent-volumes,sample-templates, > rhel-imagestreams,automation-service-broker > > I reproduced the 404 with apb push and I think I spotted the issue. It > looks like a PR that was intended for just downstream slipped into an > upstream build. > > If you do a dnf update you should be apb 1.3.1-1 and apb push should work. > > On 07/09/2018 11:28 AM, Artem Goncharov wrote: > >> Hi all, >> >> I have tried couple of times to ask in IRC, but due to the TZ difference >> there is only a small slot. I need help in getting a development setup. >> >> Using minishift is nice and "quick", but I need to remove GitHub provider >> from the ASB configMap to be able to execute 'apb push'. In addition I need >> to enable 'launch_apb_on_bind' and enable Async gating in >> kube-service-catalog. But even that I often get problems, stucked >> ServiceInstances (seems kind of race condition, since often are errors >> like: can't update service, since it was updated. Please apply changes to >> latest instance). Binding usually works fine, but deprovisioning fails >> nearly permanently with the same error. The only possibility for cleanup I >> found is to recreate minishift instance. It takes time and I need to >> reapply config changes. >> Since most of you say in IRC you are not using minishift I decided to >> switch to catasb, but it is not better. I also need to disable dockerhub >> repo to be able to push, enable Async bind. And then I have found, that >> list, push, relist, remove operations are receiving 404 from the broker. If >> you get the ASB route in UI and go there, among paths there is >> 'openshift-automation-service-broker' (which is also a project name, >> route). What I see trying to do 'apb push' is that it correctly finds the >> domain of the ASB, but it requests /ansible-service-broker/V2/bootstrap >> or /aansible-service-broker/V2/catalog and gets 404. So I wonder, >> whether catasb should install ASB as 'ansible-service-broker' (instead of >> openshift-automation-service-broker), or APB cli should be able to >> resolve path it requests from ASB correctly. In addition to that catasb/oc >> cluster up seems to require much more resources and there are lots of >> failures in journalctl (there is more red, than green colour) and I am lost >> on where to start from and figure out the reason (sometimes work, but >> complains; sometimes feels stuck) >> >> So I would like to ask, what is the recommended way to setup developer >> workspace for developing APBs? >> >> Following posts from blog.openshift.org or >> other tutorials does not bring me really further. >> >> >> And another things I noticed, in rare succeeded attempts: >> - if I use Async binding I NEED to have asb_encode_binding even if I have >> nothing to pass; >> - trying to pass complex content to asb_encode_binding seems to bring a >> total chaos to ASB. Log of the ASB is then filled with errors, provisioning >> fails and automatic deprovisioning starts, but also fails and retries ever. >> Doing base64encode to my Multiline yaml I consider passing to bind result >> still in line breaks being removed and content still plain text in UI, and >> still errors. Only removing those completely from asb_encode_bindings bring >> successful provisioning. >> >> To tell the truth I am becoming really frustrated with all those issues, >> but ASB looks really promising. I am not a newbie, but still can't manage >> it. Is it too early to start using it productively? >> >> >> Thanks a lot in advance, >> Artem >> >> >> _______________________________________________ >> Ansible-service-broker mailing list >> Ansible-service-broker at redhat.com >> https://www.redhat.com/mailman/listinfo/ansible-service-broker >> >> > -- > Jason Montleon | email: jmontleo at redhat.com > Software Engineer | gpg key: 0x069E3022 > Red Hat, Inc. | irc: jmontleo > desk: 978-392-3930 | cell: 508-496-0663 > > _______________________________________________ > Ansible-service-broker mailing list > Ansible-service-broker at redhat.com > https://www.redhat.com/mailman/listinfo/ansible-service-broker > -------------- next part -------------- An HTML attachment was scrubbed... URL: From jesusr at redhat.com Tue Jul 10 20:16:24 2018 From: jesusr at redhat.com (jesusr at redhat.com) Date: Tue, 10 Jul 2018 16:16:24 -0400 Subject: [Ansible-service-broker] bundle-lib 0.2.4 released Message-ID: As promised in the Automation Broker meeting this morning, we've released 0.2.4 of bundle-lib today. https://github.com/automationbroker/bundle-lib/releases/tag/0.2.4 jesus From artem.goncharov at gmail.com Wed Jul 11 08:26:07 2018 From: artem.goncharov at gmail.com (Artem Goncharov) Date: Wed, 11 Jul 2018 10:26:07 +0200 Subject: [Ansible-service-broker] Help needed in a dev setup In-Reply-To: References: <831d213a-705c-6bd3-ff46-dbde2cd8499c@redhat.com> Message-ID: Hi John Please let us know if you are still seeing 404's with apb development. > to tell the truth I am very surprised here. It seems that with the change from Jason apb is now constantly going to /openshift-automation-service-broker/v2/catalog instead of /ansible-service-broker/v2/catalog. This is good for the latest development branch, but is a non-go for those working with older releases. This change broke apb cli for me for opensfhit 3.9. The ease to get this change merged waves in me suspicion, that apb/asb project is not mature enough to be used productively. There is no stability, and instead things are being constantly changed. First there were nulecule/atomicapp. They was abandoned without a note in the project (now it is mentioned in the repo, but this was not the case even recently). Later APB appeared. First with "k8s_v1_persistent_volume_claim"-like direct modules, which are is still adverted in all docs and `apb init`. With Ansible-2.5 there is a shift to `openshift_raw`, `k8s_raw` (it is visible only in example apbs, and not mentioned in the docs). Now there is a switch to `k8s` for ansible-2.6 and `xxx_raw` modules are being not only deprecated, but removed from ansible (ok, renamed not to be used, but still). And again there is no documentation in the APB/ASB with respect to that. With nearly quarterly releases of Ansible, do I need to rewrite my app in sync with the things you guys "trying"? To tell the truth it feels like being not even a beta, but alpha tester. However RedHat announces and recommends using it since I guess 3.6 (during local Openshift meetups) Then we come to the issue with apb development setup. I do not want to say it so, but I can't find any other words: there is no development setup. minishift is not actively supported by apb/asb team, since each time I mention minishift in IRC I get immediately an answer, that you are not using it. On the other hand I have not found a way to try at least soon to be released openshift 3.10 there. Trivial APBs are of course working with 3.9. Problem is that with 3.9 in minishift I am not able to proceed with async binding (which I need mainly because of binding parameters). catasb project is instead by default giving you latest development version of components, which brings following issues with it: - I am not able to reliably setup workspace due to not yet clarified issues. On a completely fresh system it starts and works, but from the second time `oc cluster up` step of the local/linux/run_setup_local.sh fails (whether I do not specify tags at all, or specify 3.10 - just return code 1, the cluster is being started, but not usable due to aborted install; plain `oc cluster up` still works). Even removing /var/lib/origin, /tmp/origin*, ~/-kube, /var/lib/docker does not help. If I set it to use 3.9 images it is starting correctly, but the you have the same "async binding" issues, as with minishift - Setting myself using "official" release (3.9 as of now) does not seem to bring me lot of use, since I doubt you would backport fixes for found problems (at least those mentioned in the original mail) back to 3.9. What about 3.10? With a 3.10 release soon I doubt this also. In addition I need to enable "not supported" features in the config. This might be still ok for early POC, but not for real solution. - with previously mentioned issue with change in apb cli I can't use it now with older (3.9, compared to devel) releases. - I would have tried getting catasb to install me 3.10, but how do I do this? How do I figure out, which tag of the asb will be part of 3.10? ( https://hub.docker.com/r/ansibleplaybookbundle/origin-ansible-service-broker/tags/ ) - catasb is goold in general, but it assumes being active developer of ASB team. Relying only to README you are doomed. I truly prefer ASB to Helm, but as I mentioned: is it mature enough to invest time? I love RedHat products, I do myself have a red RedHat hat :-), but I am always warned, since products at RedHat are being born and die very frequently (surely normal dev process, but I can't invest corporate resources into something that may die or change direction in 6 month). > As to the async bind issues you noted: > - needing to use asb_encode_binding even if no data needs to be passed > back > Sounds like a bug, we can address if you would open an issue. > sure, will open one. But I would first need to clarify whether this is valid in 3.9 only or also in devel > - issue with complex content in asb_encode_binding > This may be more challenging to address, if you'd open an issue with > an example we can investigate. > > sure, will open one. Need a reliable apb dev workspace, which is a problem as I mentioned With the best regards, Artem -------------- next part -------------- An HTML attachment was scrubbed... URL: From jmontleo at redhat.com Wed Jul 11 13:14:13 2018 From: jmontleo at redhat.com (Jason Montleon) Date: Wed, 11 Jul 2018 09:14:13 -0400 Subject: [Ansible-service-broker] Help needed in a dev setup In-Reply-To: References: <831d213a-705c-6bd3-ff46-dbde2cd8499c@redhat.com> Message-ID: <456e5144-0f78-7793-eb77-79e36ffb4963@redhat.com> Hi Artem, Sorry to hear this has been so difficult. Regarding catasb/oc failing with return code 1 we hit this yesterday with our latest oc client build and filed an issue. I wonder if it could be what you're seeing? https://github.com/openshift/origin/issues/20275. I mentioned a workaround if the file does not exist and it is in fact what's happening. We've also hit a coupel bugs indocker centered around the systemd cgroup driver though I think these have all been fixed in the latest updates for docker and systemd. Unfortunately we sometimes suffer from problems outside of our control, but if you're on irc this morning I can try to help you get this sorted out regardless of where it's coming from. Moving on to the client issues: I don't think if you're relying on the ansible-service-broker-latest copr repo to install the client you should expect it to work with old releases. Just as its name implies it's latest, and the client more closely aligns with the broker packages being built there for the latest images, etc. We've had to make changes to get the broker incorporated in the openshift installer, which is why we're now under an openshift- prefixed namespace and you see old clients failing with new brokers and vice versa. I agree it's not ideal. If you need a client for an older release we have forked the copr repos so it should be possible to obtain a client that matches those releases: https://copr.fedorainfracloud.org/groups/g/ansible-service-broker/coprs/ On 07/11/2018 04:26 AM, Artem Goncharov wrote: > Hi John > > Please let us know if you are still seeing 404's with apb?development. > > > to tell the truth I am very surprised here. It seems that with the > change from Jason apb is now constantly going to > /openshift-automation-service-broker/v2/catalog instead of > /ansible-service-broker/v2/catalog. This is good for the latest > development branch, but is a non-go for those working with older > releases. This change broke apb cli for me for opensfhit 3.9. The ease > to get this change merged waves in me suspicion, that apb/asb project is > not mature enough to be used productively. There is no stability, and > instead? things are being constantly changed. > > First there were nulecule/atomicapp. They was abandoned without a note > in the project (now it is mentioned in the repo, but this was not the > case even recently). Later APB appeared. First with > "k8s_v1_persistent_volume_claim"-like direct modules, which are is still > adverted in all docs and `apb init`. With Ansible-2.5 there is a shift > to `openshift_raw`, `k8s_raw` (it is visible only in example apbs, and > not mentioned in the docs). Now there is a switch to `k8s` for > ansible-2.6 and `xxx_raw` modules are being not only deprecated, but > removed from ansible (ok, renamed not to be used, but still). And again > there is no documentation in the APB/ASB with respect to that. With > nearly quarterly releases of Ansible, do I need to rewrite my app in > sync with the things you guys "trying"? To tell the truth it feels like > being not even a beta, but alpha tester. However RedHat announces and > recommends using it since I guess 3.6 (during local Openshift meetups) > > Then we come to the issue with apb development setup. I do not want to > say it so, but I can't find any other words: there is no development > setup. minishift is not actively supported by apb/asb team, since each > time I mention minishift in IRC I get immediately an answer, that you > are not using it. On the other hand I have not found a way to try at > least soon to be released openshift 3.10 there. Trivial APBs are of > course working with 3.9. Problem is that with 3.9 in minishift I am not > able to proceed with async binding (which I need mainly because of > binding parameters). > catasb project is instead by default giving you latest development > version of components, which brings following issues with it: > - I am not able to reliably setup workspace due to not yet clarified > issues. On a completely fresh system it starts and works, but from the > second time `oc cluster up` step of the local/linux/run_setup_local.sh > fails (whether I do not specify tags at all, or specify 3.10 - just > return code 1, the cluster is being started, but not usable due to > aborted install; plain `oc cluster up` still works). Even removing > /var/lib/origin, /tmp/origin*, ~/-kube, /var/lib/docker does not help. > If I set it to use 3.9 images it is starting correctly, but the you have > the same "async binding" issues, as with minishift > - Setting myself using "official" release (3.9 as of now) does not seem > to bring me lot of use, since I doubt you would backport fixes for found > problems (at least those mentioned in the original mail) back to 3.9. > What about 3.10? With a 3.10 release soon I doubt this also. In addition > I need to enable "not supported" features in the config. This might be > still ok for early POC, but not for real solution. > - with previously mentioned issue with change in apb cli I can't use it > now with older (3.9, compared to devel) releases. > - I would have tried getting catasb to install me 3.10, but how do I do > this? How do I figure out, which tag of the asb will be part of 3.10? > (https://hub.docker.com/r/ansibleplaybookbundle/origin-ansible-service-broker/tags/) > - catasb is goold in general, but it assumes being active developer of > ASB team. Relying only to README you are doomed. > > I truly prefer ASB to Helm, but as I mentioned: is it mature enough to > invest time? I love RedHat products, I do myself have a red RedHat hat > :-), but I am always warned, since products at RedHat are being born and > die very frequently (surely normal dev process, but I can't invest > corporate resources into something that may die or change direction in 6 > month). > > As to the async bind issues you noted: > ?- needing to use asb_encode_binding even if no data needs to be > passed back > ? ? Sounds like a bug, we can address if you would open an issue. > > > sure, will open one. But I would first need to clarify whether this is > valid in 3.9 only or also in devel > > ?- issue with complex content in asb_encode_binding > ? ? This may be more challenging to address, if you'd open an issue > with an example we can investigate. > > > sure, will open one. Need a reliable apb dev workspace, which is a > problem as I mentioned > > > With the best regards, > Artem > > > _______________________________________________ > Ansible-service-broker mailing list > Ansible-service-broker at redhat.com > https://www.redhat.com/mailman/listinfo/ansible-service-broker > -- Jason Montleon | email: jmontleo at redhat.com Software Engineer | gpg key: 0x069E3022 Red Hat, Inc. | irc: jmontleo desk: 978-392-3930 | cell: 508-496-0663 From jesusr at redhat.com Tue Jul 17 12:40:43 2018 From: jesusr at redhat.com (jesusr at redhat.com) Date: Tue, 17 Jul 2018 08:40:43 -0400 Subject: [Ansible-service-broker] Today's community meeting canceled Message-ID: The Automation broker community meeting for July 17th has been canceled. See you guys next week on July 24th. Sincerely, jesus -- jesus m. rodriguez | jesusr at redhat.com principal software engineer | irc: zeus red hat systems management | 919.754.4413 (w) rhce # 805008586930012 | 919.623.0080 (c) +---------------------------------------------+ | "you will be assimilated; | | resistance is futile" | | -- Borg | +---------------------------------------------+ From fabian at redhat.com Tue Jul 17 16:29:45 2018 From: fabian at redhat.com (Fabian von Feilitzsch) Date: Tue, 17 Jul 2018 12:29:45 -0400 Subject: [Ansible-service-broker] Blog post on new k8s module in Ansible 2.6 Message-ID: Hey everyone, The blog post on our dynamic k8s module that shipped with Ansible 2.6 just went live. It has a short history of the Ansible to OpenShift integration work and a few examples to get started. https://www.ansible.com/blog/dynamic-kubernetes-client-for-ansible Also posting the Ansible tweet in case anyone wants to contribute to that discussion: https://twitter.com/ansible/status/1019235972956016645 If you hit any issues or have any comments I'm happy to answer them here, on IRC, or on the Ansible issue tracker on GitHub! - Fabian -------------- next part -------------- An HTML attachment was scrubbed... URL: From jesusr at redhat.com Tue Jul 24 14:27:33 2018 From: jesusr at redhat.com (jesusr at redhat.com) Date: Tue, 24 Jul 2018 10:27:33 -0400 Subject: [Ansible-service-broker] Automation Broker Community Meeting 7/24/2018 Message-ID: ====================================== #asbroker: Automation Broker 7/24/2018 ====================================== Meeting started by jmrodri at 13:31:30 UTC. The full logs are available at asbroker/2018/asbroker.2018-07-24-13.31.log.html . Meeting summary --------------- * Attendance (jmrodri, 13:31:43) * news (jmrodri, 13:34:03) * Automation Broker has a new bootstrap reconcilation loop (jmrodri, 13:34:24) * Kubernetes Multitenancy working group (jmrodri, 13:35:39) * LINK: https://github.com/kubernetes/community/tree/master/wg-multitenancy (jmrodri, 13:35:47) * Coverage increased on bundle-lib (jmrodri, 13:36:56) * LINK: https://coveralls.io/github/automationbroker/bundle-lib (jmrodri, 13:37:04) * review previous actions (jmrodri, 13:39:53) * issue 941 for broker still needs to be tested. I was going to do it yesterday, ran into some infra issues. HOpefully it will be tested and closed by next meeting. (jmrodri, 13:40:26) * ACTION: jmrodri test issue 941 (jmrodri, 13:40:36) * bundle package errors (jmrodri, 13:40:58) * LINK: https://github.com/automationbroker/bundle-lib/issues/111 (jmrodri, 13:41:04) * ACTION: shurley write up brief comment on issue 111 (jmrodri, 13:41:50) * bugs/issues triage (jmrodri, 13:42:27) * bundle-lib issues (jmrodri, 13:42:44) * LINK: https://github.com/automationbroker/bundle-lib/issues/148 (jmrodri, 13:43:16) * configToSpec debug log is noisy (jmrodri, 13:43:24) * bundles filtered log is hard to read (jmrodri, 13:44:31) * LINK: https://github.com/automationbroker/bundle-lib/issues/147 (jmrodri, 13:44:33) * automation broker issues (jmrodri, 13:46:08) * LINK: https://github.com/openshift/ansible-service-broker/issues?q=is%3Ai ssue+is%3Aopen+label%3A%223.11+%7C+release-1.3%22 (jmrodri, 13:46:20) * Error attempting to list APBs in broker returned 503 (jmrodri, 13:47:37) * LINK: https://github.com/openshift/ansible-service-broker/issues/97 4 (jmrodri, 13:47:41) * ACTION: ernelson investigate issue 974, close if not a broker issue (jmrodri, 13:49:59) * dock link for complicated parameters (jmrodri, 13:50:08) * LINK: https://github.com/openshift/ansible-service-broker/issues/97 3 (jmrodri, 13:50:11) * ACTION: maleck13 advise what to do with issue 974 (jmrodri, 13:51:06) * binding errors are no longer displayed (jmrodri, 13:52:47) * LINK: https://github.com/openshift/ansible-service-broker/issues/94 1 (jmrodri, 13:52:50) * link broker in deployment (jmrodri, 13:53:52) * LINK: https://github.com/openshift/ansible-service-broker/issues/93 8 (jmrodri, 13:53:58) * broker should define owner reference on CRs (jmrodri, 13:54:50) * LINK: https://github.com/openshift/ansible-service-broker/issues/93 6 (jmrodri, 13:54:52) * too many apb's causes bootstrap route to timeout (jmrodri, 13:57:26) * LINK: https://github.com/openshift/ansible-service-broker/issues/87 6 (jmrodri, 13:57:29) * randomize object names to avoid clashes (jmrodri, 13:58:45) * LINK: https://github.com/openshift/ansible-service-broker/issues/85 3 (jmrodri, 13:58:48) * ACTION: dzager to update and close out issue 853 (jmrodri, 13:59:53) * bindable apb provision fails if credentials are not created (jmrodri, 14:00:22) * LINK: https://github.com/openshift/ansible-service-broker/issues/84 7 (jmrodri, 14:00:24) * ACTION: jmrodri assign issue 847 to someone (jmrodri, 14:03:01) * discussion: broekr should not fail hard when registry names collide (jmrodri, 14:03:11) * LINK: https://github.com/openshift/ansible-service-broker/issues/75 3 (jmrodri, 14:03:13) * define a firmer error checking policy for registry adapters (jmrodri, 14:07:37) * LINK: https://github.com/openshift/ansible-service-broker/issues/68 4 (jmrodri, 14:07:38) * expose user/cluster information to APBs (jmrodri, 14:09:08) * LINK: https://github.com/openshift/ansible-service-broker/issues/47 0 (jmrodri, 14:09:11) * ACTION: jmrodri determine if 470 needs to remain open (jmrodri, 14:12:04) Meeting ended at 14:15:21 UTC. Action Items ------------ * jmrodri test issue 941 * shurley write up brief comment on issue 111 * ernelson investigate issue 974, close if not a broker issue * maleck13 advise what to do with issue 974 * dzager to update and close out issue 853 * jmrodri assign issue 847 to someone * jmrodri determine if 470 needs to remain open Action Items, by person ----------------------- * dzager * dzager to update and close out issue 853 * ernelson * ernelson investigate issue 974, close if not a broker issue * jmrodri * jmrodri test issue 941 * jmrodri assign issue 847 to someone * jmrodri determine if 470 needs to remain open * maleck13 * maleck13 advise what to do with issue 974 * shurley * shurley write up brief comment on issue 111 * **UNASSIGNED** * (none) People Present (lines said) --------------------------- * jmrodri (124) * brokerbot (52) * shurley (16) * ernelson (9) * dzager (8) * dymurray (5) * maleck13 (2) * alpatel (2) * rhallisey (1) * fabianvf (1) Generated by `MeetBot`_ 0.1.4 .. _`MeetBot`: http://wiki.debian.org/MeetBot From jesusr at redhat.com Tue Jul 31 11:56:47 2018 From: jesusr at redhat.com (jesus m. rodriguez) Date: Tue, 31 Jul 2018 07:56:47 -0400 Subject: [Ansible-service-broker] Community meeting canceled today Message-ID: <324a55b5-7140-4104-8aca-9dd6dad18bbf@redhat.com> meeting canceled for July 31st, 2018.? We will resume Tuesday August 7th. Sincerely, Jesus ?Sent from Blue ?