<html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class="">Hello Charles,<div class=""><br class=""></div><div class="">It appears that we have had a little mix up on the versions that we tagged. You are currently getting the canary version of the broker. </div><div class="">We are working on rebuilding and re-tagging the correct images and will keep everyone informed with this email thread. Sorry about the mix up.</div><div class=""><br class=""></div><div class="">Thanks,</div><div class=""><br class=""></div><div class="">Shawn Hurley</div><div class=""><div><br class=""><blockquote type="cite" class=""><div class="">On Mar 1, 2018, at 12:40 AM, Charles Moulliard <<a href="mailto:cmoullia@redhat.com" class="">cmoullia@redhat.com</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><div dir="ltr" class="">I confirm that version 3.7 has been installed<div class=""><br class=""></div><div class=""><a href="https://www.dropbox.com/s/h7m72h23k7myjyw/Screenshot%202018-03-01%2006.39.40.png?dl=0" class="">https://www.dropbox.com/s/h7m72h23k7myjyw/Screenshot%202018-03-01%2006.39.40.png?dl=0</a><br class=""></div><div class="gmail_extra"><div class=""><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr" class=""><div dir="ltr" class=""><div dir="ltr" class=""><div dir="ltr" class=""><div dir="ltr" class=""><div dir="ltr" class=""><div dir="ltr" class=""><div style="font-family: overpass, sans-serif; font-size: 10px;" class=""><div style="font-weight: bold; margin: 0px; padding: 0px; font-size: 14px; text-transform: uppercase;" class=""><br class=""></div><div class=""></div></div></div></div></div></div></div></div></div></div></div>
<br class=""><div class="gmail_quote">On Thu, Mar 1, 2018 at 12:47 AM, Erik Nelson <span dir="ltr" class=""><<a href="mailto:ernelson@redhat.com" target="_blank" class="">ernelson@redhat.com</a>></span> wrote:<br class=""><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Charles, you guys are deploying upstream origin with<br class="">
openshift-ansible? We discovered today thanks to your report that the<br class="">
upstream openshift-ansible code was configured to default to "latest"<br class="">
broker images, which is our 3.9 image. I will see if I can reproduce<br class="">
your issue as well.<br class="">
<br class="">
+1 to shurley's comment, we have to confirm what version of the image<br class="">
you are running, via tag.<br class="">
<div class="HOEnZb"><div class="h5"><br class="">
On Wed, Feb 28, 2018 at 6:42 PM, Shawn Hurley <<a href="mailto:shurley@redhat.com" class="">shurley@redhat.com</a>> wrote:<br class="">
> Hi Charles,<br class="">
><br class="">
> v3.7 should not be attempting to anything with network policies, can you<br class="">
> please double check the deployment config and tell us the version of the<br class="">
> image that is being deployed. If it is 3.7 then we have another issue that<br class="">
> we will need to solve.<br class="">
><br class="">
> ansible_service_broker_image_<wbr class="">tag should override the tag value, if that is<br class="">
> not working then we will need to do a deeper dive on the openshift-ansible<br class="">
> code.<br class="">
><br class="">
> If you would like to just “work around” this then you could add a cluster<br class="">
> role binding and role to grant access to the asb service account to<br class="">
> manipulate the network policies.<br class="">
><br class="">
> Regards,<br class="">
><br class="">
> Shawn Hurley<br class="">
><br class="">
> On Feb 28, 2018, at 3:44 PM, Charles Moulliard <<a href="mailto:cmoullia@redhat.com" class="">cmoullia@redhat.com</a>> wrote:<br class="">
><br class="">
> Hi,<br class="">
><br class="">
> There is still an issue with the ansible playbook installing ASB on<br class="">
> openshift 3.7<br class="">
> When the inventory is configured using these parameters<br class="">
><br class="">
> git clone -b release-3.7 <a href="mailto:git@github.com" class="">git@github.com</a>:openshift/<wbr class="">openshift-ansible.git<br class="">
><br class="">
> openshift_enable_service_<wbr class="">catalog=true<br class="">
> ansible_service_broker_<wbr class="">registry_whitelist=['.*-apb$']<br class="">
> ansible_service_broker_image_<wbr class="">tag=v3.7<br class="">
><br class="">
> then, the following error is reported within the APB pod during<br class="">
> serviceinstance creation<br class="">
><br class="">
> [2018-02-28T20:33:59.585Z] [NOTICE] - Creating RoleBinding<br class="">
> apb-49d8c2a2-6d12-474c-87a2-<wbr class="">a220bda6ba0d<br class="">
> [2018-02-28T20:33:59.598Z] [ERROR] - unable to create network policy object<br class="">
> - User "system:serviceaccount:<wbr class="">openshift-ansible-service-<wbr class="">broker:asb" cannot<br class="">
> create <a href="http://networkpolicies.networking.k8s.io/" rel="noreferrer" target="_blank" class="">networkpolicies.networking.<wbr class="">k8s.io</a> in the namespace "project31": User<br class="">
> "system:serviceaccount:<wbr class="">openshift-ansible-service-<wbr class="">broker:asb" cannot create<br class="">
> <a href="http://networkpolicies.networking.k8s.io/" rel="noreferrer" target="_blank" class="">networkpolicies.networking.<wbr class="">k8s.io</a> in project "project31" (post<br class="">
> <a href="http://networkpolicies.networking.k8s.io/" rel="noreferrer" target="_blank" class="">networkpolicies.networking.<wbr class="">k8s.io</a>)<br class="">
>  project "project31" (post <a href="http://networkpolicies.networking.k8s.io/" rel="noreferrer" target="_blank" class="">networkpolicies.networking.<wbr class="">k8s.io</a>)<br class="">
><br class="">
> As you can see, the clusterrole of asb-auth is still missing the following<br class="">
> info<br class="">
> <a href="https://goo.gl/HfJnj8" rel="noreferrer" target="_blank" class="">https://goo.gl/HfJnj8</a><br class="">
><br class="">
> Can somebody fix the error please for ansible openshift 3.7 ?<br class="">
><br class="">
> Regards<br class="">
><br class="">
> Charles<br class="">
> ______________________________<wbr class="">_________________<br class="">
> Ansible-service-broker mailing list<br class="">
> <a href="mailto:Ansible-service-broker@redhat.com" class="">Ansible-service-broker@redhat.<wbr class="">com</a><br class="">
> <a href="https://www.redhat.com/mailman/listinfo/ansible-service-broker" rel="noreferrer" target="_blank" class="">https://www.redhat.com/<wbr class="">mailman/listinfo/ansible-<wbr class="">service-broker</a><br class="">
><br class="">
><br class="">
><br class="">
> ______________________________<wbr class="">_________________<br class="">
> Ansible-service-broker mailing list<br class="">
> <a href="mailto:Ansible-service-broker@redhat.com" class="">Ansible-service-broker@redhat.<wbr class="">com</a><br class="">
> <a href="https://www.redhat.com/mailman/listinfo/ansible-service-broker" rel="noreferrer" target="_blank" class="">https://www.redhat.com/<wbr class="">mailman/listinfo/ansible-<wbr class="">service-broker</a><br class="">
><br class="">
</div></div></blockquote></div><br class=""></div></div>
</div></blockquote></div><br class=""></div></body></html>