Bug 1496426

Summary: Ansible service broker cannot be installed in v3.7 due to broker configuration need to update
Product: OpenShift Container Platform Reporter: Zhang Cheng <chezhang>
Component: InstallerAssignee: Fabian von Feilitzsch <fabian>
Status: CLOSED CURRENTRELEASE QA Contact: Zhang Cheng <chezhang>
Severity: urgent Docs Contact:
Priority: urgent    
Version: 3.7.0CC: aos-bugs, chezhang, dma, ewolinet, jmatthew, jokerman, mmccomas, mstaeble, sdodson, vwalek, wjiang, wmeng, wsun, xtian, xxia
Target Milestone: ---   
Target Release: 3.7.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-11-10 20:58:36 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1503987    

Comment 8 ewolinet 2017-10-13 20:07:50 UTC 
https://github.com/openshift/openshift-ansible/pull/5761
Comment 9 openshift-github-bot 2017-10-23 12:55:05 UTC 
Commits pushed to master at https://github.com/openshift/openshift-ansible

https://github.com/openshift/openshift-ansible/commit/9bca21bd873b774ca8a421bfc0f6d3755ebef02b
Bug 1496426 - add asb-client secret to openshift-ansible-service-broker namespace

https://github.com/openshift/openshift-ansible/commit/d7cfb9e1a33d1637946aa10af5329290784ab41f
Merge pull request #5761 from fabianvf/asb-client-secret-not-found

Bug 1496426 - Update ansible-service-broker configuration to use proper certs and permissions
Comment 14 Matthew Staebler 2017-10-26 11:36:06 UTC 
https://github.com/openshift/openshift-ansible/pull/5890
Comment 15 Zhang Cheng 2017-10-28 16:02:31 UTC 
Tried again with latest openshift-ansible-3.7.0-0.185.0, have different error with my latest comments. FYI.

asb pod is running, but no any clusterserviceclass after deployed to openshift-ansible-service-broker project by openshift-installer. There are below errors in log of asb pod:
[2017-10-28T14:46:54.33Z] [NOTICE] 
[2017-10-28T14:46:54.33Z] [INFO] Broker configured to bootstrap on startup
[2017-10-28T14:46:54.33Z] [INFO] Attempting bootstrap...
[2017-10-28T14:46:54.33Z] [INFO] AnsibleBroker::Bootstrap
[2017-10-28T14:46:55.534Z] [ERROR] V1 Schema Manifest does not exist in registry
[2017-10-28T14:46:55.616Z] [ERROR] V1 Schema Manifest does not exist in registry
[2017-10-28T14:46:55.686Z] [ERROR] V1 Schema Manifest does not exist in registry
[2017-10-28T14:46:55.759Z] [ERROR] V1 Schema Manifest does not exist in registry
[2017-10-28T14:46:55.831Z] [ERROR] V1 Schema Manifest does not exist in registry
[2017-10-28T14:46:55.905Z] [ERROR] V1 Schema Manifest does not exist in registry
[2017-10-28T14:46:55.98Z] [ERROR] V1 Schema Manifest does not exist in registry
[2017-10-28T14:46:56.053Z] [ERROR] V1 Schema Manifest does not exist in registry
[2017-10-28T14:46:56.126Z] [ERROR] V1 Schema Manifest does not exist in registry
[2017-10-28T14:46:56.213Z] [ERROR] V1 Schema Manifest does not exist in registry
[2017-10-28T14:46:56.408Z] [ERROR] V1 Schema Manifest does not exist in registry
[2017-10-28T14:46:56.483Z] [ERROR] V1 Schema Manifest does not exist in registry
[2017-10-28T14:46:56.559Z] [ERROR] V1 Schema Manifest does not exist in registry
[2017-10-28T14:46:56.633Z] [ERROR] V1 Schema Manifest does not exist in registry
[2017-10-28T14:46:56.71Z] [ERROR] V1 Schema Manifest does not exist in registry
[2017-10-28T14:46:56.786Z] [ERROR] V1 Schema Manifest does not exist in registry
[2017-10-28T14:46:56.868Z] [ERROR] V1 Schema Manifest does not exist in registry
[2017-10-28T14:46:56.943Z] [ERROR] V1 Schema Manifest does not exist in registry
[2017-10-28T14:46:56.943Z] [INFO] Validating specs...
[2017-10-28T14:46:56.943Z] [NOTICE] All specs passed validation!
[2017-10-28T14:46:56.943Z] [NOTICE] Broker successfully bootstrapped on startup
[2017-10-28T14:46:57.127Z] [NOTICE] Listening on https://0.0.0.0:1338
[2017-10-28T14:46:57.127Z] [NOTICE] Ansible Service Broker Starting

Event in clusterservicebroker:
  8m		16s		28	service-catalog-controller-manager			Warning		ErrorSyncingCatalog	Error getting catalog payload for broker "ansible-service-broker"; received zero services; at least one service is required
Comment 16 Fabian von Feilitzsch 2017-10-30 19:09:04 UTC 
The whitelisting behavior changed recently, if you're deploying using the upstream dockerhub settings you may need to specify a whitelist. Adding the option

    ansible_service_broker_registry_whitelist: [".*"] 

to your configuration might fix this.
Comment 17 Zhang Cheng 2017-10-31 06:54:26 UTC 
Fabian, thanks your response.

I tried again follow your suggestion, using ".*" still failed with same error:
[2017-10-31T06:51:21.811Z] [ERROR] V1 Schema Manifest does not exist in registry
Configmap using with:
...
    registry:
      - type: dockerhub
        name: rh
        url:  https://registry.hub.docker.com
        user: changeme
        pass: changeme
        org:  ansibleplaybookbundle
        tag:  v3.7
        white_list: [".*"]


Furthermore, I tried again without whitelist in registry, no error, but no available apb was find.
Configmap using with:
...
    registry:
      - type: dockerhub
        name: rh
        url:  https://registry.hub.docker.com
        user: changeme
        pass: changeme
        org:  ansibleplaybookbundle
        tag:  v3.7

Event in clusterservicebroker(didn't find available apb): 
Warning		ErrorSyncingCatalog	Error getting catalog payload for broker "ansible-service-broker"; received zero services; at least one service is required

Logs in asb pod(no error and didn't find avaibable apb):
[2017-10-31T06:32:28.421Z] [INFO] Broker configured to bootstrap on startup
[2017-10-31T06:32:28.422Z] [INFO] Attempting bootstrap...
[2017-10-31T06:32:28.422Z] [INFO] AnsibleBroker::Bootstrap
!!!!!!filter mode is none[2017-10-31T06:32:29.445Z] [INFO] Validating specs...
[2017-10-31T06:32:29.445Z] [NOTICE] All specs passed validation!
[2017-10-31T06:32:29.445Z] [NOTICE] Broker successfully bootstrapped on startup
[2017-10-31T06:32:29.566Z] [NOTICE] Listening on https://0.0.0.0:1338
[2017-10-31T06:32:29.566Z] [NOTICE] Ansible Service Broker Starting
[2017-10-31T06:32:46.844Z] [INFO] AnsibleBroker::Catalog
10.128.0.1 - - [31/Oct/2017:06:32:46 +0000] "GET /ansible-service-broker/v2/catalog HTTP/1.1" 200 21
Comment 18 John Matthews 2017-10-31 09:00:20 UTC 
Note that changeme changeme are no longer valid credentials.   

The error you received may be related to invalid doxkerhub credentials 

V1 schema manifest does not exist 
  Above is displayed if manifest is missing or invalid credentials were supplied

We are updating broker to not require credentials in future, that’s likely a few days away from arriving in a build to test.  In short term please retest with valid credentials from a doxkerhub account
Comment 19 Zhang Cheng 2017-11-01 07:33:39 UTC 
Verified and LGTM with openshift-ansible-3.7.0-0.188.0

1. asb can work well with docker-hub registry(dockerhub type) after ansible-installer deploy:
a) with valid user and pass
b) without user and pass

2. asb can work well with access.stage registry(rhcc type) after ansible-installer deploy.