<html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class="">Hi Charles,<div class=""><br class=""></div><div class="">v3.7 should not be attempting to anything with network policies, can you please double check the deployment config and tell us the version of the image that is being deployed. If it is 3.7 then we have another issue that we will need to solve.</div><div class=""><br class=""></div><div class="">ansible_service_broker_image_tag should override the tag value, if that is not working then we will need to do a deeper dive on the openshift-ansible code. </div><div class=""><br class=""></div><div class="">If you would like to just “work around” this then you could add a cluster role binding and role to grant access to the asb service account to manipulate the network policies. </div><div class=""><br class=""></div><div class="">Regards,</div><div class=""><br class=""></div><div class="">Shawn Hurley <br class=""><div><br class=""><blockquote type="cite" class=""><div class="">On Feb 28, 2018, at 3:44 PM, Charles Moulliard <<a href="mailto:cmoullia@redhat.com" class="">cmoullia@redhat.com</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><div dir="ltr" class="">Hi,<div class=""><br class=""></div><div class="">There is still an issue with the ansible playbook installing ASB on openshift 3.7</div><div class="">When the inventory is configured using these parameters</div><div class=""><br class=""></div><div class="">git clone -b release-3.7 <a href="mailto:git@github.com" class="">git@github.com</a>:openshift/openshift-ansible.git <br class=""></div><div class=""><br class=""></div><div class="">openshift_enable_service_catalog=true<br class=""></div><div class=""><div class="">ansible_service_broker_registry_whitelist=['.*-apb$']</div><div class="">ansible_service_broker_image_tag=v3.7</div></div><div class=""><br class=""></div><div class="">then, the following error is reported within the APB pod during serviceinstance creation</div><div class=""><br class=""></div><div class=""><div class="">[2018-02-28T20:33:59.585Z] [NOTICE] - Creating RoleBinding apb-49d8c2a2-6d12-474c-87a2-a220bda6ba0d<br class=""></div><div class="">[2018-02-28T20:33:59.598Z] [ERROR] - <b class="">unable to create network policy object - User "system:serviceaccount:openshift-ansible-service-broker:asb" cannot create <a href="http://networkpolicies.networking.k8s.io/" class="">networkpolicies.networking.k8s.io</a> in the namespace "project31": User "system:serviceaccount:openshift-ansible-service-broker:asb" cannot create <a href="http://networkpolicies.networking.k8s.io/" class="">networkpolicies.networking.k8s.io</a> in project "project31" (post <a href="http://networkpolicies.networking.k8s.io/" class="">networkpolicies.networking.k8s.io</a>)</b></div><div class=""> project "project31" (post <a href="http://networkpolicies.networking.k8s.io/" class="">networkpolicies.networking.k8s.io</a>) <br class=""></div></div><div class=""><br class=""></div><div class="">As you can see, the clusterrole of asb-auth is still missing the following info</div><div class=""><a href="https://goo.gl/HfJnj8" class="">https://goo.gl/HfJnj8</a><br class=""></div><div class=""><br class=""></div><div class="">Can somebody fix the error please for ansible openshift 3.7 ?</div><div class=""><br class=""></div><div class="">Regards</div><div class=""><br class=""></div><div class="">Charles<br class=""><div class=""><div class="gmail_signature"><div dir="ltr" class=""><div class=""><div dir="ltr" class=""><div class=""><div dir="ltr" class=""><div class=""><div dir="ltr" class=""><div dir="ltr" class=""><div dir="ltr" class=""><div dir="ltr" class=""><div style="font-family: overpass, sans-serif; font-size: 10px;" class=""><div class=""></div></div></div></div></div></div></div></div></div></div></div></div></div></div>
</div></div>
_______________________________________________<br class="">Ansible-service-broker mailing list<br class=""><a href="mailto:Ansible-service-broker@redhat.com" class="">Ansible-service-broker@redhat.com</a><br class="">https://www.redhat.com/mailman/listinfo/ansible-service-broker<br class=""></div></blockquote></div><br class=""></div></body></html>