k8s installation script does not longer exists
cmoulliard opened this issue · 7 comments
cmoulliard commented
** Issue **
Bash script ./scripts/run_latest_k8s_build.sh does not longer exists and then it is not possible to install anymore OAB on plain kubernetes cluster using such commands
#!/bin/env bash
# Adjust the version to your liking. Follow installation docs
# at https://github.com/kubernetes/minikube.
minikube start --bootstrapper kubeadm --kubernetes-version v1.9.4
# Install helm and tiller. See documentation for obtaining the helm
# binary. https://docs.helm.sh/using_helm/#install-helm
helm init
# Wait until tiller is ready before moving on
until kubectl get pods -n kube-system -l name=tiller | grep 1/1; do sleep 1; done
kubectl create clusterrolebinding tiller-cluster-admin --clusterrole=cluster-admin --serviceaccount=kube-system:default
# Adds the chart repository for the service catalog
helm repo add svc-cat https://svc-catalog-charts.storage.googleapis.com
# Installs the service catalog
helm install svc-cat/catalog --name catalog --namespace catalog
# Wait until the catalog is ready before moving on
until kubectl get pods -n catalog -l app=catalog-catalog-apiserver | grep 2/2; do sleep 1; done
until kubectl get pods -n catalog -l app=catalog-catalog-controller-manager | grep 1/1; do sleep 1; done
./scripts/run_latest_k8s_build.sh
djzager commented
The README.md looks like it needs to be updated.
This command will run the broker-apb to install the broker in a cluster:
curl https://raw.githubusercontent.com/openshift/ansible-service-broker/master/apb/install.yaml | kubectl create -f -
cmoulliard commented
This command fails too
curl https://raw.githubusercontent.com/openshift/ansible-service-broker/master/apb/install.yaml | kubectl create -f -
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 15 100 15 0 0 15 0 0:00:01 0:00:01 --:--:-- 13
error: error validating "STDIN": error validating data: [apiVersion not set, kind not set]; if you choose to ignore these errors, turn validation off with --validate=false
djzager commented
I gave you the wrong url :( sorry about that:
curl https://raw.githubusercontent.com/openshift/ansible-service-broker/master/ansible_role/apb/install.yaml | kubectl create -f -
Need to submit a PR to update:
- The README.md for installing the broker in k8s with the APB
- Update the
run_latest.shto have the correct url for the install.yaml
cmoulliard commented
That works better
curl https://raw.githubusercontent.com/openshift/ansible-service-broker/master/ansible_role/apb/install.yaml | kubectl create -f -
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 888 100 888 0 0 888 0 0:00:01 --:--:-- 0:00:01 2324
namespace/automation-broker-apb created
serviceaccount/automation-broker-apb created
clusterrolebinding.rbac.authorization.k8s.io/automation-broker-apb created
pod/automation-broker-apb created
cmoulliard commented
BTW, after the Broker has been deployed on k8s 1.13, then the log of the broker's pod reports this clusterrole issue :
Unable to retrieve cluster roles rules from cluster
You must be using OpenShift 3.7 to use the User rules check.
clusterroles.rbac.authorization.k8s.io "edit" not found�[0m
Full log
Using config file mounted to /etc/automation-broker/config.yaml
============================================================
== Creating Ansible Service Broker... ==
============================================================
�[32m[2018-12-17T20:09:33.843Z] [NOTICE] - Initializing clients...�[0m
�[36m[2018-12-17T20:09:33.844Z] [DEBUG] - Connecting to Cluster�[0m
time="2018-12-17T20:09:33Z" level=info msg="Kubernetes version: %vv1.13.0"
�[36m[2018-12-17T20:09:33.851Z] [DEBUG] - Connecting Dao�[0m
�[36m[2018-12-17T20:09:33.851Z] [DEBUG] - Connecting Registry�[0m
�[36m[2018-12-17T20:09:33.852Z] [DEBUG] - Initializing WorkEngine�[0m
�[36m[2018-12-17T20:09:33.852Z] [DEBUG] - Creating AnsibleBroker�[0m
============================================================
time="2018-12-17T20:09:33Z" level=info msg="== REGISTRY CX == "
time="2018-12-17T20:09:33Z" level=info msg="Name: dh"
time="2018-12-17T20:09:33Z" level=info msg="Type: dockerhub"
time="2018-12-17T20:09:33Z" level=info msg="Url: https://registry.hub.docker.com"
== Starting Ansible Service Broker... ==
============================================================
[2018-12-17T20:09:33.852Z] [INFO] - Initiating Recovery Process�[0m
[2018-12-17T20:09:33.86Z] [INFO] - Recovery complete�[0m
�[32m[2018-12-17T20:09:33.86Z] [NOTICE] - recover called�[0m
[2018-12-17T20:09:33.86Z] [INFO] - Broker configured to bootstrap on startup�[0m
[2018-12-17T20:09:33.86Z] [INFO] - Attempting bootstrap...�[0m
[2018-12-17T20:09:33.86Z] [INFO] - AnsibleBroker::Bootstrap�[0m
�[36m[2018-12-17T20:09:33.86Z] [DEBUG] - Dao::BatchGetSpecs�[0m
time="2018-12-17T20:09:36Z" level=info msg="APBs filtered by white/blacklist filter:-> ansibleplaybookbundle/kubevirt-ansible-> ansibleplaybookbundle/origin-ansible-service-broker-> ansibleplaybookbundle/hello-world-> ansibleplaybookbundle/mediawiki123-> ansibleplaybookbundle/manageiq-apb-runner-> ansibleplaybookbundle/apb-base-> ansibleplaybookbundle/apb-tools-> ansibleplaybookbundle/mediawiki-> ansibleplaybookbundle/photo-album-demo-app-> ansibleplaybookbundle/photo-album-demo-api-> ansibleplaybookbundle/py-zip-demo-> ansibleplaybookbundle/apb-assets-base-> ansibleplaybookbundle/asb-installer-> ansibleplaybookbundle/origin-> ansibleplaybookbundle/helm-bundle-base-> ansibleplaybookbundle/deploy-broker-> ansibleplaybookbundle/vnc-client-> ansibleplaybookbundle/ansible-service-broker-> ansibleplaybookbundle/origin-service-catalog-> ansibleplaybookbundle/vnc-desktop-> ansibleplaybookbundle/origin-haproxy-router-> ansibleplaybookbundle/origin-docker-registry-> ansibleplaybookbundle/origin-pod-> ansibleplaybookbundle/origin-recycler-> ansibleplaybookbundle/origin-sti-builder-> ansibleplaybookbundle/origin-deployer"
time="2018-12-17T20:09:38Z" level=error msg="Image 'docker.io/ansibleplaybookbundle/photo-album-demo-app-apb:v3.10' may not exist in registry."
time="2018-12-17T20:09:38Z" level=error msg="{\"errors\":[{\"code\":\"MANIFEST_UNKNOWN\",\"message\":\"manifest unknown\",\"detail\":{\"Tag\":\"v3.10\"}}]}\n"
time="2018-12-17T20:09:39Z" level=error msg="Image 'docker.io/ansibleplaybookbundle/standalone-cinder-apb:v3.10' may not exist in registry."
time="2018-12-17T20:09:39Z" level=error msg="{\"errors\":[{\"code\":\"MANIFEST_UNKNOWN\",\"message\":\"manifest unknown\",\"detail\":{\"Tag\":\"v3.10\"}}]}\n"
time="2018-12-17T20:09:39Z" level=info msg="Didn't find encoded Spec label. Assuming image is not APB and skiping"
time="2018-12-17T20:09:39Z" level=error msg="Image 'docker.io/ansibleplaybookbundle/v2v-apb:v3.10' may not exist in registry."
time="2018-12-17T20:09:39Z" level=error msg="{\"errors\":[{\"code\":\"MANIFEST_UNKNOWN\",\"message\":\"manifest unknown\",\"detail\":{\"Tag\":\"v3.10\"}}]}\n"
time="2018-12-17T20:09:42Z" level=error msg="Image 'docker.io/ansibleplaybookbundle/rocketchat-apb:v3.10' may not exist in registry."
time="2018-12-17T20:09:42Z" level=error msg="{\"errors\":[{\"code\":\"MANIFEST_UNKNOWN\",\"message\":\"manifest unknown\",\"detail\":{\"Tag\":\"v3.10\"}}]}\n"
time="2018-12-17T20:09:44Z" level=error msg="Image 'docker.io/ansibleplaybookbundle/s2i-apb:v3.10' may not exist in registry."
time="2018-12-17T20:09:44Z" level=error msg="{\"errors\":[{\"code\":\"MANIFEST_UNKNOWN\",\"message\":\"manifest unknown\",\"detail\":{\"Tag\":\"v3.10\"}}]}\n"
time="2018-12-17T20:09:44Z" level=error msg="Image 'docker.io/ansibleplaybookbundle/photo-album-demo-ext-api-apb:v3.10' may not exist in registry."
time="2018-12-17T20:09:44Z" level=error msg="{\"errors\":[{\"code\":\"MANIFEST_UNKNOWN\",\"message\":\"manifest unknown\",\"detail\":{\"Tag\":\"v3.10\"}}]}\n"
time="2018-12-17T20:09:45Z" level=error msg="Image 'docker.io/ansibleplaybookbundle/kubevirt-apb:v3.10' may not exist in registry."
time="2018-12-17T20:09:45Z" level=error msg="{\"errors\":[{\"code\":\"MANIFEST_UNKNOWN\",\"message\":\"manifest unknown\",\"detail\":{\"Tag\":\"v3.10\"}}]}\n"
time="2018-12-17T20:09:46Z" level=error msg="Image 'docker.io/ansibleplaybookbundle/dynamic-apb:v3.10' may not exist in registry."
time="2018-12-17T20:09:46Z" level=error msg="{\"errors\":[{\"code\":\"MANIFEST_UNKNOWN\",\"message\":\"manifest unknown\",\"detail\":{\"Tag\":\"v3.10\"}}]}\n"
time="2018-12-17T20:09:48Z" level=error msg="Image 'docker.io/ansibleplaybookbundle/photo-album-demo-api-apb:v3.10' may not exist in registry."
time="2018-12-17T20:09:48Z" level=error msg="{\"errors\":[{\"code\":\"MANIFEST_UNKNOWN\",\"message\":\"manifest unknown\",\"detail\":{\"Tag\":\"v3.10\"}}]}\n"
time="2018-12-17T20:09:53Z" level=error msg="Image 'docker.io/ansibleplaybookbundle/iscsi-demo-target-apb:v3.10' may not exist in registry."
time="2018-12-17T20:09:53Z" level=error msg="{\"errors\":[{\"code\":\"MANIFEST_UNKNOWN\",\"message\":\"manifest unknown\",\"detail\":{\"Tag\":\"v3.10\"}}]}\n"
time="2018-12-17T20:09:55Z" level=info msg="Validating specs..."
time="2018-12-17T20:09:55Z" level=info msg="All specs passed validation!"
�[36m[2018-12-17T20:09:55.494Z] [DEBUG] - set spec: 67042296c7c95e84142f21f58da2ebfe�[0m
�[36m[2018-12-17T20:09:55.508Z] [DEBUG] - set spec: ca91b61da8476984f18fc13883ae2fdb�[0m
�[36m[2018-12-17T20:09:55.514Z] [DEBUG] - set spec: 08ccf37be271fba38b1a70f87302297f�[0m
�[36m[2018-12-17T20:09:55.546Z] [DEBUG] - set spec: 6df7afbd132c094704b4a8bfd44378c0�[0m
�[36m[2018-12-17T20:09:55.562Z] [DEBUG] - set spec: aff6d7bb9c7f57c9ce8b742228e4caa3�[0m
�[36m[2018-12-17T20:09:55.569Z] [DEBUG] - set spec: 693cb128e68365830c913631300deac0�[0m
�[36m[2018-12-17T20:09:55.576Z] [DEBUG] - set spec: 1dda1477cace09730bd8ed7a6505607e�[0m
�[36m[2018-12-17T20:09:55.584Z] [DEBUG] - set spec: 135bd0df0401e2fdd52fd136935014fb�[0m
�[36m[2018-12-17T20:09:55.593Z] [DEBUG] - set spec: c4ef25f81a0c275c8f1bee1b736f3068�[0m
�[36m[2018-12-17T20:09:55.602Z] [DEBUG] - set spec: 09628db4757fd1a2db85d465106b9f82�[0m
�[36m[2018-12-17T20:09:55.608Z] [DEBUG] - set spec: 0e991006d21029e47abe71acc255e807�[0m
�[36m[2018-12-17T20:09:55.664Z] [DEBUG] - set spec: 880ef3b4ba5fa8d80908e9974228e603�[0m
�[36m[2018-12-17T20:09:55.863Z] [DEBUG] - set spec: f4509733ca0636df3d69b6af53260160�[0m
�[36m[2018-12-17T20:09:56.058Z] [DEBUG] - set spec: 1830d9181b425e281b36efbf22f378a4�[0m
�[36m[2018-12-17T20:09:56.261Z] [DEBUG] - set spec: 97a28db2f29cb90245d9cc58ba226273�[0m
�[36m[2018-12-17T20:09:56.476Z] [DEBUG] - set spec: f6c4486b7fb0cdac4b58e193607f7011�[0m
�[36m[2018-12-17T20:09:56.671Z] [DEBUG] - set spec: 1882ffca5d72b1084e9107e3485f5066�[0m
�[36m[2018-12-17T20:09:56.862Z] [DEBUG] - set spec: e9c042c4925dd0c7c25ceca4f5179e1c�[0m
�[36m[2018-12-17T20:09:57.059Z] [DEBUG] - set spec: ab24ffd54da0aefdea5277e0edce8425�[0m
�[36m[2018-12-17T20:09:57.263Z] [DEBUG] - set spec: ddd528762894b277001df310a126d5ad�[0m
�[36m[2018-12-17T20:09:57.469Z] [DEBUG] - set spec: c65fbd4e701cb71d74fd2cc35e14432b�[0m
�[36m[2018-12-17T20:09:57.661Z] [DEBUG] - set spec: a946a139a9308a59bf642ac52b4ba317�[0m
�[36m[2018-12-17T20:09:57.859Z] [DEBUG] - set spec: b95513950bb3f132de25d58fb75f8dca�[0m
�[36m[2018-12-17T20:09:58.092Z] [DEBUG] - set spec: 60836f0ce3bd7d325587211dd7791f5b�[0m
�[36m[2018-12-17T20:09:58.275Z] [DEBUG] - set spec: 9f7da06f179b895a8ee5f9a3ce4af7ef�[0m
�[36m[2018-12-17T20:09:58.469Z] [DEBUG] - set spec: f830fb63f6df99c7bfae34b295b43108�[0m
�[36m[2018-12-17T20:09:58.671Z] [DEBUG] - set spec: 192097962f2955b0582b5d53ddb942e4�[0m
�[36m[2018-12-17T20:09:58.868Z] [DEBUG] - set spec: 1dd62d51c52cc2ac404d58abc0c8fa94�[0m
�[36m[2018-12-17T20:09:59.071Z] [DEBUG] - set spec: 5d0062cce443e5ecb8438ca5f664dcd7�[0m
�[36m[2018-12-17T20:09:59.265Z] [DEBUG] - set spec: 927ea718efcc5b039fa2a6cf368f0300�[0m
�[36m[2018-12-17T20:09:59.472Z] [DEBUG] - set spec: f755257efed3e3d43c8b82afd0db1181�[0m
�[36m[2018-12-17T20:09:59.665Z] [DEBUG] - set spec: 2c79572fbf83125231198451c26e7cf9�[0m
�[36m[2018-12-17T20:09:59.86Z] [DEBUG] - set spec: eebf92c7670f30007a4b8db3a8166d5c�[0m
�[36m[2018-12-17T20:10:00.056Z] [DEBUG] - set spec: b43a4272a6efcaaa3e0b9616324f1099�[0m
�[32m[2018-12-17T20:10:00.278Z] [NOTICE] - Broker successfully bootstrapped on startup�[0m
�[36m[2018-12-17T20:10:00.278Z] [DEBUG] - RefreshInterval: 10m0s�[0m
�[36m[2018-12-17T20:10:00.278Z] [DEBUG] - calling NewSecureServingOptions�[0m
�[36m[2018-12-17T20:10:00.587Z] [DEBUG] - Creating k8s apiserver�[0m
�[31m[2018-12-17T20:10:00.591Z] [ERROR] - Unable to retrieve cluster roles rules from cluster
You must be using OpenShift 3.7 to use the User rules check.
clusterroles.rbac.authorization.k8s.io "edit" not found�[0m
djzager commented
I remember now, the latest automation-broker-apb is compatible with the oc enable openshift-automation-broker as such it loses the capability we added to the APB in 3.11 to handle rules reviews (IIRC).
Would you be able to try this?
curl https://raw.githubusercontent.com/openshift/ansible-service-broker/master/ansible_role/apb/install.yaml | sed -e 's/latest/v3.11/g' | kubectl create -f -
If that works as it should in k8s then I will add an update the install.yaml to the PR (not yet created) to address this issue.
cmoulliard commented
The workaround has been to change within the configmap auto_escalate=true
broker:
dev_broker: true
bootstrap_on_startup: true
refresh_interval: 600s
launch_apb_on_bind: false
output_request: true
recovery: true
ssl_cert_key: /etc/tls/private/tls.key
ssl_cert: /etc/tls/private/tls.crt
auto_escalate: true
as the image used corresponds to this release of ASB -> 'ansible-service-broker-1.2.21-1