[Ansible-service-broker] Issue with playbook of ansible service broker - missing networkpolicies

David Zager dzager at redhat.com
Thu Mar 1 15:19:36 UTC 2018 

Greetings Charles,

The image in question,
docker.io/ansibleplaybookbundle/origin-ansible-service-broker:v3.7
<https://hub.docker.com/r/ansibleplaybookbundle/origin-ansible-service-broker/tags/>
has been updated to be built using the code from the release-1.0
<https://github.com/openshift/ansible-service-broker/tree/release-1.0> branch
of the broker project. Apologies for the trouble and thank you for helping
us find the root cause.

https://github.com/openshift/ansible-service-broker/pull/803 should prevent
this from happening in the future.

Respectfully,
David Zager

On Thu, Mar 1, 2018 at 9:45 AM Shawn Hurley <shurley at redhat.com> wrote:

> Hello Charles,
>
> It appears that we have had a little mix up on the versions that we
> tagged. You are currently getting the canary version of the broker.
> We are working on rebuilding and re-tagging the correct images and will
> keep everyone informed with this email thread. Sorry about the mix up.
>
> Thanks,
>
> Shawn Hurley
>
> On Mar 1, 2018, at 12:40 AM, Charles Moulliard <cmoullia at redhat.com>
> wrote:
>
> I confirm that version 3.7 has been installed
>
>
> https://www.dropbox.com/s/h7m72h23k7myjyw/Screenshot%202018-03-01%2006.39.40.png?dl=0
>
>
> On Thu, Mar 1, 2018 at 12:47 AM, Erik Nelson <ernelson at redhat.com> wrote:
>
>> Charles, you guys are deploying upstream origin with
>> openshift-ansible? We discovered today thanks to your report that the
>> upstream openshift-ansible code was configured to default to "latest"
>> broker images, which is our 3.9 image. I will see if I can reproduce
>> your issue as well.
>>
>> +1 to shurley's comment, we have to confirm what version of the image
>> you are running, via tag.
>>
>> On Wed, Feb 28, 2018 at 6:42 PM, Shawn Hurley <shurley at redhat.com> wrote:
>> > Hi Charles,
>> >
>> > v3.7 should not be attempting to anything with network policies, can you
>> > please double check the deployment config and tell us the version of the
>> > image that is being deployed. If it is 3.7 then we have another issue
>> that
>> > we will need to solve.
>> >
>> > ansible_service_broker_image_tag should override the tag value, if that
>> is
>> > not working then we will need to do a deeper dive on the
>> openshift-ansible
>> > code.
>> >
>> > If you would like to just “work around” this then you could add a
>> cluster
>> > role binding and role to grant access to the asb service account to
>> > manipulate the network policies.
>> >
>> > Regards,
>> >
>> > Shawn Hurley
>> >
>> > On Feb 28, 2018, at 3:44 PM, Charles Moulliard <cmoullia at redhat.com>
>> wrote:
>> >
>> > Hi,
>> >
>> > There is still an issue with the ansible playbook installing ASB on
>> > openshift 3.7
>> > When the inventory is configured using these parameters
>> >
>> > git clone -b release-3.7 git at github.com:openshift/openshift-ansible.git
>> >
>> > openshift_enable_service_catalog=true
>> > ansible_service_broker_registry_whitelist=['.*-apb$']
>> > ansible_service_broker_image_tag=v3.7
>> >
>> > then, the following error is reported within the APB pod during
>> > serviceinstance creation
>> >
>> > [2018-02-28T20:33:59.585Z] [NOTICE] - Creating RoleBinding
>> > apb-49d8c2a2-6d12-474c-87a2-a220bda6ba0d
>> > [2018-02-28T20:33:59.598Z] [ERROR] - unable to create network policy
>> object
>> > - User "system:serviceaccount:openshift-ansible-service-broker:asb"
>> cannot
>> > create networkpolicies.networking.k8s.io in the namespace "project31":
>> User
>> > "system:serviceaccount:openshift-ansible-service-broker:asb" cannot
>> create
>> > networkpolicies.networking.k8s.io in project "project31" (post
>> > networkpolicies.networking.k8s.io)
>> >  project "project31" (post networkpolicies.networking.k8s.io)
>> >
>> > As you can see, the clusterrole of asb-auth is still missing the
>> following
>> > info
>> > https://goo.gl/HfJnj8
>> >
>> > Can somebody fix the error please for ansible openshift 3.7 ?
>> >
>> > Regards
>> >
>> > Charles
>> > _______________________________________________
>> > Ansible-service-broker mailing list
>> > Ansible-service-broker at redhat.com
>> > https://www.redhat.com/mailman/listinfo/ansible-service-broker
>> >
>> >
>> >
>> > _______________________________________________
>> > Ansible-service-broker mailing list
>> > Ansible-service-broker at redhat.com
>> > https://www.redhat.com/mailman/listinfo/ansible-service-broker
>> >
>>
>
>
> _______________________________________________
> Ansible-service-broker mailing list
> Ansible-service-broker at redhat.com
> https://www.redhat.com/mailman/listinfo/ansible-service-broker
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/ansible-service-broker/attachments/20180301/16bc65d4/attachment.htm>

More information about the Ansible-service-broker mailing list