Bug 1536687
| Summary: | apb tool should work out of the box with minishift | ||
|---|---|---|---|
| Product: | OpenShift Container Platform | Reporter: | Erik Nelson <ernelson> |
| Component: | Service Broker | Assignee: | Erik Nelson <ernelson> |
| Status: | CLOSED ERRATA | QA Contact: | Zhang Cheng <chezhang> |
| Severity: | medium | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 3.9.0 | CC: | aos-bugs, ernelson, jmontleo, xtian |
| Target Milestone: | --- | ||
| Target Release: | 3.9.0 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Enhancement | |
| Doc Text: |
Feature: Apb tool now works with minishift.
Reason: It did not previously work with minishift.
Result: It now works with minishift.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2018-12-13 19:26:51 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Erik Nelson
2018-01-19 22:42:09 UTC
Addon PR: https://github.com/minishift/minishift-addons/pull/76 ansible-playbook-bundle PR: https://github.com/ansibleplaybookbundle/ansible-playbook-bundle/pull/207 Zhang, you should run the script as a non-root user. I added a PR that validates this and exits with an error message if the executing user is root: https://github.com/ansibleplaybookbundle/ansible-playbook-bundle/pull/225 Note: I am now seeing the following error trying to start v3.9.0-alpha.3, which I was previously able to start: > Error starting the cluster: Error attempting to download and cache 'oc': Cannot get binary 'oc' in version v3.9.0-alpha.3 for the target environment Linux I reported this on my issue tracking v3.9.0* deploy problems. v3.9.0-alpha.4 is blocked by the same problem: https://github.com/minishift/minishift/issues/1922 Erik, Thanks. I will try again with normal user tomorrow. For the issue you report in minishift, I really hit it, and have workaround by pre-prepare a oc binary in local Such as: $ mkdir -p ~/.minishift/cache/oc/v3.9.0-alpha.3/linux/ $ mv oc ~/.minishift/cache/oc/v3.9.0-alpha.3/linux/ Zhang, I'm actually seeing this as well, I think something got merged to canary that's potentially breaking the image. I will investigate and report back. Erik, OKay. Thanks your response. I'm changing status to "Assign" follow test result at present, please move back if you think ready for test again. Thanks. I deployed with my script here: https://github.com/jmontleon/minishift-scripts Copy config.example to config and adjust as needed/wanted. Most commands seem to be working: [jmontleo@jmontleo minishift-scripts]$ apb relist Successfully relisted the Service Catalog [jmontleo@jmontleo minishift-scripts]$ apb bootstrap Contacting the ansible-service-broker at: https://asb-1338-ansible-service-broker.192.168.42.253.nip.io/ansible-service-broker/v2/bootstrap Successfully bootstrapped Ansible Service Broker Successfully relisted the Service Catalog [jmontleo@jmontleo minishift-scripts]$ apb list Contacting the ansible-service-broker at: https://asb-1338-ansible-service-broker.192.168.42.253.nip.io/ansible-service-broker/v2/catalog ID NAME DESCRIPTION 880ef3b4ba5fa8d80908e9974228e603 dh-awx-apb AWX APB Implementation 21e1bfbf09d5a7fb8a54042f504f26be dh-demo-api-apb Internal Dog API d4684c1b61cd094af9aa6ec4a90b4d69 dh-demo-app-apb Deploys a demo application showing random pictures. ... [jmontleo@jmontleo foo]$ apb build Finished writing dockerfile. Building APB using tag: [foo-apb] Successfully built APB image: foo-apb apb push is failing for me: [jmontleo@jmontleo foo]$ apb push --namespace test ... Exception occurred trying to find docker-registry service in namespace default: (403) Reason: Forbidden HTTP response headers: HTTPHeaderDict({'Date': 'Thu, 22 Feb 2018 15:22:05 GMT', 'Content-Length': '122', 'Content-Type': 'text/plain', 'X-Content-Type-Options': 'nosniff', 'Cache-Control': 'no-store'}) HTTP response body: User "developer" cannot get services in the namespace "default": User "developer" cannot get services in project "default" Failed to find registry service IP address. Exception occurred! Unable to get registry IP from namespace default I'm not surprised that the developer can't see anything in the default namespace. I'm not sure if there is an alternative way of pushing. Asking around apb push --registry-service-name docker-registry --registry-namespace default or apb push --push-to-broker seems to get the push working, but it looks like it's trying to pull library/foo-apb:latest which doesn't exist. Error: image library/foo-apb:latest not found I'm not sure what the expected behavior is or if what I'm passing in for options even makes sense. @Jason, minishift instructions with asb are here: https://github.com/eriknelson/minishift-addons/tree/asb-updates/add-ons/ansible-service-broker. I am still in the process of getting them merged to minishift/minishift-addons. You are likely missing eval $(minishift docker-env), which is a required prereq for apb push to function correctly. I'm checking to see if I can reproduce @Zhang's issue with latest images. That was my error. I can confirm success with all commands against minishift now. Your script (or settings an alias up to do similar) gets me to success. @Zhang, We've confirmed the error that you and I were experiencing to be due to host networking rules. Run this script to add the necessary iptables rules and you should be able to use the apb container script. https://raw.githubusercontent.com/eriknelson/ansible-playbook-bundle/1d52d30e1835611b6f6b5aa63d04568c7891403f/scripts/setup-network.sh PR :https://github.com/ansibleplaybookbundle/ansible-playbook-bundle/pull/231 @Erik,
You are right. apb list/relist/prepare worked fine after using setup-network.sh
But apb build still failed(I remember "apb should not be run as root!", so using new user "chezhang"):
[chezhang@host-172-16-120-40 test-demo]$ id
uid=1001(chezhang) gid=1001(chezhang) groups=1001(chezhang),991(libvirt) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
[chezhang@host-172-16-120-40 test-demo]$ ls -l /var/run/docker.sock
srwxrwxrwx. 1 root root 0 Feb 23 21:26 /var/run/docker.sock
[chezhang@host-172-16-120-40 test-demo]$ pwd
/home/chezhang/test-demo
[chezhang@host-172-16-120-40 test-demo]$ eval $(minishift docker-env); . ../apb-docker-run.sh build
Running APB image: docker.io/ansibleplaybookbundle/apb-tools:canary
Targetting minishift host: tcp://192.168.42.20:2376
Finished writing dockerfile.
Building APB using tag: [test-demo]
Error accessing the docker API. Is the daemon running?
Exception occurred! Error while fetching server API version: HTTPSConnectionPool(host='192.168.42.20', port=2376): Max retries exceeded with url: /version (Caused by NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x3ec2950>: Failed to establish a new connection: [Errno 111] Connection refused',))
@Erik I'm changing status to "ASSIGNED" since test result not looks good to me, refer to Comment 23. Please move back if have some mistake. Thanks. This looks like a missing iptables rule. Trying to confirm that in your test environment. I added the missing port to the iptables forwarding and tested in your environment, apb build/push/test all worked as expected. One note: you had an old version of the ansible-service-broker installed. You needed to checkout the asb-updates branch from my minishift-addons repo, instead the version from master was installed. PR with the additional port: https://github.com/ansibleplaybookbundle/ansible-playbook-bundle/pull/232 Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2018:3748 |