Bug 1564542
| Summary: | Provision Credentials should always be sent to deprovision action | ||
|---|---|---|---|
| Product: | OpenShift Container Platform | Reporter: | Shawn Hurley <shurley> |
| Component: | Service Broker | Assignee: | Jesus M. Rodriguez <jesusr> |
| Status: | CLOSED ERRATA | QA Contact: | Jian Zhang <jiazha> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 3.10.0 | CC: | aos-bugs, chezhang, dymurray, jesusr, jmatthew, zitang |
| Target Milestone: | --- | ||
| Target Release: | 3.11.0 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | No Doc Update | |
| Doc Text: |
undefined
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2018-10-11 07:19:09 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Shawn Hurley
2018-04-06 15:04:06 UTC
Additionally, if a user passes data back to the broker using `asb_encode_binding` in provision they should expect to see those keys populated on deprovision. Fixed by PR 821 https://github.com/openshift/ansible-service-broker/pull/821 Shawn & Jesus, I provision the Mediawiki APB and then deprovision it, but I did not find the key "_apb_provision_crendentials" in the ASB logs, so are there any special steps need to be set? And, this issue reported on April 6th, but the above fixed PR merged on March 16th, I'm very confused for that. Could you help explanation this? Shawn & Jesus Sorry, I still cannot get the key "_apb_provision_crendentials" during deprovision action. And, one more question, the target release of this bug is 3.11? I provisioned VNC APB which is an unbindable apb, and the key was still passed to deprovision. The key is _apb_provision_creds.
### Deprovision parameters
{
"_apb_last_requesting_user": "admin",
"_apb_plan_id": "f28",
"_apb_provision_creds": {},
"_apb_service_class_id": "1dd62d51c52cc2ac404d58abc0c8fa94",
"_apb_service_instance_id": "eb13b473-5a4b-11e8-8985-0242ac110008",
"cluster": "openshift",
"de": "Xfce",
"deshell": "bash",
"namespace": "blog-project",
"resolution": "1360x768",
"vncpass": "password"
}
Jesus, How did you get these deprovision parameters? I provisioned the Mediawiki APB which is an unbindable apb, but, I didn't see the key in the deprovision parameters from the ASB logs. And, can you tell me how to set the "asb_encode_binding"? I grabbed them from the broker logs, they were printed as parameters to the APB. Then I captured the log and cut out the json parameters and piped to jq to get the above formatted response. (In reply to Jian Zhang from comment #6) > Jesus, > > How did you get these deprovision parameters? I provisioned the Mediawiki > APB which is an unbindable apb, but, I didn't see the key in the deprovision > parameters from the ASB logs. And, can you tell me how to set the > "asb_encode_binding"? I was wrong in comment #7. I got the parameters from the apb deprovision pod. I configured the broker to keep_namespace = true so that the provision and deprovision pods remain. ### the APB projects $ oc get projects | grep dh-vnc dh-vnc-desktop-apb-depr-s52fc Active dh-vnc-desktop-apb-prov-z4ctz Active ### the provision project $ oc project dh-vnc-desktop-apb-prov-z4ctz oc Already on project "dh-vnc-desktop-apb-prov-z4ctz" on server "https://172.17.0.1:8443". ### the log from the APB for provision $ oc logs apb-8d0acb25-86e5-47dd-b555-65145d024b24 + [[ provision --extra-vars {"_apb_last_requesting_user":"admin","_apb_plan_id":"f28","_apb_service_class_id":"1dd62d51c52cc2ac404d58abc0c8fa94","_apb_service_instance_id":"fcfbdadb-5d6e-11e8-87e8-0242ac11000b","cluster":"openshift","de":"Xfce","deshell":"bash","namespace":"blog-project","resolution":"1360x768","vncpass":"password"} == *\s\2\i\/\a\s\s\e\m\b\l\e* ]] ... ### deprovision project $ oc project dh-vnc-desktop-apb-depr-s52fc Now using project "dh-vnc-desktop-apb-depr-s52fc" on server "https://172.17.0.1:8443". ### the log from the APB for deprovision $ oc logs apb-7808a4b4-9769-4e70-84ff-1e7aadbb0f9a + [[ deprovision --extra-vars {"_apb_last_requesting_user":"admin","_apb_plan_id":"f28","_apb_provision_creds":{},"_apb_service_class_id":"1dd62d51c52cc2ac404d58abc0c8fa94","_apb_service_instance_id":"fcfbdadb-5d6e-11e8-87e8-0242ac11000b","cluster":"openshift","de":"Xfce","deshell":"bash","namespace":"blog-project","resolution":"1360x768","vncpass":"password"} == *\s\2\i\/\a\s\s\e\m\b\l\e* ]] ... I copied the json parameters and then used jq to create a pretty printed version. So the parameters are in the APBs, use the VNC Desktop (APB) to see the parameters. Fixed in PR https://github.com/openshift/ansible-service-broker/pull/959 This will be fixed in a release 1.2.13-1 or later. Jesus, Thank you! I see now. Jesus, How can I check the details log about the provision/deprovision? Now, I could NOT find the configure info(as you showd above) by the `oc logs` command. Provision logs: [root@qe-chezhang-310master-etcd-1 ~]# oc get pods NAME READY STATUS RESTARTS AGE apb-17eecc76-5a71-422b-a735-af4f93d4269f 0/1 Completed 0 2m [root@qe-chezhang-310master-etcd-1 ~]# oc logs apb-17eecc76-5a71-422b-a735-af4f93d4269f PLAY [mediawiki-apb provision] ************************************************* TASK [ansibleplaybookbundle.asb-modules : debug] ******************************* skipping: [localhost] TASK [mediawiki-apb : Update last operation] *********************************** changed: [localhost] TASK [mediawiki-apb : Determine cluster type] ********************************** changed: [localhost] TASK [mediawiki-apb : Set facts] *********************************************** ok: [localhost] TASK [mediawiki-apb : Include variables based on ansible version] ************** skipping: [localhost] TASK [mediawiki-apb : Validate Admin User and Password] ************************ skipping: [localhost] TASK [mediawiki-apb : Set mediawiki objects state=present] ********************* changed: [localhost] => (item=service.yaml) changed: [localhost] => (item=pvc.yaml) TASK [mediawiki-apb : Set mediawiki route state=present] *********************** changed: [localhost] TASK [mediawiki-apb : Set mediawiki deployment state=present] ****************** changed: [localhost] TASK [mediawiki-apb : Update last operation] *********************************** changed: [localhost] PLAY RECAP ********************************************************************* localhost : ok=7 changed=6 unreachable=0 failed=0 Deprovision logs: [root@qe-chezhang-310master-etcd-1 ~]# oc logs apb-4741b423-e759-4d57-9f5c-244843d5ebfe PLAY [Deprovision mediawiki-apb from openshift] ******************************** TASK [ansibleplaybookbundle.asb-modules : debug] ******************************* skipping: [localhost] TASK [mediawiki-apb : Update last operation] *********************************** changed: [localhost] TASK [mediawiki-apb : Determine cluster type] ********************************** changed: [localhost] TASK [mediawiki-apb : Set facts] *********************************************** ok: [localhost] TASK [mediawiki-apb : Include variables based on ansible version] ************** skipping: [localhost] TASK [mediawiki-apb : Validate Admin User and Password] ************************ skipping: [localhost] TASK [mediawiki-apb : Set mediawiki objects state=absent] ********************** changed: [localhost] => (item=service.yaml) changed: [localhost] => (item=pvc.yaml) TASK [mediawiki-apb : Set mediawiki route state=absent] ************************ changed: [localhost] TASK [mediawiki-apb : Set mediawiki deployment state=absent] ******************* changed: [localhost] TASK [mediawiki-apb : Update last operation] *********************************** changed: [localhost] PLAY RECAP ********************************************************************* localhost : ok=7 changed=6 unreachable=0 failed=0 The ASB version: 1.2.17 Maybe I need to add "-vvv" option for the ansible playbooks, but how to do that? How to check these details logs? The fix focus on ASB side, so you can use upstream apb image mongodb-apb from ansibleplaybookbundle for verification. @Cheng, Thanks, I think I can use the VNC APB for the test. https://errata.devel.redhat.com/advisory/33505 updated openshift-enterprise-mariadb-apb-v3.11.0-0.10.0.3 openshift-enterprise-mediawiki-apb-v3.11.0-0.10.0.3 openshift-enterprise-postgresql-apb-v3.11.0-0.10.0.3 openshift-enterprise-mysql-apb-v3.11.0-0.10.0.3 openshift-enterprise-mediawiki-container-v3.11.0-0.10.0.0 openshift-enterprise-asb-container-v3.11.0-0.10.0.1 openshift-enterprise-apb-base-container-v3.11.0-0.10.0.3 We can see the `"_apb_provision_creds\":{}` in the deprovision action. Details as below, LGTM, verify it.
[root@ip-172-18-5-253 ~]# oc logs -f bundle-6ac6a918-1685-4fff-b19d-1ca274c7f7ad --loglevel 8
...
I0803 09:13:20.452729 19004 request.go:897] Response Body: {"kind":"Pod","apiVersion":"v1","metadata":{"name":"bundle-6ac6a918-1685-4fff-b19d-1ca274c7f7ad","namespace":"aws-mediawiki-apb-depr-22m7g","selfLink":"/api/v1/namespaces/aws-mediawiki-apb-depr-22m7g/pods/bundle-6ac6a918-1685-4fff-b19d-1ca274c7f7ad","uid":"caa0cb08-971e-11e8-9298-0e21f4d9ce82","resourceVersion":"33313","creationTimestamp":"2018-08-03T13:11:53Z","labels":{"bundle-action":"deprovision","bundle-fqname":"aws-mediawiki-apb","bundle-pod-name":"bundle-6ac6a918-1685-4fff-b19d-1ca274c7f7ad"},"annotations":{"apb_last_operation":"100%: Done","openshift.io/scc":"restricted"}},"spec":{"volumes":[{"name":"bundle-6ac6a918-1685-4fff-b19d-1ca274c7f7ad-token-m5txl","secret":{"secretName":"bundle-6ac6a918-1685-4fff-b19d-1ca274c7f7ad-token-m5txl","defaultMode":420}}],"containers":[{"name":"apb","image":"registry.reg-aws.openshift.com:443/openshift3/mediawiki-apb:v3.11","args":["deprovision","--extra-vars","{\"_apb_last_requesting_user\":\"jiazha\",\"_apb_plan_id\":\"default\",\"_apb_provision_creds\":{},\"_apb_s [truncated 2902 chars]
...
DEPRECATED: APB playbooks should be stored at /opt/apb/project
PLAY [Deprovision mediawiki-apb from openshift] ********************************
TASK [ansibleplaybookbundle.asb-modules : debug] *******************************
skipping: [localhost]
TASK [mediawiki-apb : Update last operation] ***********************************
changed: [localhost]
TASK [mediawiki-apb : Set facts] ***********************************************
ok: [localhost]
TASK [mediawiki-apb : Validate Admin User and Password] ************************
skipping: [localhost]
TASK [mediawiki-apb : Set mediawiki objects state=absent] **********************
changed: [localhost] => (item={u'name': u'service.yaml.j2'})
changed: [localhost] => (item={u'name': u'pvc.yaml.j2'})
changed: [localhost] => (item={u'apply': True, u'name': u'route.yaml.j2'})
changed: [localhost] => (item={u'name': u'deployment.yaml.j2'})
TASK [mediawiki-apb : Update last operation] ***********************************
changed: [localhost]
PLAY RECAP *********************************************************************
localhost : ok=4 changed=3 unreachable=0 failed=0
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2018:2652 |