<div dir="ltr"><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Mar 1, 2018 at 12:42 AM, Shawn Hurley <span dir="ltr"><<a href="mailto:shurley@redhat.com" target="_blank">shurley@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div style="word-wrap:break-word">Hi Charles,<div><br></div><div>v3.7 should not be attempting to anything with network policies, can you please double check the deployment config and tell us the version of the image that is being deployed. </div></div></blockquote><div><br></div><div>docker image used is : ansibleplaybookbundle/origin-ansible-service-broker:v3.7</div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div style="word-wrap:break-word"><div>If it is 3.7 then we have another issue that we will need to solve.</div><div><br></div><div>ansible_service_broker_image_<wbr>tag should override the tag value, if that is not working then we will need to do a deeper dive on the openshift-ansible code. </div><div><br></div><div>If you would like to just “work around” this then you could add a cluster role binding and role to grant access to the asb service account to manipulate the network policies. </div><div><br></div><div>Regards,</div><div><br></div><div>Shawn Hurley <br><div><br><blockquote type="cite"><div><div class="gmail-h5"><div>On Feb 28, 2018, at 3:44 PM, Charles Moulliard <<a href="mailto:cmoullia@redhat.com" target="_blank">cmoullia@redhat.com</a>> wrote:</div><br class="gmail-m_3507703168744824884Apple-interchange-newline"></div></div><div><div><div class="gmail-h5"><div dir="ltr">Hi,<div><br></div><div>There is still an issue with the ansible playbook installing ASB on openshift 3.7</div><div>When the inventory is configured using these parameters</div><div><br></div><div>git clone -b release-3.7 <a href="mailto:git@github.com" target="_blank">git@github.com</a>:openshift/<wbr>openshift-ansible.git <br></div><div><br></div><div>openshift_enable_service_<wbr>catalog=true<br></div><div><div>ansible_service_broker_<wbr>registry_whitelist=['.*-apb$']</div><div>ansible_service_broker_image_<wbr>tag=v3.7</div></div><div><br></div><div>then, the following error is reported within the APB pod during serviceinstance creation</div><div><br></div><div><div>[2018-02-28T20:33:59.585Z] [NOTICE] - Creating RoleBinding apb-49d8c2a2-6d12-474c-87a2-<wbr>a220bda6ba0d<br></div><div>[2018-02-28T20:33:59.598Z] [ERROR] - <b>unable to create network policy object - User "system:serviceaccount:<wbr>openshift-ansible-service-<wbr>broker:asb" cannot create <a href="http://networkpolicies.networking.k8s.io/" target="_blank">networkpolicies.networking.<wbr>k8s.io</a> in the namespace "project31": User "system:serviceaccount:<wbr>openshift-ansible-service-<wbr>broker:asb" cannot create <a href="http://networkpolicies.networking.k8s.io/" target="_blank">networkpolicies.networking.<wbr>k8s.io</a> in project "project31" (post <a href="http://networkpolicies.networking.k8s.io/" target="_blank">networkpolicies.networking.<wbr>k8s.io</a>)</b></div><div> project "project31" (post <a href="http://networkpolicies.networking.k8s.io/" target="_blank">networkpolicies.networking.<wbr>k8s.io</a>) <br></div></div><div><br></div><div>As you can see, the clusterrole of asb-auth is still missing the following info</div><div><a href="https://goo.gl/HfJnj8" target="_blank">https://goo.gl/HfJnj8</a><br></div><div><br></div><div>Can somebody fix the error please for ansible openshift 3.7 ?</div><div><br></div><div>Regards</div><div><br></div><div>Charles<br><div><div class="gmail-m_3507703168744824884gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div style="font-family:overpass,sans-serif;font-size:10px"><div></div></div></div></div></div></div></div></div></div></div></div></div></div></div>
</div></div></div></div>
______________________________<wbr>_________________<br>Ansible-service-broker mailing list<br><a href="mailto:Ansible-service-broker@redhat.com" target="_blank">Ansible-service-broker@redhat.<wbr>com</a><br><a href="https://www.redhat.com/mailman/listinfo/ansible-service-broker" target="_blank">https://www.redhat.com/<wbr>mailman/listinfo/ansible-<wbr>service-broker</a><br></div></blockquote></div><br></div></div></blockquote></div><br></div></div>