ansibleplaybookbundle / ansible-playbook-bundle Goto Github PK
View Code? Open in Web Editor NEWTHIS REPO IS MIGRATING: https://github.com/automationbroker/apb
License: GNU General Public License v2.0
THIS REPO IS MIGRATING: https://github.com/automationbroker/apb
License: GNU General Public License v2.0
1. Run 'apb init'
(apb) [root@dhcp-140-98 dma]# apb init my_apb -p name=my_apb_param,type=string,default=foo_param,description="sample description" --async=optional --bindable --org my_organization
Initializing /tmp/dma/my_apb for an APB.
Generating playbook files
Successfully initialized project directory at: /tmp/dma/my_apb
Please run *apb prepare* inside of this directory after editing files.
2. Check apb.yml
(apb) [root@dhcp-140-98 dma]# cat my_apb/apb.yml
id: b30a594e-94a8-4c6b-b4ca-29b9d465db55
name: my_apb
image: my_organization/my_apb
description: This is a sample application generated by apb init
bindable: True
async: optional
parameters:
- name: my_apb_param
description: sample description
type: string
default: foo_param
Result: my_apb/apb.yml
is invalid yaml format
I'm trying to create a Role Binding object linked to my Service Account. Here's an example from my template.
When I try to create the following objects:
- name: Create Service Account
k8s_v1_service_account:
name: '{{ application_name }}'
namespace: '{{ namespace }}'
- name: Create Role Binding
openshift_v1_role_binding:
namespace: '{{ namespace }}'
name: '{{ application_name }}'
user_names:
- system:serviceaccount:{{ namespace }}:{{ application_name }}
role_ref_name: "view"
subjects:
- kind: ServiceAccount
name: '{{ application_name }}'
namespace: '{{ namespace }}'
I get the following error:
$ oc run apb-test --image=jboss-dataservices/datagrid-online-services-dev --restart=Never --attach=true -- provision -vvvvv -e namespace=myproject
If you don't see a command prompt, try pressing enter.
+ [[ provision -vvvvv -e namespace=myproject == *\s\2\i\/\a\s\s\e\m\b\l\e* ]]
+ ACTION=provision
+ shift
+ playbooks=/opt/apb/actions
+ CREDS=/var/tmp/bind-creds
+ TEST_RESULT=/var/tmp/test-result
+ whoami
+ '[' -w /etc/passwd ']'
++ id -u
+ echo 'apb:x:1000060000:0:apb user:/opt/apb:/sbin/nologin'
+ oc-login.sh
Attempting to login with a service account...
Logged into "https://kubernetes.default:443" as "system:serviceaccount:myproject:default" using the token provided.
You have one project on this server: "myproject"
Using project "myproject".
Welcome! See 'oc help' to get started.
+ set +x
ls: cannot access /etc/apb-secrets: No such file or directory
+ [[ -e /opt/apb/actions/provision.yaml ]]
+ [[ -e /opt/apb/actions/provision.yml ]]
+ ANSIBLE_ROLES_PATH=/etc/ansible/roles:/opt/ansible/roles
+ ansible-playbook /opt/apb/actions/provision.yml -vvvvv -e namespace=myproject
Using /etc/ansible/ansible.cfg as config file
[WARNING]: provided hosts list is empty, only localhost is available
Loading callback plugin default of type stdout, v2.0 from /usr/lib/python2.7/site-packages/ansible/plugins/callback/__init__.pyc
PLAYBOOK: provision.yml ********************************************************
1 plays in /opt/apb/actions/provision.yml
PLAY [datagrid-online-services-apb playbook to provision the application] ******
META: ran handlers
TASK [ansible.kubernetes-modules : Install latest openshift client] ************
task path: /etc/ansible/roles/ansible.kubernetes-modules/tasks/main.yml:4
skipping: [localhost] => {
"changed": false,
"skip_reason": "Conditional result was False",
"skipped": true
}
TASK [ansibleplaybookbundle.asb-modules : debug] *******************************
task path: /etc/ansible/roles/ansibleplaybookbundle.asb-modules/tasks/main.yml:2
ok: [localhost] => {
"msg": "Ansible Service Broker modules loaded"
}
TASK [provision-datagrid-online-services-apb : Create Role Binding] ************
task path: /opt/ansible/roles/provision-datagrid-online-services-apb/tasks/main.yml:10
Using module file /etc/ansible/roles/ansible.kubernetes-modules/library/openshift_v1_role_binding.py
<127.0.0.1> ESTABLISH LOCAL CONNECTION FOR USER: apb
<127.0.0.1> EXEC /bin/sh -c 'echo ~ && sleep 0'
<127.0.0.1> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /opt/apb/.ansible/tmp/ansible-tmp-1506330119.75-68815943302 `" && echo ansible-tmp-1506330119.75-68815943302="` echo /opt/apb/.ansible/tmp/ansible-tmp-1506330119.75-68815943302 `" ) && sleep 0'
<127.0.0.1> PUT /tmp/tmpOzsbzI TO /opt/apb/.ansible/tmp/ansible-tmp-1506330119.75-68815943302/openshift_v1_role_binding.py
<127.0.0.1> EXEC /bin/sh -c 'chmod u+x /opt/apb/.ansible/tmp/ansible-tmp-1506330119.75-68815943302/ /opt/apb/.ansible/tmp/ansible-tmp-1506330119.75-68815943302/openshift_v1_role_binding.py && sleep 0'
<127.0.0.1> EXEC /bin/sh -c '/usr/bin/python2 /opt/apb/.ansible/tmp/ansible-tmp-1506330119.75-68815943302/openshift_v1_role_binding.py; rm -rf "/opt/apb/.ansible/tmp/ansible-tmp-1506330119.75-68815943302/" > /dev/null 2>&1 && sleep 0'
fatal: [localhost]: FAILED! => {
"changed": false,
"error": 404,
"failed": true,
"invocation": {
"module_args": {
"annotations": null,
"api_key": null,
"cert_file": null,
"context": null,
"debug": false,
"force": false,
"group_names": null,
"host": null,
"key_file": null,
"kubeconfig": null,
"labels": null,
"name": "caching-service",
"namespace": "myproject",
"password": null,
"resource_definition": null,
"role_ref_api_version": null,
"role_ref_field_path": null,
"role_ref_kind": null,
"role_ref_name": "caching-service",
"role_ref_namespace": "myproject",
"role_ref_resource_version": null,
"role_ref_uid": null,
"src": null,
"ssl_ca_cert": null,
"state": "present",
"subjects": [
{
"kind": "ServiceAccount",
"name": "caching-service",
"namespace": "myproject"
}
],
"user_names": [
"system:serviceaccount:myproject:caching-service"
],
"username": null,
"verify_ssl": null
}
},
"msg": "Failed to create object: role.authorization.openshift.io \"caching-service\" not found"
}
to retry, use: --limit @/opt/apb/actions/provision.retry
This might be connected to #119 but I'm not sure.
The Jinja templating creates some unwanted whitespace within the spec file. In order to make this cleaner we want to generate the YAML within Python and write it out to a file so it looks cleaner. For an example of the unwanted whitespace see here: https://github.com/fusor/apb-examples/blob/master/hello-world-apb/apb.yml#L16
When the apb.yml spec file has a multi-line string, e.g....
metadata:
documentationUrl: https://access.redhat.com
imageUrl: ansibleplaybookbundle/mongodb-apb
dependencies: []
displayName: MongoDB-Persistent (APB)
longDescription: |-
This template provides a standalone MongoDB server with a database
created. The database is stored on persistent storage. The database
name, username, and password are chosen via parameters when provisioning
this service.
...running apb prepare corrupts the file so it's no longer valid yaml, e.g.
metadata:
documentationUrl: https://access.redhat.com
imageUrl: ansibleplaybookbundle/mongodb-apb
dependencies: []
displayName: MongoDB-Persistent (APB)
longDescription: This template provides a standalone MongoDB server with a database
created. The database is stored on persistent storage. The database
name, username, and password are chosen via parameters when provisioning
this service.
It's unexpected to have the apb.yml file change when running prepare. I made edits to it that are intentional. I understand this can be disabled with --skip-spec-update opt but why do we do it?
Failure in examples due naming in yaml vs yml
playbook: /opt/apb/actions/**provision.yaml** could not be found
root@ip-172-18-10-234 rds-mysql-apb]# docker run -it --entrypoint="/bin/bash" docker.io/mangirdas/apb-example
ls -la /opt/apb/actions/
-rw-r--r--. 1 root root 232 Jul 21 22:26 deprovision.yml
drwxr-xr-x. 2 root root 23 Jul 21 22:26 group_vars
-rw-r--r--. 1 root root 213 Jul 21 22:26 **provision.yml**
When I attempt an apb push using the broker-name option before I've authenticated with "oc login", I get an error message that doesn't indicate the problem.
$ apb push --broker-name aws-service-broker
Exception occurred! unsupported operand type(s) for +: 'NoneType' and 'str'
$ oc login
Authentication required for https://172.17.0.1:8443 (openshift)
Username: admin
Password:
Login successful.
$ apb push --broker-name aws-service-broker
Successfully added APB to Ansible Service Broker
Successfully relisted the Service Catalog
apb init my_apb -p name=my_apb_param,type=string,default=foo_param,description="sample description" --async=optional --bindable --org my_organization
Initializing /home/wjiang/git/ansible-playbook-bundle/my_apb for an APB.
Exception occurred! 'str object' has no attribute 'keys'
Version:
apb (0.2.0)
>>> template.render(apb_dict=apb_dict, params=params)
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/lib/python2.7/site-packages/jinja2/environment.py", line 969, in render
return self.environment.handle_exception(exc_info, True)
File "/usr/lib/python2.7/site-packages/jinja2/environment.py", line 742, in handle_exception
reraise(exc_type, exc_value, tb)
File "/usr/lib/python2.7/site-packages/apb/dat/apb.yml.j2", line 14, in top-level template code
{% for pair in param.values()[0].keys() -%}{{ pair }}: {{ param[param.keys()[0]][pair] }}
jinja2.exceptions.UndefinedError: 'str object' has no attribute 'keys'
apb push --broker http://asb-1338-openshift-ansible-service-broker.apps.192.168.20.187.xip.io
and getting:
[mjudeiki@redhat test-apb]$ apb push --broker asb-1338-openshift-ansible-service-apb push --broker asb-1338-openshift-ansible-service-broker.apps.192.168.20.187.xip.io
Error: Attempt to add APB to the Broker returned status: 404
Unable to add APB to Ansible Service Broker.
and asb errors:
10.128.0.1 - - [19/Jul/2017:13:14:12 +0000] "POST /apb/spec HTTP/1.1" 404 19
Image Im using on asb:
sha256:bb8953b67a694bea24d3340095de4ec23fa874a5500231f9bd63790f3fd9dd70 openshift3/ansible-service-broker
Do I use latest image or there is difference in running it in oc cluster up
and dedicated install (as I'm doing)
When run apb build, I get an error, anyone could help what's wrong with my env? thanks.
# apb build docker.io/deshuai/hello-apb
Building APB using tag: [docker.io/deshuai/hello-apb]
Finished writing dockerfile.
Exception occurred! 'module' object has no attribute 'DockerClient'
# pip list|grep docker
docker (2.3.0)
docker-py (1.10.6)
docker-pycreds (0.2.1)
We should allow users to see the logs of the pod as it executes for the APB test method.
Using the latest service-catalog, latest origin, and canary ansible-service-broker, I'm hitting an error attempting to use apb relist
(and also apb push
).
$ apb relist
Relist failure: Received non-200 status code while retrieving broker: ansible-service-broker
Response body:
404 page not found
Quote from ernelson on IRC:
<ernelson> dwhatley: relist probably needs to be updated to reflect the new namechange
<ernelson> dwhatley: it's 404ing because the /servicebroker path doesn't exist anymore
$ rpm -qa | grep apb
apb-1.0.0-1.20171009135441.fc25.noarch
$ apb remove --id 6ea2ce9070dcf31e7a187ddac9971195
Relist failure: 'broker_name'
Successfully deleted APB
➜ my_apb git:(master) ✗ apb remove --all --broker http://localhost:1338
Exception occurred! 'verifY'
Current behavior:
#apb.yml
image: ansibleplaybookbundle/my-apb
This means that the broker downloads the spec from an organization, but may actually download the image from an entirely different organization, leading to confusion.
Proposed:
#apb.yml
image: my-apb
ASB will assume the apb image is in the same repository and org where the spec was found.
Will require changes in:
Reasoning:
Test for card: https://trello.com/c/8qsYQRsB/
# python --version
Python 2.7.13
# pip install apb
Collecting apb
Downloading apb-0.1.0.tar.gz
Complete output from command python setup.py egg_info:
Traceback (most recent call last):
File "<string>", line 1, in <module>
File "/tmp/pip-build-bblqZ1/apb/setup.py", line 5, in <module>
reqs = [str(ir.req) for ir in install_reqs]
File "/usr/lib/python2.7/site-packages/pip/req/req_file.py", line 84, in parse_requirements
filename, comes_from=comes_from, session=session
File "/usr/lib/python2.7/site-packages/pip/download.py", line 425, in get_file_content
'Could not open requirements file: %s' % str(exc)
pip.exceptions.InstallationError: Could not open requirements file: [Errno 2] No such file or directory: 'src/requirements.txt'
----------------------------------------
Command "python setup.py egg_info" failed with error code 1 in /tmp/pip-build-bblqZ1/apb/
system: fedora24
[root@host-8-241-60 pip-1.5.4]# python --version
Python 2.7.5
[root@host-8-241-60 pip-1.5.4]# pip --version
pip 1.5.4 from /usr/lib/python2.7/site-packages/pip-1.5.4-py2.7.egg (python 2.7)
[root@host-8-241-60 pip-1.5.4]# pip install apb
Downloading/unpacking apb
Downloading apb-0.2.2.tar.gz
Running setup.py (path:/tmp/pip_build_root/apb/setup.py) egg_info for package apb
warning: no files found matching '*.txt'
warning: no files found matching '*.txt' under directory 'docs'
Requirement already satisfied (use --upgrade to upgrade): PyYAML>=3.10,<4.0 in /usr/lib64/python2.7/site-packages (from apb)
Downloading/unpacking docker>=2.1.0,<3.0.0 (from apb)
Downloading docker-2.5.1-py2.py3-none-any.whl (111kB): 111kB downloaded
Downloading/unpacking openshift>=0.0.1 (from apb)
Downloading openshift-0.0.1-py2.py3-none-any.whl (1.6MB): 1.6MB downloaded
Cleaning up...
Exception:
Traceback (most recent call last):
File "/usr/lib/python2.7/site-packages/pip-1.5.4-py2.7.egg/pip/basecommand.py", line 122, in main
status = self.run(options, args)
File "/usr/lib/python2.7/site-packages/pip-1.5.4-py2.7.egg/pip/commands/install.py", line 278, in run
requirement_set.prepare_files(finder, force_root_egg_info=self.bundle, bundle=self.bundle)
File "/usr/lib/python2.7/site-packages/pip-1.5.4-py2.7.egg/pip/req.py", line 1265, in prepare_files
req_to_install.extras):
File "/usr/lib/python2.7/site-packages/pip-1.5.4-py2.7.egg/pip/_vendor/pkg_resources.py", line 2232, in requires
dm = self._dep_map
File "/usr/lib/python2.7/site-packages/pip-1.5.4-py2.7.egg/pip/_vendor/pkg_resources.py", line 2423, in _dep_map
self.__dep_map = self._compute_dependencies()
File "/usr/lib/python2.7/site-packages/pip-1.5.4-py2.7.egg/pip/_vendor/pkg_resources.py", line 2447, in _compute_dependencies
parsed = next(parse_requirements(distvers))
File "/usr/lib/python2.7/site-packages/pip-1.5.4-py2.7.egg/pip/_vendor/pkg_resources.py", line 45, in <lambda>
next = lambda o: o.next()
File "/usr/lib/python2.7/site-packages/pip-1.5.4-py2.7.egg/pip/_vendor/pkg_resources.py", line 2544, in parse_requirements
line, p, specs = scan_list(VERSION,LINE_END,line,p,(1,2),"version spec")
File "/usr/lib/python2.7/site-packages/pip-1.5.4-py2.7.egg/pip/_vendor/pkg_resources.py", line 2512, in scan_list
raise ValueError("Expected "+item_name+" in",line,"at",line[p:])
ValueError: ('Expected version spec in', 'kubernetes ~=1.0.1', 'at', ' ~=1.0.1')
Storing debug log for failure in /root/.pip/pip.log
Goal is to ensure that all APB related files are present inside of an APB.
We want to be sure a user is able to pull down an APB, use it/modify, update parameters, and rebuild.
Assume we need to keep the apb.yml present in the image to make it easier to update.
At a minimal this helps to make it easier to see what the APB is exposing.
When I try to create a Service Account using the following snippet:
- name: Create Service Account
k8s_v1_service_account:
name: '{{ application_name }}'
namespace: '{{ namespace }}'
I get an error:
$ oc run apb-test --image=jboss-dataservices/datagrid-online-services-dev --restart=Never --attach=true -- provision -vvvvv -e namespace=myproject
If you don't see a command prompt, try pressing enter.
+ [[ provision -vvvvv -e namespace=myproject == *\s\2\i\/\a\s\s\e\m\b\l\e* ]]
+ ACTION=provision
+ shift
+ playbooks=/opt/apb/actions
+ CREDS=/var/tmp/bind-creds
+ TEST_RESULT=/var/tmp/test-result
+ whoami
+ '[' -w /etc/passwd ']'
++ id -u
+ echo 'apb:x:1000060000:0:apb user:/opt/apb:/sbin/nologin'
+ oc-login.sh
Attempting to login with a service account...
Logged into "https://kubernetes.default:443" as "system:serviceaccount:myproject:default" using the token provided.
You have one project on this server: "myproject"
+ set +x
Using project "myproject".
Welcome! See 'oc help' to get started.
ls: cannot access /etc/apb-secrets: No such file or directory
+ [[ -e /opt/apb/actions/provision.yaml ]]
+ [[ -e /opt/apb/actions/provision.yml ]]
+ ANSIBLE_ROLES_PATH=/etc/ansible/roles:/opt/ansible/roles
+ ansible-playbook /opt/apb/actions/provision.yml -vvvvv -e namespace=myproject
Using /etc/ansible/ansible.cfg as config file
Loading callback plugin default of type stdout, v2.0 from /usr/lib/python2.7/site-packages/ansible/plugins/callback/__init__.pyc
[WARNING]: provided hosts list is empty, only localhost is available
PLAYBOOK: provision.yml ********************************************************
1 plays in /opt/apb/actions/provision.yml
PLAY [datagrid-online-services-apb playbook to provision the application] ******
META: ran handlers
TASK [ansible.kubernetes-modules : Install latest openshift client] ************
task path: /etc/ansible/roles/ansible.kubernetes-modules/tasks/main.yml:4
skipping: [localhost] => {
"changed": false,
"skip_reason": "Conditional result was False",
"skipped": true
}
TASK [ansibleplaybookbundle.asb-modules : debug] *******************************
task path: /etc/ansible/roles/ansibleplaybookbundle.asb-modules/tasks/main.yml:2
ok: [localhost] => {
"msg": "Ansible Service Broker modules loaded"
}
TASK [provision-datagrid-online-services-apb : Create Service Account] *********
task path: /opt/ansible/roles/provision-datagrid-online-services-apb/tasks/main.yml:4
Using module file /etc/ansible/roles/ansible.kubernetes-modules/library/k8s_v1_service_account.py
<127.0.0.1> ESTABLISH LOCAL CONNECTION FOR USER: apb
<127.0.0.1> EXEC /bin/sh -c 'echo ~ && sleep 0'
<127.0.0.1> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /opt/apb/.ansible/tmp/ansible-tmp-1506327197.18-130421672005838 `" && echo ansible-tmp-1506327197.18-130421672005838="` echo /opt/apb/.ansible/tmp/ansible-tmp-1506327197.18-130421672005838 `" ) && sleep 0'
<127.0.0.1> PUT /tmp/tmpkaWZWz TO /opt/apb/.ansible/tmp/ansible-tmp-1506327197.18-130421672005838/k8s_v1_service_account.py
<127.0.0.1> EXEC /bin/sh -c 'chmod u+x /opt/apb/.ansible/tmp/ansible-tmp-1506327197.18-130421672005838/ /opt/apb/.ansible/tmp/ansible-tmp-1506327197.18-130421672005838/k8s_v1_service_account.py && sleep 0'
<127.0.0.1> EXEC /bin/sh -c '/usr/bin/python2 /opt/apb/.ansible/tmp/ansible-tmp-1506327197.18-130421672005838/k8s_v1_service_account.py; rm -rf "/opt/apb/.ansible/tmp/ansible-tmp-1506327197.18-130421672005838/" > /dev/null 2>&1 && sleep 0'
The full traceback is:
Traceback (most recent call last):
File "/tmp/ansible_EeOs1k/ansible_module_k8s_v1_service_account.py", line 370, in <module>
main()
File "/tmp/ansible_EeOs1k/ansible_module_k8s_v1_service_account.py", line 364, in main
module.execute_module()
File "/tmp/ansible_EeOs1k/ansible_modlib.zip/ansible/module_utils/k8s_common.py", line 199, in execute_module
File "/tmp/ansible_EeOs1k/ansible_modlib.zip/ansible/module_utils/k8s_common.py", line 251, in _create
File "/usr/lib/python2.7/site-packages/openshift/helper/base.py", line 242, in create_object
return_obj = self._wait_for_response(name, namespace, 'create')
File "/usr/lib/python2.7/site-packages/openshift/helper/base.py", line 493, in _wait_for_response
elif obj and obj.status and hasattr(obj.status, 'phase'):
AttributeError: 'V1ServiceAccount' object has no attribute 'status'
fatal: [localhost]: FAILED! => {
"changed": false,
"failed": true,
"module_stderr": "Traceback (most recent call last):\n File \"/tmp/ansible_EeOs1k/ansible_module_k8s_v1_service_account.py\", line 370, in <module>\n main()\n File \"/tmp/ansible_EeOs1k/ansible_module_k8s_v1_service_account.py\", line 364, in main\n module.execute_module()\n File \"/tmp/ansible_EeOs1k/ansible_modlib.zip/ansible/module_utils/k8s_common.py\", line 199, in execute_module\n File \"/tmp/ansible_EeOs1k/ansible_modlib.zip/ansible/module_utils/k8s_common.py\", line 251, in _create\n File \"/usr/lib/python2.7/site-packages/openshift/helper/base.py\", line 242, in create_object\n return_obj = self._wait_for_response(name, namespace, 'create')\n File \"/usr/lib/python2.7/site-packages/openshift/helper/base.py\", line 493, in _wait_for_response\n elif obj and obj.status and hasattr(obj.status, 'phase'):\nAttributeError: 'V1ServiceAccount' object has no attribute 'status'\n",
"module_stdout": "",
"msg": "MODULE FAILURE",
"rc": 0
}
to retry, use: --limit @/opt/apb/actions/provision.retry
PLAY RECAP *********************************************************************
localhost : ok=1 changed=0 unreachable=0 failed=1
+ EXIT_CODE=2
+ set +ex
+ '[' -f /var/tmp/test-result ']'
+ '[' -f /var/tmp/bind-creds ']'
+ exit 2
pod myproject/apb-test terminated (Error)
make: *** [Makefile:146: test-apb-provision] Error 2
The fun part is that the SA has actually been created:
$ oc get sa
NAME SECRETS AGE
builder 2 3m
caching-service 2 2m
default 2 3m
deployer 2 3m
My environment was setup using this guide: https://github.com/openshift/ansible-service-broker#getting-started-with-the-ansible-service-broker
[root@localhost my-test-apb]# oc status
oc v3.7.0+7ed6862
kubernetes v1.7.6+a08f5eeb62
features: Basic-Auth GSSAPI Kerberos SPNEGO
Server https://172.17.0.1.nip.io:8443
openshift v3.7.0+7ed6862
kubernetes v1.7.6+a08f5eeb62
I went through the steps under "Using apb init" in https://github.com/ansibleplaybookbundle/ansible-playbook-bundle/blob/master/docs/getting_started.md. But "apb list" doesn't show dh-my-test-apb. Only the default apbs.
[root@localhost my-test-apb]# apb push -o
version: 1.0
name: my-test-apb
description: This is a sample application generated by apb init
bindable: False
async: optional
metadata:
displayName: my-test
plans:
- name: default
description: This default plan deploys my-test-apb
free: True
metadata: {}
parameters: []
Found registry IP at: 172.30.1.1:5000
Building image with the tag: 172.30.1.1:5000/openshift/my-test-apb
Successfully pushed image: 172.30.1.1:5000/openshift/my-test-apb
https://asb-1338-ansible-service-broker.172.17.0.1.nip.io/ansible-service-broker
Successfully bootstrapped Ansible Service Broker
Successfully relisted the Service Catalog
[root@localhost my-test-apb]# apb list
ID NAME DESCRIPTION
ca91b61da8476984f18fc13883ae2fdb dh-etherpad-apb Note taking web application
ab24ffd54da0aefdea5277e0edce8425 dh-hastebin-apb This is a sample application generated by apb init
9f7da06f179b895a8ee5f9a3ce4af7ef dh-hello-world-apb deploys hello-world web application
b43a4272a6efcaaa3e0b9616324f1099 dh-hello-world-db-apb A sample APB which deploys Hello World Database
f4509733ca0636df3d69b6af53260160 dh-jenkins-apb Jenkins service with optional persistent storage and S2I build
6df7afbd132c094704b4a8bfd44378c0 dh-manageiq-apb ManageIQ
67042296c7c95e84142f21f58da2ebfe dh-mariadb-apb Mariadb apb implementation
f6c4486b7fb0cdac4b58e193607f7011 dh-mediawiki-apb Mediawiki apb implementation
ddd528762894b277001df310a126d5ad dh-mysql-apb Software Collections MySQL APB
135bd0df0401e2fdd52fd136935014fb dh-nginx-apb An open source reverse proxy web server
1dda1477cace09730bd8ed7a6505607e dh-postgresql-apb SCL PostgreSQL apb implementation
0e991006d21029e47abe71acc255e807 dh-pyzip-demo-apb Python Zip Demo APB Implementation
693cb128e68365830c913631300deac0 dh-pyzip-demo-db-apb Python Zip Demo Database APB Implementation
c65fbd4e701cb71d74fd2cc35e14432b dh-rds-postgres-apb Managed relational database service with a choice of six popular database engines. Set up, operate, and scale a relational database in the cloud with just a few clicks.
ba9c2d4db404ce97111bea80225de968 dh-rocketchat-apb This APB deploys RocketChat backed by MongoDB
eebf92c7670f30007a4b8db3a8166d5c dh-thelounge-apb This is a sample application generated by apb init
a946a139a9308a59bf642ac52b4ba317 dh-wordpress-ha-apb High Availability Wordpress APB
docker pull docker.io/ansibleplaybookbundle/apb
results with:
Using default tag: latest Trying to pull repository docker.io/ansibleplaybookbundle/apb ... repository docker.io/ansibleplaybookbundle/apb not found: does not exist or no pull access
After the latest changes to the templates I can not use HTTP (only HTTPS is allowed). When using oc cluster up
, the CA is automatically generated upon server startup and is not trusted in the system.
Now, when I try to list APBs, I get the following error:
$ apb list --broker https://asb-1338-ansible-service-broker.127.0.0.1.nip.io --secure
ERROR: Failed broker request (get) https://asb-1338-ansible-service-broker.127.0.0.1.nip.io/v2/catalog
Exception occurred! ("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')],)",)
$ rpm -qa apb
apb-0.2.4-1.20170926162656.fc26.noarch
With the latest Docker image it's even worse:
$ sudo docker run --rm --privileged -v `pwd`:/mnt -v /home/slaskawi/.kube:/.kube -v /var/run/docker.sock:/var/run/docker.sock -u `id -u` docker.io/ansibleplaybookbundle/apb list --broker https://asb-1338-ansible-service-broker.127.0.0.1.nip.io --secure
ERROR: Failed broker request (get) https://asb-1338-ansible-service-broker.127.0.0.1.nip.io/v2/catalog
Exception occurred! HTTPSConnectionPool(host='asb-1338-ansible-service-broker.127.0.0.1.nip.io', port=443): Max retries exceeded with url: /v2/catalog (Caused by NewConnectionError('<requests.packages.urllib3.connection.VerifiedHTTPSConnection object at 0x2fcc9d0>: Failed to establish a new connection: [Errno 111] Connection refused',))
$ sudo docker images | grep ansibleplaybookbundle/apb
registry.hub.docker.com/ansibleplaybookbundle/apb-base latest 15a9c4faab0c 6 hours ago 645 MB
docker.io/ansibleplaybookbundle/apb latest dbd62e0e79a2 7 days ago 705 MB
So it seems there is no --allow-untrusted
(or similar) switch, which would allow using oc cluster up
. And the second thing is that RPM and Docker image of APB are out of sync.
Need to add nose unit tests.
It appears that when creating the role, we are not assigning the service account as a subject. Because of this, it appears that the no action can be taken by a provision playbook.
oc create -f
seems to be working just fine.oc run
command style still works as well.- name: set development deployment config state to {{ state }}
openshift_v1_deployment_config:
name: postgresql
namespace: '{{ namespace }}'
labels:
app: rhscl-postgresql-apb
service: postgresql
...
The deployment config name is hardcoded to postgresql
. If I run a second postgresql apb in the same namespace then nothing will happen because the resources will already exist. This is the case for all our apbs.
When doing and 'apb push' the controller-manager pod is killed and restarted. However, it does not refresh the APB (which was just pushed).
When the pod is manually kill and restarted via the webui, the new APB updates can be visible.
Is there a way currently with apbs to specify a bind creation parameters schema as per the spec
https://github.com/openservicebrokerapi/servicebroker/blob/v2.13/spec.md#input-parameters-object
If not is there a plan to allow this kind of schema to be specified as part of an apb? As our requirements around binding increase, we want to be able to specify a set of parameters that can be passed at binding time.
Hi,
I followed the installing-from-source docs, but I got errors when executing pip install -r src/requirements.txt
command.
Errors as the following, could you help to check it? Or something else I missed?
(apb)[root@ip-172-18-3-39 ansible-playbook-bundle]# pip install -r src/requirements.txt
Downloading/unpacking PyYAML<4.0,>=3.10 (from -r src/requirements.txt (line 1))
Downloading PyYAML-3.12.tar.gz (253kB): 253kB downloaded
Running setup.py egg_info for package PyYAML
Downloading/unpacking docker<3.0.0,>=2.1.0 (from -r src/requirements.txt (line 2))
Downloading docker-2.5.1.tar.gz (155kB): 155kB downloaded
Running setup.py egg_info for package docker
Downloading/unpacking openshift>=0.0.1 (from -r src/requirements.txt (line 3))
Downloading openshift-0.3.2.tar.gz (298kB): 298kB downloaded
Running setup.py egg_info for package openshift
Downloading/unpacking Jinja2>=2.7.2 (from -r src/requirements.txt (line 4))
Downloading Jinja2-2.9.6.tar.gz (437kB): 437kB downloaded
Running setup.py egg_info for package Jinja2
warning: no files found matching 'run-tests.py'
warning: no files found matching '*' under directory 'custom_fixers'
warning: no files found matching '*' under directory 'jinja2/testsuite/res'
warning: no previously-included files matching '*' found under directory 'docs/_build'
warning: no previously-included files matching '*.pyc' found under directory 'jinja2'
warning: no previously-included files matching '*.pyc' found under directory 'docs'
warning: no previously-included files matching '*.pyo' found under directory 'jinja2'
warning: no previously-included files matching '*.pyo' found under directory 'docs'
Downloading/unpacking requests>=2.6.0 (from -r src/requirements.txt (line 5))
Downloading requests-2.18.4.tar.gz (126kB): 126kB downloaded
Running setup.py egg_info for package requests
warning: no files found matching 'NOTICE'
Downloading/unpacking ruamel.yaml>=0.15 (from -r src/requirements.txt (line 6))
Downloading ruamel.yaml-0.15.34.tar.gz (260kB): 260kB downloaded
Running setup.py egg_info for package ruamel.yaml
sys.argv ['-c', 'egg_info', '--egg-base', 'pip-egg-info']
Requirement already satisfied (use --upgrade to upgrade): six>=1.4.0 in /tmp/apb/lib/python2.7/site-packages (from docker<3.0.0,>=2.1.0->-r src/requirements.txt (line 2))
Downloading/unpacking websocket-client>=0.32.0 (from docker<3.0.0,>=2.1.0->-r src/requirements.txt (line 2))
Downloading websocket_client-0.44.0.tar.gz (194kB): 194kB downloaded
Running setup.py egg_info for package websocket-client
Downloading/unpacking docker-pycreds>=0.2.1 (from docker<3.0.0,>=2.1.0->-r src/requirements.txt (line 2))
Downloading docker-pycreds-0.2.1.tar.gz
Running setup.py egg_info for package docker-pycreds
Downloading/unpacking dictdiffer (from openshift>=0.0.1->-r src/requirements.txt (line 3))
Downloading dictdiffer-0.6.1.tar.gz
Running setup.py egg_info for package dictdiffer
zip_safe flag not set; analyzing archive contents...
Installed /tmp/apb/build/dictdiffer/.eggs/pytest_runner-2.12.1-py2.7.egg
Downloading/unpacking kubernetes~=3.0.0 (from openshift>=0.0.1->-r src/requirements.txt (line 3))
Downloading kubernetes-3.0.0.tar.gz (328kB): 328kB downloaded
Running setup.py egg_info for package kubernetes
Traceback (most recent call last):
File "<string>", line 16, in <module>
File "/tmp/apb/build/kubernetes/setup.py", line 30, in <module>
with open('requirements.txt') as f:
IOError: [Errno 2] No such file or directory: 'requirements.txt'
Complete output from command python setup.py egg_info:
Traceback (most recent call last):
File "<string>", line 16, in <module>
File "/tmp/apb/build/kubernetes/setup.py", line 30, in <module>
with open('requirements.txt') as f:
IOError: [Errno 2] No such file or directory: 'requirements.txt'
----------------------------------------
Cleaning up...
Command python setup.py egg_info failed with error code 1 in /tmp/apb/build/kubernetes
Storing complete log in /root/.pip/pip.log
(apb)[root@ip-172-18-3-39 ansible-playbook-bundle]# python
Python 2.7.5 (default, May 3 2017, 07:55:04)
[GCC 4.8.5 20150623 (Red Hat 4.8.5-14)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> exit()
(apb)[root@ip-172-18-3-39 ansible-playbook-bundle]# cat src/requirements.txt
PyYAML>=3.10,<4.0
docker>=2.1.0,<3.0.0
openshift>=0.0.1
Jinja2>=2.7.2
requests>=2.6.0
ruamel.yaml>=0.15
(apb)[root@ip-172-18-3-39 ansible-playbook-bundle]# pwd
/root/ansible-playbook-bundle
(apb)[root@ip-172-18-3-39 ansible-playbook-bundle]# uname -a
Linux ip-172-18-3-39.ec2.internal 3.10.0-693.el7.x86_64 #1 SMP Thu Jul 6 19:56:57 EDT 2017 x86_64 x86_64 x86_64 GNU/Linux
(apb)[root@ip-172-18-3-39 ansible-playbook-bundle]# lsb_release -a
LSB Version: :core-4.1-amd64:core-4.1-noarch
Distributor ID: RedHatEnterpriseServer
Description: Red Hat Enterprise Linux Server release 7.4 (Maipo)
Release: 7.4
Codename: Maipo
Installing the apb
CLI locally, via dnf (version 1.1.1.1
), I am able to push to Openshift/ASB. But running into exactly this problem:
#180
However, when I am using the same cluster environment (I am using the run_latest_build.sh
from the ASB), I am not able to perform a push, like:
docker run --rm --privileged -v $(PWD):/mnt:z -v $(HOME)/.kube:/.kube -v /var/run/docker.sock:/var/run/docker.sock -u $(USER) docker.io/ansibleplaybookbundle/apb-tools:latest push --openshift
This does actually result in this problem:
Successfully built a2950fdafd98
docker run --rm --privileged -v /home/Matthias/Work/Conferences/DevConf/kafka-apb:/mnt:z -v /home/Matthias/.kube:/.kube -v /var/run/docker.sock:/var/run/docker.sock -u 1000 docker.io/ansibleplaybookbundle/apb-tools:latest push --openshift
2017-12-19 17:12:26,836 WARNING Retrying (Retry(total=2, connect=None, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x3e7d510>: Failed to establish a new connection: [Errno 111] Connection refused',)': /oapi/v1/namespaces/ansible-service-broker/routes
2017-12-19 17:12:26,837 WARNING Retrying (Retry(total=1, connect=None, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x3e7d3d0>: Failed to establish a new connection: [Errno 111] Connection refused',)': /oapi/v1/namespaces/ansible-service-broker/routes
2017-12-19 17:12:26,837 WARNING Retrying (Retry(total=0, connect=None, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x3e7d110>: Failed to establish a new connection: [Errno 111] Connection refused',)': /oapi/v1/namespaces/ansible-service-broker/routes
2017-12-19 17:12:26,907 WARNING Retrying (Retry(total=2, connect=None, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x3e6eed0>: Failed to establish a new connection: [Errno 111] Connection refused',)': /api/v1/namespaces/default/services/docker-registry
2017-12-19 17:12:26,908 WARNING Retrying (Retry(total=1, connect=None, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x3e6e890>: Failed to establish a new connection: [Errno 111] Connection refused',)': /api/v1/namespaces/default/services/docker-registry
2017-12-19 17:12:26,908 WARNING Retrying (Retry(total=0, connect=None, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x3e6e750>: Failed to establish a new connection: [Errno 111] Connection refused',)': /api/v1/namespaces/default/services/docker-registry
version: 1.0
name: kafka-apb
description: APB for Apache Kafka and Apache Zookeeper
bindable: False
async: optional
metadata:
displayName: Apache Kafka Cluster
imageUrl: "https://svn.apache.org/repos/asf/kafka/site/logos/kafka-logo-no-text.png"
documentationUrl: "http://kafka.apache.org/documentation"
providerDisplayName: "Matthias Wessendorf"
plans:
- name: default
description: This default plan deploys kafka-apb
free: True
metadata: {}
parameters: []
Exception occurred! HTTPSConnectionPool(host='127.0.0.1', port=8443): Max retries exceeded with url: /api/v1/namespaces/default/services/docker-registry (Caused by NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x3e7b490>: Failed to establish a new connection: [Errno 111] Connection refused',))
make: *** [Makefile:20: apb_push] Error 1
I have a make file that basically embeds the apb push --openshift1
We created a placeholder for an example APB with no parameters in #19. We should update this example when we get a working APB with no parameters.
The documentation states that name
is an alias for role_ref_name
(here's a link). This is simply wrong. It is possible to have a Role Binding with different RoleRefName
and Name
:
apiVersion: v1
groupNames: null
kind: RoleBinding
metadata:
creationTimestamp: 2017-09-25T08:35:15Z
labels:
template: jdg-caching-service
# Name = infinispan-app-view
name: infinispan-app-view
namespace: myproject
resourceVersion: "1989"
selfLink: /oapi/v1/namespaces/myproject/rolebindings/infinispan-app-view
uid: 7425976b-a1cc-11e7-b3a4-54ee751d46e3
roleRef:
# Role Ref Name = view
name: view
subjects:
- kind: ServiceAccount
name: infinispan-app
namespace: myproject
userNames:
- system:serviceaccount:myproject:infinispan-app
It was a mistake to introduce id
s into the APBs, and the broker now ignores them entirely and does its own internal bookkeeping. We should remove it from the tooling.
Hello,
I've started the Openshift Origin (upstream) 3.6.0 release, like:
oc cluster up --metrics --service-catalog=true
Now I want to run an APB, located here: https://github.com/feedhenry/3scale-apb
On its master branch, I did:
make DOCKERORG="matzew"
apb bootstrap
our Makefile
went well, and some image got pushed to my docker-hub account, however, on the apb boostrap
, I am getting the following error:
Exception occurred! Could not find route to ansible-service-broker. Use --broker or log into the cluster using "oc login"
Any ideas ?
BTW. I am on this version:
apb-0.2.4-1.20171004141547.fc26.noarch
With few examples apb build
fails due yaml file parsing error as there is :
in the description field and fields are not wrapped in semacomma
[root@ip-172-18-10-234 rds-mysql-apb]# apb build
ERROR: Failed to load spec!
Exception occurred! mapping values are not allowed here
in "<string>", line 62, column 80:
... database engine to use. (values: "UTC", "US/Pacific", "US/Easte ...
- MysqlServerTimezone:
default: UTC
type: string
description: The default timezone for the database engine to use. (values: "UTC", "US/Pacific", "US/Eastern", etc.)
title: MySQL Server Timezone
to
- MysqlServerTimezone:
default: UTC
type: string
description: 'The default timezone for the database engine to use. (values: "UTC", "US/Pacific", "US/Eastern", etc.)'
title: MySQL Server Timezone
The ansible-playbook-bundle repo has a bunch of extra files in it that have nothing to do with rendering APB Dockerfiles with the encoded config data. I think we should clean up this repo so that it only focuses on being a helpful tool for rendering APBs.
Deprovisioning service with Role Binding results in error:
fatal: [localhost]: FAILED! => {"changed": false, "error": 403, "failed": true, "msg": "Failed to retrieve requested object: User \"system:serviceaccount:myproject:apb-3e385e84-6a7a-4e2f-a344-4b81d0a838f2\" cannot get rolebindings in project \"myproject\""}
Full logs:
+ [[ deprovision --extra-vars {"_apb_plan_id":"caching-service","application_name":"caching-service-app","docker_image":"docker-registry.engineering.redhat.com/jboss-dataservices/datagrid-online-services","namespace":"myproject"} == *\s\2\i\/\a\s\s\e\m\b\l\e* ]]
--
| + ACTION=deprovision
| + shift
| + playbooks=/opt/apb/actions
| + CREDS=/var/tmp/bind-creds
| + TEST_RESULT=/var/tmp/test-result
| + whoami
| + '[' -w /etc/passwd ']'
| ++ id -u
| + echo 'apb:x:1000060000:0:apb user:/opt/apb:/sbin/nologin'
| + oc-login.sh
| Attempting to login with a service account...
| Logged into "https://kubernetes.default:443" as "system:serviceaccount:myproject:apb-3e385e84-6a7a-4e2f-a344-4b81d0a838f2" using the token provided.
| You have one project on this server: "myproject"
| Using project "myproject".
| Welcome! See 'oc help' to get started.
| + set +x
| ls: cannot access /etc/apb-secrets: No such file or directory
| + [[ -e /opt/apb/actions/deprovision.yaml ]]
| + [[ -e /opt/apb/actions/deprovision.yml ]]
| + ANSIBLE_ROLES_PATH=/etc/ansible/roles:/opt/ansible/roles
| + ansible-playbook /opt/apb/actions/deprovision.yml --extra-vars '{"_apb_plan_id":"caching-service","application_name":"caching-service-app","docker_image":"docker-registry.engineering.redhat.com/jboss-dataservices/datagrid-online-services","namespace":"myproject"}'
| PLAY [datagrid-online-services-apb playbook to deprovision the application] ****
| TASK [ansible.kubernetes-modules : Install latest openshift client] ************
| skipping: [localhost]
| TASK [deprovision-datagrid-online-services-apb : Delete Service Account] *******
| ok: [localhost]
| TASK [deprovision-datagrid-online-services-apb : Delete Role Binding] **********
| fatal: [localhost]: FAILED! => {"changed": false, "error": 403, "failed": true, "msg": "Failed to retrieve requested object: User \"system:serviceaccount:myproject:apb-3e385e84-6a7a-4e2f-a344-4b81d0a838f2\" cannot get rolebindings in project \"myproject\""}
| to retry, use: --limit @/opt/apb/actions/deprovision.retry
| PLAY RECAP *********************************************************************
| localhost : ok=1 changed=0 unreachable=0 failed=1
| + EXIT_CODE=2
| + set +ex
| + '[' -f /var/tmp/test-result ']'
| + '[' -f /var/tmp/bind-creds ']'
| + exit 2
Deprovision snippet:
- name: Delete Role Binding
openshift_v1_role_binding:
namespace: '{{ namespace }}'
name: '{{ application_name }}'
state: absent
I'm referring to the line:
USER apb
See the section on "Named user vs numeric user ID" in [1] for more information on why this is dangerous.
[1] http://blog.dscpl.com.au/2015/12/random-user-ids-when-running-docker.html
Wonder if creating an apb docker image would be a good way to go here?
Setting up python and the virtural env took a while for different reasons. Where as being able to do docker run fusor/apb init org/image
might provide a better option for those not familiar with python ?
tito build --test --rpm -i
will work but the resulting apb tool fails to run.
[jesusr@speed3 ansible-playbook-bundle{master}]$ apb init --help
Traceback (most recent call last):
File "/usr/bin/apb", line 5, in <module>
from pkg_resources import load_entry_point
File "/usr/lib/python3.5/site-packages/pkg_resources/__init__.py", line 2958, in <module>
@_call_aside
File "/usr/lib/python3.5/site-packages/pkg_resources/__init__.py", line 2944, in _call_aside
f(*args, **kwargs)
File "/usr/lib/python3.5/site-packages/pkg_resources/__init__.py", line 2971, in _initialize_master_working_set
working_set = WorkingSet._build_master()
File "/usr/lib/python3.5/site-packages/pkg_resources/__init__.py", line 635, in _build_master
ws.require(__requires__)
File "/usr/lib/python3.5/site-packages/pkg_resources/__init__.py", line 943, in require
needed = self.resolve(parse_requirements(requirements))
File "/usr/lib/python3.5/site-packages/pkg_resources/__init__.py", line 829, in resolve
raise DistributionNotFound(req, requirers)
pkg_resources.DistributionNotFound: The 'docker==2.2.1' distribution was not found and is required by apb
The problem is the src/requirements.txt
lists docker==2.2.1
but there is no python-docker in Fedora 25. The apb.spec has the wrong Requires: docker
, I thought we required DOCKER, but we need python-docker
.
Fedora 25 has python-docker-py
version 1.10.6.
Fedora 26 has python-docker-py
version 1.10.6 and
python-docker
version 2.2.1.
We need to be careful with willy nilly pulling in dependencies using pip without first checking to see if there is a packaged version for our target OSes: Fedora, CentOS, RHEL.
It should be:
ansibleplaybookbundle/apb-base
but is actually:
apb/apb-base
We need a mechanism to allow the user to pass in user/pass when using tools such as 'apb list' and 'apb push' so that we don't need to disable basic_auth in the broker. Ideally this would try to use creds stored in kubeconfig.
After setting up the broker locally apb list
fails because it uses the etcd route to try and contact the broker.
[rhallisey@rhev-i16c-04 test-apb]$ apb list
url = https://asb-etcd-ansible-service-broker.172.17.0.1.nip.io/ansible-service-broker/v2/catalog
Error: Attempt to list APBs in the broker returned status: 503
Unable to list APBs in Ansible Service Broker.
A lot of issues are popping up with regards to the apb tool connecting to the broker or the cluster. I think we need to improve on our error messaging to help identify common issues. Additionally, I think adding good docs and a series of tests to the apb tool will also help improve its durability.
Need ability to lint an apb.yml content, helps with verifying APBs in relation to partner APBs submitted.
In addition, would help to go through all ansible playbooks and sanity check
When a user is logged into the cluster we will use that user. We should make sure that the user has access to the required resources before trying to use that user.
It would be nice if the apb.yaml
would support (and being valid) a license:
field, so that one could do:
version: 1.0
license: Apache 2.0
name: my-cool-apb
...
When I do a "apb push -o" I am seeing "Execption occurred! 'authorization". It is unclear to me what is the authorization error and how to fix it. I have setup the ansible service broker to use the local openstack registry. Please see config file and details below.
[vagrant@localhost mariadb-apb]$ apb push -o
version: 1.0
id: 5a9eb5f8-cbde-4e62-a30a-9fa30006fc9a
name: tripleo-k8s-mariadb
image: tripleo/tripleo-k8s-mariadb
description: This is a sample application generated by apb init
bindable: True
async: optional
metadata:
displayName: tripleo-k8s-mariadb
plans:
Found registry IP at: 172.30.1.1:5000
Building image with the tag: 172.30.1.1:5000/openshift/tripleo-k8s-mariadb
Exception occurred! 'authorization'
The openshift environment was brought up using
ORIGIN_VERSION=v3.7.0 ./run_latest_build.sh
[vagrant@localhost mariadb-apb]$ oc status
In project ansible-service-broker on server https://127.0.0.1:8443
https://asb-1338-ansible-service-broker.172.17.0.1.nip.io (reencrypt) to pod port port-1338 (svc/asb)
dc/asb deploys docker.io/ansibleplaybookbundle/origin-ansible-service-broker:latest
deployment #1 deployed about an hour ago - 1 pod
svc/asb-etcd - 172.30.134.117:2379
dc/asb-etcd deploys quay.io/coreos/etcd:latest
deployment #1 deployed about an hour ago - 1 pod
1 warning identified, use 'oc status -v' to see details.
[vagrant@localhost mariadb-apb]$ oc version
oc v3.7.0+7ed6862
kubernetes v1.7.6+a08f5eeb62
features: Basic-Auth GSSAPI Kerberos SPNEGO
Server https://127.0.0.1:8443
openshift v3.7.0+7ed6862
kubernetes v1.7.6+a08f5eeb62
[vagrant@localhost ansible-service-broker]$ cat /etc/ansible-service-broker/config.yaml
broker:
devbroker: true
registry:
When the logged in user does not have a token we are throwing an error even if they input basic auth parameters.
See the below email from @aweiteka
https://www.redhat.com/archives/ansible-service-broker/2017-August/msg00012.html
It would be nice to create an APB that could be used by developers working on the broker & catalog. The apb would be very simple and can perform [provision, deprovision, bind, unbind] in a flexible and debuggable manner. It would also serve as an example template for array of APBs. A perfect example of this is an apb that has a pinch of every feature we're adding into an apb, but as all hard coded values. The hello-world-apb currently is useful in that it's simple, but it doesn't have bind.
This is not always true (see here). In case of using http it returns the following warnings:
$ apb push --broker http://172.30.109.101:1338
2017-09-21 08:52:57,662 WARNING Retrying (Retry(total=2, connect=None, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x3cbcb10>: Failed to establish a new connection: [Errno 111] Connection refused',)': /api/v1/namespaces/service-catalog/pods
2017-09-21 08:52:57,662 WARNING Retrying (Retry(total=1, connect=None, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x3cbc590>: Failed to establish a new connection: [Errno 111] Connection refused',)': /api/v1/namespaces/service-catalog/pods
2017-09-21 08:52:57,662 WARNING Retrying (Retry(total=0, connect=None, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x3cbc3d0>: Failed to establish a new connection: [Errno 111] Connection refused',)': /api/v1/namespaces/service-catalog/pods
Successfully added APB to Ansible Service Broker
Note that the operation is successful (apart from warnings reported).
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.