Bug 1486623
| Summary: | Service catalog cannot be installed in v3.7 due to policy change | ||
|---|---|---|---|
| Product: | OpenShift Container Platform | Reporter: | Xingxing Xia <xxia> |
| Component: | Installer | Assignee: | ewolinet |
| Status: | CLOSED ERRATA | QA Contact: | Johnny Liu <jialiu> |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | 3.7.0 | CC: | aos-bugs, chezhang, deads, dma, ewolinet, gpei, hasha, jmatthew, jokerman, mkhan, mmccomas, pmorie, sdodson, wjiang, wmeng |
| Target Milestone: | --- | Keywords: | TestBlocker |
| Target Release: | 3.7.0 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: |
Cause: Policy binding policy changed from OCP v3.6 to v3.7
Consequence: The playbook fails to install when trying to create policy bindings.
Fix: Remove the policy bindings for 3.7 as they are no longer needed.
Result: The playbook successfully completes and installs the service catalog.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2017-11-28 22:08:20 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Xingxing Xia
2017-08-30 09:30:39 UTC
Mo is this the same change we ported oc_* modules to accomodate? Can you advise on the proper new command? On 3.7 or later, you should be creating RoleBinding.rbac.authorization.k8s.io objects. The RoleBinding.authorization.openshift.io will still work, but PolicyBinding is no longer required and shouldn't've been required later in 3.6 cycle. @Scott this is a duplicate of https://github.com/openshift/openshift-ansible/issues/4956 @David I opened https://github.com/openshift/openshift-ansible/issues/5275 since migrating openshift-ansible to use RBAC will require various modules to be updated. Adding keyword "TestBlocker" because the env installation failure blocks the test of new user stories about service catalog, such as the Complete cards: https://trello.com/c/Dk9IxmCH/ https://trello.com/c/UWgrj6bL/ https://trello.com/c/IlDIJAz2/ And other service catalog cards on board https://trello.com/b/nbkIrqKa/user-interface that are in "In Progress" list currently but would become "Complete" some time Installed env via ansible with openshift v3.7.0-0.131.0 and openshift-ansible-3.7.0-0.128.0, the original issue in comment 0 is solved. openshift_enable_service_catalog set as true can successfully install service catalog env: # oc get pod -n kube-service-catalog NAME READY STATUS RESTARTS AGE apiserver-xp1kk 1/1 Running 0 1h controller-manager-wwdvm 1/1 Running 0 1h From this point, moving bug to VERIFIED But have a question, from https://github.com/openshift/openshift-ansible/pull/5226, default "ansible_service_broker_install: false" is seen. This makes ansible does not create ansible service broker by default for the env (and thus no serviceclasses). Should it be better to make "ansible_service_broker_install" true by default? The choice to make the default false was due to the fact that we can also install the "template_service_broker". If we wanted to install just the TSB that would require that we set "ansible_service_broker_install" to false and "template_service_broker_install" to true. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2017:3188 |