Cannot deploy ansible service broker because of missing docker image tag
Closed this issue · 6 comments
Bug:
What happened:
Error when deploying ansible-service-broker from simple-broker-template
Caused by non existing docker images with sprint142 tag:
https://github.com/openshift/ansible-service-broker/blob/master/templates/simple-broker-template.yaml#L149
What you expected to happen:
Broker deployed successfully
How to reproduce it:
oc new-project ansible-service-broker
curl -s https://raw.githubusercontent.com/openshift/ansible-service-broker/master/templates/simple-broker-template.yaml | oc process -n "ansible-service-broker" -f - | oc create -f -
Tag latest fixed the issue
Working to recreate this issue. I am able to pull the origin-ansible-service-broker image from sprint142 and can confirm it is listed at https://hub.docker.com/r/ansibleplaybookbundle/origin-ansible-service-broker/tags/.
$ docker pull docker.io/ansibleplaybookbundle/origin-ansible-service-broker:sprint142
Trying to pull repository docker.io/ansibleplaybookbundle/origin-ansible-service-broker ...
sha256:ddac02562e8a1d12aebbfba17acfc8a4a8f9bca358845337e0f068cfe3fc3e55: Pulling from docker.io/ansibleplaybookbundle/origin-ansible-service-broker
74f0853ba93b: Pull complete
b9672b69a01a: Pull complete
bf2e2171eefb: Pull complete
2dadae92b24b: Pull complete
e0e9a7129bb5: Pull complete
Digest: sha256:ddac02562e8a1d12aebbfba17acfc8a4a8f9bca358845337e0f068cfe3fc3e55
Status: Downloaded newer image for docker.io/ansibleplaybookbundle/origin-ansible-service-broker:sprint142
$ docker pull ansibleplaybookbundle/origin-ansible-service-broker:sprint142
Trying to pull repository docker.io/ansibleplaybookbundle/origin-ansible-service-broker ...
sha256:ddac02562e8a1d12aebbfba17acfc8a4a8f9bca358845337e0f068cfe3fc3e55: Pulling from docker.io/ansibleplaybookbundle/origin-ansible-service-broker
Digest: sha256:ddac02562e8a1d12aebbfba17acfc8a4a8f9bca358845337e0f068cfe3fc3e55
Status: Image is up to date for docker.io/ansibleplaybookbundle/origin-ansible-service-broker:sprint142
oc v3.7.42
kubernetes v1.7.6+a08f5eeb62
features: Basic-Auth GSSAPI Kerberos SPNEGO
Server https://172.16.72.30:8443
openshift v3.7.42
kubernetes v1.7.6+a08f5eeb62
Log from pod: https://gist.github.com/psturc/f68de547fcd65a720156a265345ef778
I tested it again this morning, it worked for me:
oc cluster up --service-catalog=true
...
OpenShift server started.
The server is accessible via web console at:
https://127.0.0.1:8443
You are logged in as:
User: developer
Password: <any value>
To login as administrator:
oc login -u system:admin
[jesusr@speed3 ~]$ oc login -u system:admin
Logged into "https://127.0.0.1:8443" as "system:admin" using existing credentials.
You have access to the following projects and can switch between them with 'oc project <projectname>':
default
kube-dns
kube-proxy
kube-public
kube-service-catalog
kube-system
* myproject
openshift
openshift-apiserver
openshift-controller-manager
openshift-infra
openshift-node
openshift-template-service-broker
openshift-web-console
Using project "myproject".
[jesusr@speed3 ~]$ oc new-project ansible-service-broker
Now using project "ansible-service-broker" on server "https://127.0.0.1:8443".
You can add applications to this project with the 'new-app' command. For example, try:
oc new-app centos/ruby-22-centos7~https://github.com/openshift/ruby-ex.git
to build a new example application in Ruby.
[jesusr@speed3 ~]$ curl -s https://raw.githubusercontent.com/openshift/ansible-service-broker/master/templates/simple-broker-template.yaml | oc process -n "ansible-service-broker" -f - | oc create -f -
service "asb" created
service "asb-etcd" created
serviceaccount "asb" created
clusterrolebinding "asb" created
clusterrole "asb-auth" created
clusterrolebinding "asb-auth-bind" created
clusterrole "access-asb-role" created
persistentvolumeclaim "etcd" created
deploymentconfig "asb" created
deploymentconfig "asb-etcd" created
secret "asb-auth-secret" created
secret "registry-auth-secret" created
configmap "broker-config" created
serviceaccount "ansibleservicebroker-client" created
clusterrolebinding "ansibleservicebroker-client" created
secret "ansibleservicebroker-client" created
route "asb-1338" created
clusterservicebroker "ansible-service-broker" created
Yeah @jmrodri, the template deploys just fine. I think the issue is the broker pod is failing. I was able to recreate the failure myself that @psturc is seeing here. My log snippet:
[2018-04-10T14:03:27.781Z] [DEBUG] - Creating k8s apiserver
[2018-04-10T14:03:27.785Z] [ERROR] - Unable to retrieve cluster roles rules from cluster
You must be using OpenShift 3.7 to use the User rules check.
the server could not find the requested resource
If I recall correctly, this is related to auto_escalate in the template.
@psturc It looks like there may be a bug in the sprint142 broker container image. While it is interesting the the 1.1.3 version of the broker is having this problem. I think the most prudent fix is to simply point the simple-broker-template to use the release-1.1 image as that is what we released for 3.9.
$ docker run -it --entrypoint asbd docker.io/ansibleplaybookbundle/origin-ansible-service-broker:sprint142 --version
1.1.3
$ docker run -it --entrypoint asbd docker.io/ansibleplaybookbundle/origin-ansible-service-broker:release-1.1 --version
1.1.15
@jmrodri any thoughts?