<div dir="ltr">I confirm that version 3.7 has been installed<div><br></div><div><a href="https://www.dropbox.com/s/h7m72h23k7myjyw/Screenshot%202018-03-01%2006.39.40.png?dl=0">https://www.dropbox.com/s/h7m72h23k7myjyw/Screenshot%202018-03-01%2006.39.40.png?dl=0</a><br></div><div class="gmail_extra"><div><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div style="color:rgb(0,0,0);font-family:overpass,sans-serif;font-size:10px"><p style="font-weight:bold;margin:0px;padding:0px;font-size:14px;text-transform:uppercase"><br></p><div></div></div></div></div></div></div></div></div></div></div></div> <br><div class="gmail_quote">On Thu, Mar 1, 2018 at 12:47 AM, Erik Nelson <span dir="ltr"><<a href="mailto:ernelson@redhat.com" target="_blank">ernelson@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Charles, you guys are deploying upstream origin with<br> openshift-ansible? We discovered today thanks to your report that the<br> upstream openshift-ansible code was configured to default to "latest"<br> broker images, which is our 3.9 image. I will see if I can reproduce<br> your issue as well.<br> <br> +1 to shurley's comment, we have to confirm what version of the image<br> you are running, via tag.<br> <div class="HOEnZb"><div class="h5"><br> On Wed, Feb 28, 2018 at 6:42 PM, Shawn Hurley <<a href="mailto:shurley@redhat.com">shurley@redhat.com</a>> wrote:<br> > Hi Charles,<br> ><br> > v3.7 should not be attempting to anything with network policies, can you<br> > please double check the deployment config and tell us the version of the<br> > image that is being deployed. If it is 3.7 then we have another issue that<br> > we will need to solve.<br> ><br> > ansible_service_broker_image_<wbr>tag should override the tag value, if that is<br> > not working then we will need to do a deeper dive on the openshift-ansible<br> > code.<br> ><br> > If you would like to just “work around” this then you could add a cluster<br> > role binding and role to grant access to the asb service account to<br> > manipulate the network policies.<br> ><br> > Regards,<br> ><br> > Shawn Hurley<br> ><br> > On Feb 28, 2018, at 3:44 PM, Charles Moulliard <<a href="mailto:cmoullia@redhat.com">cmoullia@redhat.com</a>> wrote:<br> ><br> > Hi,<br> ><br> > There is still an issue with the ansible playbook installing ASB on<br> > openshift 3.7<br> > When the inventory is configured using these parameters<br> ><br> > git clone -b release-3.7 git@github.com:openshift/<wbr>openshift-ansible.git<br> ><br> > openshift_enable_service_<wbr>catalog=true<br> > ansible_service_broker_<wbr>registry_whitelist=['.*-apb$']<br> > ansible_service_broker_image_<wbr>tag=v3.7<br> ><br> > then, the following error is reported within the APB pod during<br> > serviceinstance creation<br> ><br> > [2018-02-28T20:33:59.585Z] [NOTICE] - Creating RoleBinding<br> > apb-49d8c2a2-6d12-474c-87a2-<wbr>a220bda6ba0d<br> > [2018-02-28T20:33:59.598Z] [ERROR] - unable to create network policy object<br> > - User "system:serviceaccount:<wbr>openshift-ansible-service-<wbr>broker:asb" cannot<br> > create <a href="http://networkpolicies.networking.k8s.io" rel="noreferrer" target="_blank">networkpolicies.networking.<wbr>k8s.io</a> in the namespace "project31": User<br> > "system:serviceaccount:<wbr>openshift-ansible-service-<wbr>broker:asb" cannot create<br> > <a href="http://networkpolicies.networking.k8s.io" rel="noreferrer" target="_blank">networkpolicies.networking.<wbr>k8s.io</a> in project "project31" (post<br> > <a href="http://networkpolicies.networking.k8s.io" rel="noreferrer" target="_blank">networkpolicies.networking.<wbr>k8s.io</a>)<br> > project "project31" (post <a href="http://networkpolicies.networking.k8s.io" rel="noreferrer" target="_blank">networkpolicies.networking.<wbr>k8s.io</a>)<br> ><br> > As you can see, the clusterrole of asb-auth is still missing the following<br> > info<br> > <a href="https://goo.gl/HfJnj8" rel="noreferrer" target="_blank">https://goo.gl/HfJnj8</a><br> ><br> > Can somebody fix the error please for ansible openshift 3.7 ?<br> ><br> > Regards<br> ><br> > Charles<br> > ______________________________<wbr>_________________<br> > Ansible-service-broker mailing list<br> > <a href="mailto:Ansible-service-broker@redhat.com">Ansible-service-broker@redhat.<wbr>com</a><br> > <a href="https://www.redhat.com/mailman/listinfo/ansible-service-broker" rel="noreferrer" target="_blank">https://www.redhat.com/<wbr>mailman/listinfo/ansible-<wbr>service-broker</a><br> ><br> ><br> ><br> > ______________________________<wbr>_________________<br> > Ansible-service-broker mailing list<br> > <a href="mailto:Ansible-service-broker@redhat.com">Ansible-service-broker@redhat.<wbr>com</a><br> > <a href="https://www.redhat.com/mailman/listinfo/ansible-service-broker" rel="noreferrer" target="_blank">https://www.redhat.com/<wbr>mailman/listinfo/ansible-<wbr>service-broker</a><br> ><br> </div></div></blockquote></div><br></div></div>