Cannot install ansible-service-broker on kubernetes
bluven opened this issue · 5 comments
bluven commented
This form is for bug reports and feature requests. Major features will go through a spec process.
Feature:
Bug:
What happened:
I was try to use ansible-service-broker on my k8s cluster(not minikube neither openshift), I followed Getting Started On Kubernetest, but installation failed. The broker container failed to start. service-catalog cannot get catalog from broker.
I didn't follow the installation guide step by step because I already have one kubernetes cluster(v1.12.2), helml(v2.12.1), service-catalog(v0.2.0) installed.
Using config file mounted to /etc/automation-broker/config.yaml
============================================================
== Creating Ansible Service Broker... ==
============================================================
[2019-07-03T09:07:32.442Z] [NOTICE] - Initializing clients...
[2019-07-03T09:07:32.445Z] [DEBUG] - Connecting to Cluster
time="2019-07-03T09:07:32Z" level=info msg="Kubernetes version: %vv1.12.2"
[2019-07-03T09:07:32.709Z] [DEBUG] - Connecting Dao
[2019-07-03T09:07:32.71Z] [DEBUG] - Connecting Registry
time="2019-07-03T09:07:32Z" level=info msg="== REGISTRY CX == "
time="2019-07-03T09:07:32Z" level=info msg="Name: dh"
time="2019-07-03T09:07:32Z" level=info msg="Type: dockerhub"
time="2019-07-03T09:07:32Z" level=info msg="Url: https://registry.hub.docker.com"
[2019-07-03T09:07:32.71Z] [DEBUG] - Initializing WorkEngine
[2019-07-03T09:07:32.71Z] [DEBUG] - Creating AnsibleBroker
============================================================
== Starting Ansible Service Broker... ==
============================================================
[2019-07-03T09:07:32.71Z] [INFO] - Initiating Recovery Process
[2019-07-03T09:07:32.719Z] [INFO] - Recovery complete
[2019-07-03T09:07:32.719Z] [NOTICE] - recover called
[2019-07-03T09:07:32.719Z] [INFO] - Broker configured to bootstrap on startup
[2019-07-03T09:07:32.719Z] [INFO] - Attempting bootstrap...
[2019-07-03T09:07:32.719Z] [INFO] - AnsibleBroker::Bootstrap
[2019-07-03T09:07:32.719Z] [DEBUG] - Dao::BatchGetSpecs
[2019-07-03T09:07:32.767Z] [DEBUG] - Dao::DeleteSpec-> [ 08ccf37be271fba38b1a70f87302297f ]
[2019-07-03T09:07:32.787Z] [DEBUG] - Dao::DeleteSpec-> [ 09628db4757fd1a2db85d465106b9f82 ]
[2019-07-03T09:07:32.798Z] [DEBUG] - Dao::DeleteSpec-> [ 0e991006d21029e47abe71acc255e807 ]
[2019-07-03T09:07:32.81Z] [DEBUG] - Dao::DeleteSpec-> [ 135bd0df0401e2fdd52fd136935014fb ]
[2019-07-03T09:07:32.815Z] [DEBUG] - Dao::DeleteSpec-> [ 1830d9181b425e281b36efbf22f378a4 ]
[2019-07-03T09:07:32.82Z] [DEBUG] - Dao::DeleteSpec-> [ 1882ffca5d72b1084e9107e3485f5066 ]
[2019-07-03T09:07:32.826Z] [DEBUG] - Dao::DeleteSpec-> [ 192097962f2955b0582b5d53ddb942e4 ]
[2019-07-03T09:07:32.832Z] [DEBUG] - Dao::DeleteSpec-> [ 1dd62d51c52cc2ac404d58abc0c8fa94 ]
[2019-07-03T09:07:32.92Z] [DEBUG] - Dao::DeleteSpec-> [ 1dda1477cace09730bd8ed7a6505607e ]
[2019-07-03T09:07:33.116Z] [DEBUG] - Dao::DeleteSpec-> [ 2c79572fbf83125231198451c26e7cf9 ]
[2019-07-03T09:07:33.318Z] [DEBUG] - Dao::DeleteSpec-> [ 5d0062cce443e5ecb8438ca5f664dcd7 ]
[2019-07-03T09:07:33.732Z] [DEBUG] - Dao::DeleteSpec-> [ 60836f0ce3bd7d325587211dd7791f5b ]
[2019-07-03T09:07:34.184Z] [DEBUG] - Dao::DeleteSpec-> [ 67042296c7c95e84142f21f58da2ebfe ]
[2019-07-03T09:07:34.192Z] [DEBUG] - Dao::DeleteSpec-> [ 693cb128e68365830c913631300deac0 ]
[2019-07-03T09:07:34.198Z] [DEBUG] - Dao::DeleteSpec-> [ 6df7afbd132c094704b4a8bfd44378c0 ]
[2019-07-03T09:07:34.397Z] [DEBUG] - Dao::DeleteSpec-> [ 880ef3b4ba5fa8d80908e9974228e603 ]
[2019-07-03T09:07:34.518Z] [DEBUG] - Dao::DeleteSpec-> [ 927ea718efcc5b039fa2a6cf368f0300 ]
[2019-07-03T09:07:34.737Z] [DEBUG] - Dao::DeleteSpec-> [ 97a28db2f29cb90245d9cc58ba226273 ]
[2019-07-03T09:07:34.92Z] [DEBUG] - Dao::DeleteSpec-> [ 9f7da06f179b895a8ee5f9a3ce4af7ef ]
[2019-07-03T09:07:35.161Z] [DEBUG] - Dao::DeleteSpec-> [ a946a139a9308a59bf642ac52b4ba317 ]
[2019-07-03T09:07:35.546Z] [DEBUG] - Dao::DeleteSpec-> [ ab24ffd54da0aefdea5277e0edce8425 ]
[2019-07-03T09:07:35.555Z] [DEBUG] - Dao::DeleteSpec-> [ aff6d7bb9c7f57c9ce8b742228e4caa3 ]
[2019-07-03T09:07:35.717Z] [DEBUG] - Dao::DeleteSpec-> [ b43a4272a6efcaaa3e0b9616324f1099 ]
[2019-07-03T09:07:35.916Z] [DEBUG] - Dao::DeleteSpec-> [ b95513950bb3f132de25d58fb75f8dca ]
[2019-07-03T09:07:36.119Z] [DEBUG] - Dao::DeleteSpec-> [ c4ef25f81a0c275c8f1bee1b736f3068 ]
[2019-07-03T09:07:36.319Z] [DEBUG] - Dao::DeleteSpec-> [ c65fbd4e701cb71d74fd2cc35e14432b ]
[2019-07-03T09:07:36.519Z] [DEBUG] - Dao::DeleteSpec-> [ ca91b61da8476984f18fc13883ae2fdb ]
[2019-07-03T09:07:36.715Z] [DEBUG] - Dao::DeleteSpec-> [ ddd528762894b277001df310a126d5ad ]
[2019-07-03T09:07:37.117Z] [DEBUG] - Dao::DeleteSpec-> [ e9c042c4925dd0c7c25ceca4f5179e1c ]
[2019-07-03T09:07:37.125Z] [DEBUG] - Dao::DeleteSpec-> [ eebf92c7670f30007a4b8db3a8166d5c ]
[2019-07-03T09:07:37.316Z] [DEBUG] - Dao::DeleteSpec-> [ f4509733ca0636df3d69b6af53260160 ]
[2019-07-03T09:07:37.525Z] [DEBUG] - Dao::DeleteSpec-> [ f6c4486b7fb0cdac4b58e193607f7011 ]
[2019-07-03T09:07:37.916Z] [DEBUG] - Dao::DeleteSpec-> [ f755257efed3e3d43c8b82afd0db1181 ]
[2019-07-03T09:07:37.974Z] [DEBUG] - Dao::DeleteSpec-> [ f830fb63f6df99c7bfae34b295b43108 ]
time="2019-07-03T09:07:43Z" level=info msg="APBs filtered by white/blacklist filter:-> ansibleplaybookbundle/origin-ansible-service-broker-> ansibleplaybookbundle/hello-world-> ansibleplaybookbundle/manageiq-apb-runner-> ansibleplaybookbundle/apb-base-> ansibleplaybookbundle/mediawiki123-> ansibleplaybookbundle/apb-tools-> ansibleplaybookbundle/mediawiki-> ansibleplaybookbundle/photo-album-demo-app-> ansibleplaybookbundle/photo-album-demo-api-> ansibleplaybookbundle/origin-haproxy-router-> ansibleplaybookbundle/vnc-desktop-> ansibleplaybookbundle/py-zip-demo-> ansibleplaybookbundle/origin-pod-> ansibleplaybookbundle/origin-docker-registry-> ansibleplaybookbundle/helm-bundle-base-> ansibleplaybookbundle/origin-recycler-> ansibleplaybookbundle/origin-sti-builder-> ansibleplaybookbundle/asb-installer-> ansibleplaybookbundle/origin-deployer-> ansibleplaybookbundle/kubevirt-ansible-> ansibleplaybookbundle/apb-assets-base-> ansibleplaybookbundle/vnc-client-> ansibleplaybookbundle/ansible-service-broker-> ansibleplaybookbundle/origin-service-catalog-> ansibleplaybookbundle/origin-> ansibleplaybookbundle/deploy-broker"
time="2019-07-03T09:07:46Z" level=error msg="Image 'docker.io/ansibleplaybookbundle/s2i-apb:v3.10' may not exist in registry."
time="2019-07-03T09:07:46Z" level=error msg="{\"errors\":[{\"code\":\"MANIFEST_UNKNOWN\",\"message\":\"manifest unknown\",\"detail\":{\"Tag\":\"v3.10\"}}]}\n"
time="2019-07-03T09:07:48Z" level=error msg="Image 'docker.io/ansibleplaybookbundle/standalone-cinder-apb:v3.10' may not exist in registry."
time="2019-07-03T09:07:48Z" level=error msg="{\"errors\":[{\"code\":\"MANIFEST_UNKNOWN\",\"message\":\"manifest unknown\",\"detail\":{\"Tag\":\"v3.10\"}}]}\n"
time="2019-07-03T09:07:52Z" level=error msg="Image 'docker.io/ansibleplaybookbundle/photo-album-demo-api-apb:v3.10' may not exist in registry."
time="2019-07-03T09:07:52Z" level=error msg="{\"errors\":[{\"code\":\"MANIFEST_UNKNOWN\",\"message\":\"manifest unknown\",\"detail\":{\"Tag\":\"v3.10\"}}]}\n"
time="2019-07-03T09:07:53Z" level=error msg="Image 'docker.io/ansibleplaybookbundle/rocketchat-apb:v3.10' may not exist in registry."
time="2019-07-03T09:07:53Z" level=error msg="{\"errors\":[{\"code\":\"MANIFEST_UNKNOWN\",\"message\":\"manifest unknown\",\"detail\":{\"Tag\":\"v3.10\"}}]}\n"
time="2019-07-03T09:07:58Z" level=error msg="Image 'docker.io/ansibleplaybookbundle/v2v-apb:v3.10' may not exist in registry."
time="2019-07-03T09:07:58Z" level=error msg="{\"errors\":[{\"code\":\"MANIFEST_UNKNOWN\",\"message\":\"manifest unknown\",\"detail\":{\"Tag\":\"v3.10\"}}]}\n"
time="2019-07-03T09:07:58Z" level=info msg="Didn't find encoded Spec label. Assuming image is not APB and skiping"
time="2019-07-03T09:08:01Z" level=error msg="Image 'docker.io/ansibleplaybookbundle/photo-album-demo-ext-api-apb:v3.10' may not exist in registry."
time="2019-07-03T09:08:01Z" level=error msg="{\"errors\":[{\"code\":\"MANIFEST_UNKNOWN\",\"message\":\"manifest unknown\",\"detail\":{\"Tag\":\"v3.10\"}}]}\n"
time="2019-07-03T09:08:05Z" level=error msg="Image 'docker.io/ansibleplaybookbundle/kubevirt-apb:v3.10' may not exist in registry."
time="2019-07-03T09:08:05Z" level=error msg="{\"errors\":[{\"code\":\"MANIFEST_UNKNOWN\",\"message\":\"manifest unknown\",\"detail\":{\"Tag\":\"v3.10\"}}]}\n"
time="2019-07-03T09:08:07Z" level=error msg="Image 'docker.io/ansibleplaybookbundle/iscsi-demo-target-apb:v3.10' may not exist in registry."
time="2019-07-03T09:08:07Z" level=error msg="{\"errors\":[{\"code\":\"MANIFEST_UNKNOWN\",\"message\":\"manifest unknown\",\"detail\":{\"Tag\":\"v3.10\"}}]}\n"
time="2019-07-03T09:08:12Z" level=error msg="Image 'docker.io/ansibleplaybookbundle/dynamic-apb:v3.10' may not exist in registry."
time="2019-07-03T09:08:12Z" level=error msg="{\"errors\":[{\"code\":\"MANIFEST_UNKNOWN\",\"message\":\"manifest unknown\",\"detail\":{\"Tag\":\"v3.10\"}}]}\n"
time="2019-07-03T09:08:13Z" level=error msg="Image 'docker.io/ansibleplaybookbundle/photo-album-demo-app-apb:v3.10' may not exist in registry."
time="2019-07-03T09:08:13Z" level=error msg="{\"errors\":[{\"code\":\"MANIFEST_UNKNOWN\",\"message\":\"manifest unknown\",\"detail\":{\"Tag\":\"v3.10\"}}]}\n"
time="2019-07-03T09:08:17Z" level=info msg="Validating specs..."
time="2019-07-03T09:08:17Z" level=info msg="All specs passed validation!"
[2019-07-03T09:08:17.004Z] [DEBUG] - set spec: 67042296c7c95e84142f21f58da2ebfe
[2019-07-03T09:08:17.3Z] [DEBUG] - set spec: 1830d9181b425e281b36efbf22f378a4
[2019-07-03T09:08:17.327Z] [DEBUG] - set spec: 0e991006d21029e47abe71acc255e807
[2019-07-03T09:08:17.682Z] [DEBUG] - set spec: 927ea718efcc5b039fa2a6cf368f0300
[2019-07-03T09:08:17.688Z] [DEBUG] - set spec: 1dd62d51c52cc2ac404d58abc0c8fa94
[2019-07-03T09:08:18.461Z] [DEBUG] - set spec: a946a139a9308a59bf642ac52b4ba317
[2019-07-03T09:08:18.468Z] [DEBUG] - set spec: 2c79572fbf83125231198451c26e7cf9
[2019-07-03T09:08:19.028Z] [DEBUG] - set spec: e9c042c4925dd0c7c25ceca4f5179e1c
[2019-07-03T09:08:19.042Z] [DEBUG] - set spec: aff6d7bb9c7f57c9ce8b742228e4caa3
[2019-07-03T09:08:19.286Z] [DEBUG] - set spec: b95513950bb3f132de25d58fb75f8dca
[2019-07-03T09:08:19.296Z] [DEBUG] - set spec: c4ef25f81a0c275c8f1bee1b736f3068
[2019-07-03T09:08:19.305Z] [DEBUG] - set spec: 09628db4757fd1a2db85d465106b9f82
[2019-07-03T09:08:19.557Z] [DEBUG] - set spec: 5d0062cce443e5ecb8438ca5f664dcd7
[2019-07-03T09:08:19.562Z] [DEBUG] - set spec: c65fbd4e701cb71d74fd2cc35e14432b
[2019-07-03T09:08:19.572Z] [DEBUG] - set spec: b43a4272a6efcaaa3e0b9616324f1099
[2019-07-03T09:08:19.576Z] [DEBUG] - set spec: ab24ffd54da0aefdea5277e0edce8425
[2019-07-03T09:08:19.891Z] [DEBUG] - set spec: f755257efed3e3d43c8b82afd0db1181
[2019-07-03T09:08:19.898Z] [DEBUG] - set spec: 1dda1477cace09730bd8ed7a6505607e
[2019-07-03T09:08:20.066Z] [DEBUG] - set spec: f6c4486b7fb0cdac4b58e193607f7011
[2019-07-03T09:08:20.072Z] [DEBUG] - set spec: ddd528762894b277001df310a126d5ad
[2019-07-03T09:08:20.25Z] [DEBUG] - set spec: eebf92c7670f30007a4b8db3a8166d5c
[2019-07-03T09:08:20.262Z] [DEBUG] - set spec: ca91b61da8476984f18fc13883ae2fdb
[2019-07-03T09:08:20.267Z] [DEBUG] - set spec: 135bd0df0401e2fdd52fd136935014fb
[2019-07-03T09:08:20.271Z] [DEBUG] - set spec: 192097962f2955b0582b5d53ddb942e4
[2019-07-03T09:08:20.316Z] [DEBUG] - set spec: f4509733ca0636df3d69b6af53260160
[2019-07-03T09:08:20.515Z] [DEBUG] - set spec: 880ef3b4ba5fa8d80908e9974228e603
[2019-07-03T09:08:20.716Z] [DEBUG] - set spec: 60836f0ce3bd7d325587211dd7791f5b
[2019-07-03T09:08:20.917Z] [DEBUG] - set spec: 6df7afbd132c094704b4a8bfd44378c0
[2019-07-03T09:08:21.116Z] [DEBUG] - set spec: 08ccf37be271fba38b1a70f87302297f
[2019-07-03T09:08:21.34Z] [DEBUG] - set spec: 693cb128e68365830c913631300deac0
[2019-07-03T09:08:21.621Z] [DEBUG] - set spec: 9f7da06f179b895a8ee5f9a3ce4af7ef
[2019-07-03T09:08:21.974Z] [DEBUG] - set spec: f830fb63f6df99c7bfae34b295b43108
[2019-07-03T09:08:21.977Z] [DEBUG] - set spec: 1882ffca5d72b1084e9107e3485f5066
[2019-07-03T09:08:22.116Z] [DEBUG] - set spec: 97a28db2f29cb90245d9cc58ba226273
[2019-07-03T09:08:22.426Z] [NOTICE] - Broker successfully bootstrapped on startup
[2019-07-03T09:08:22.426Z] [DEBUG] - RefreshInterval: 10m0s
[2019-07-03T09:08:22.426Z] [DEBUG] - calling NewSecureServingOptions
[2019-07-03T09:08:22.536Z] [DEBUG] - Creating k8s apiserver
[2019-07-03T09:08:22.542Z] [ERROR] - Unable to retrieve cluster roles rules from cluster
You must be using OpenShift 3.7 to use the User rules check.
clusterroles.rbac.authorization.k8s.io "edit" is forbidden: User "system:serviceaccount:automation-broker:automation-broker" cannot get resource "clusterroles" in API group "rbac.authorization.k8s.io" at the cluster scope
What you expected to happen:
broker container start successfully and service-catalog can get catalog from broker.
How to reproduce it:
git clone git@github.com:openshift/ansible-service-broker.git
cd ansible-servicebroker
./scripts/run_latest_k8s_build.sh
paul-snively-exa commented
👍
jrhoward commented
The following role binding is incorrect
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: automation-broker-automation-broker
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: admin
subjects:
- kind: ServiceAccount
name: automation-broker
namespace: automation-broker
the role should be cluster-admin not admin.
That error is because admin attempting those tasks is a privilage escalation error.
If you delete the clusterrolebinding and re-add it with the correct cluster role it will work.
openshift-bot commented
Issues go stale after 90d of inactivity.
Mark the issue as fresh by commenting /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.
Exclude this issue from closing by commenting /lifecycle frozen.
If this issue is safe to close now please do so with /close.
/lifecycle stale
jmrodri commented
/close
openshift-ci-robot commented
@jmrodri: Closing this issue.
In response to this:
/close
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.