Bug 1792166

Summary: Ansible Service Broker seems not working
Product: OpenShift Container Platform Reporter: Takayoshi Kimura <tkimura>
Component: Service BrokerAssignee: Jesus M. Rodriguez <jesusr>
Status: CLOSED ERRATA QA Contact: Cuiping HUO <chuo>
Severity: medium Docs Contact:
Priority: medium    
Version: 3.11.0CC: aos-bugs, calfonso
Target Milestone: ---Keywords: Reopened
Target Release: 3.11.z   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-03-20 00:12:43 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
Using an empty whitelist
none
using the default whitelist of [u'.*-apb$'] none

Description Takayoshi Kimura 2020-01-17 08:02:55 UTC 
Description of problem:

Ansible Service Broker seems not working. On Web Console, I no longer see mediawiki nor postgres example apb applications. I looked at 4 OCPv3 clusters (all standard installation) but they are all not seeing apb apps.

Version-Release number of selected component (if applicable):

openshift v3.11.157

How reproducible:

Always

Steps to Reproduce:
1. Go to web console and see if there's mediawiki app
2.
3.

Actual results:

There's no asb example apps in the Web Console

Expected results:

asb example apps listed in the Web Console

Additional info:
Comment 2 Takayoshi Kimura 2020-01-17 08:11:31 UTC 
The asb pod log, broker-config (default config + just changed log level to debug), /metrics output attached in private. OSB catalog endpoint returns empty services.

> $ curl -H "Authorization: Bearer $(oc whoami -t)" -k https://asb.openshift-ansible-service-broker.svc:1338/osb/v2/catalog # curl with cluster-admin user
> {
>   "services": []
> }
Comment 7 Takayoshi Kimura 2020-02-20 02:49:49 UTC 
The registry config does have the white_list, and it's all default configuration.

registry:
  - type: rhcc
    name: rh
    url: https://registry.redhat.io
    org: 
    tag: v3.11.157
    white_list: [u'.*-apb$']
    black_list: [u'.*automation-broker-apb$']
    auth_type: secret
    auth_name: asb-registry-auth
  - type: local_openshift
    name: localregistry
    white_list: []
    namespaces: [u'openshift']
dao:
  type: crd
log:
  stdout: true
  level: info
  color: true
openshift:
  host: ''
  ca_file: ''
  bearer_token_file: ''
  namespace: openshift-ansible-service-broker
  sandbox_role: edit
  image_pull_policy: Always
  keep_namespace: false
  keep_namespace_on_error: false
broker:
  dev_broker: false
  bootstrap_on_startup: true
  refresh_interval: 600s
  launch_apb_on_bind: false
  output_request: false
  recovery: true
  ssl_cert_key: /etc/tls/private/tls.key
  ssl_cert: /etc/tls/private/tls.crt
  auto_escalate: False
  auth:
    - type: basic
      enabled: false
secrets: []
Comment 8 Jesus M. Rodriguez 2020-02-28 16:00:32 UTC 
The logs showed the broker using a local_openshift registry. The config you posted has exactly the problem:

- type: local_openshift
    name: localregistry
    white_list: []
    namespaces: [u'openshift']

That is an EMPTY white_list which will cause the broker to ignore all apbs. I still believe this is a configuration issue with the broker.
Comment 9 Takayoshi Kimura 2020-02-29 01:22:06 UTC 
Removed the local_openshift block and got same empty result. The apbs on rhcc is not populated.
Comment 12 Jesus M. Rodriguez 2020-02-29 05:19:08 UTC 
Created attachment 1666533 [details]
Using an empty whitelist
Comment 13 Jesus M. Rodriguez 2020-02-29 05:20:12 UTC 
Created attachment 1666534 [details]
using the default whitelist of [u'.*-apb$']
Comment 14 Jesus M. Rodriguez 2020-02-29 05:24:18 UTC 
Using a whitelist I see the clusterserviceclasses:
      - type: rhcc
        name: rh
        url: https://registry.redhat.io
        org:
        tag: v3.11.157
        white_list: [u'.*-apb$']
        black_list: [u'.*automation-broker-apb$']
        auth_type: secret
        auth_name: asb-registry-auth
-----
$ oc get clusterserviceclasses | grep apb
08ccf37be271fba38b1a70f87302297f       dh-rhpam-apb               openshift-automation-service-broker   4m
09628db4757fd1a2db85d465106b9f82       dh-gluster-s3-apb          openshift-automation-service-broker   4m
0e991006d21029e47abe71acc255e807       dh-pyzip-demo-apb          openshift-automation-service-broker   4m
135bd0df0401e2fdd52fd136935014fb       dh-nginx-apb               openshift-automation-service-broker   4m
1830d9181b425e281b36efbf22f378a4       dh-proxy-config-apb        openshift-automation-service-broker   4m
1882ffca5d72b1084e9107e3485f5066       dh-eclipse-che-apb         openshift-automation-service-broker   4m
192097962f2955b0582b5d53ddb942e4       dh-galera-apb              openshift-automation-service-broker   4m
1dd62d51c52cc2ac404d58abc0c8fa94       dh-vnc-desktop-apb         openshift-automation-service-broker   4m
1dda1477cace09730bd8ed7a6505607e       dh-postgresql-apb          openshift-automation-service-broker   4m
2c79572fbf83125231198451c26e7cf9       dh-mssql-remote-apb        openshift-automation-service-broker   4m
5d0062cce443e5ecb8438ca5f664dcd7       dh-kibana-apb              openshift-automation-service-broker   4m
60836f0ce3bd7d325587211dd7791f5b       dh-import-vm-apb           openshift-automation-service-broker   4m
67042296c7c95e84142f21f58da2ebfe       dh-mariadb-apb             openshift-automation-service-broker   4m
693cb128e68365830c913631300deac0       dh-pyzip-demo-db-apb       openshift-automation-service-broker   4m
6df7afbd132c094704b4a8bfd44378c0       dh-manageiq-apb            openshift-automation-service-broker   4m
880ef3b4ba5fa8d80908e9974228e603       dh-awx-apb                 openshift-automation-service-broker   4m
927ea718efcc5b039fa2a6cf368f0300       dh-unifi-controller-apb    openshift-automation-service-broker   4m
97a28db2f29cb90245d9cc58ba226273       dh-homeassistant-apb       openshift-automation-service-broker   4m
9f7da06f179b895a8ee5f9a3ce4af7ef       dh-hello-world-apb         openshift-automation-service-broker   4m
a946a139a9308a59bf642ac52b4ba317       dh-wordpress-ha-apb        openshift-automation-service-broker   4m
ab24ffd54da0aefdea5277e0edce8425       dh-hastebin-apb            openshift-automation-service-broker   4m
aff6d7bb9c7f57c9ce8b742228e4caa3       dh-es-apb                  openshift-automation-service-broker   4m
b43a4272a6efcaaa3e0b9616324f1099       dh-hello-world-db-apb      openshift-automation-service-broker   4m
b95513950bb3f132de25d58fb75f8dca       dh-keycloak-apb            openshift-automation-service-broker   4m
c4ef25f81a0c275c8f1bee1b736f3068       dh-mssql-apb               openshift-automation-service-broker   4m
c65fbd4e701cb71d74fd2cc35e14432b       dh-rds-postgres-apb        openshift-automation-service-broker   4m
ca91b61da8476984f18fc13883ae2fdb       dh-etherpad-apb            openshift-automation-service-broker   4m
ddd528762894b277001df310a126d5ad       dh-mysql-apb               openshift-automation-service-broker   4m
e9c042c4925dd0c7c25ceca4f5179e1c       dh-mongodb-apb             openshift-automation-service-broker   4m
eebf92c7670f30007a4b8db3a8166d5c       dh-thelounge-apb           openshift-automation-service-broker   4m
f4509733ca0636df3d69b6af53260160       dh-jenkins-apb             openshift-automation-service-broker   4m
f6c4486b7fb0cdac4b58e193607f7011       dh-mediawiki-apb           openshift-automation-service-broker   4m
f755257efed3e3d43c8b82afd0db1181       dh-prometheus-apb          openshift-automation-service-broker   4m
f830fb63f6df99c7bfae34b295b43108       dh-tiller-apb              openshift-automation-service-broker   4m
Comment 15 Jesus M. Rodriguez 2020-02-29 05:26:25 UTC 
using an empty whitelist []:
      - type: rhcc
        name: rh
        url: https://registry.redhat.io
        org:
        tag: v3.11.157
        white_list: []
        black_list: [u'.*automation-broker-apb$']
        auth_type: secret
        auth_name: asb-registry-auth
----
$ oc get clusterserviceclasses | grep apb
$
----
$ oc get clusterserviceclasses
NAME                                   EXTERNAL-NAME              BROKER                    AGE
c1155d07-5aaf-11ea-a9d2-64006a559cc9   dancer-mysql-persistent    template-service-broker   11m
c14102d1-5aaf-11ea-a9d2-64006a559cc9   mongodb-persistent         template-service-broker   11m
c1452223-5aaf-11ea-a9d2-64006a559cc9   mysql-persistent           template-service-broker   11m
c14a1e3f-5aaf-11ea-a9d2-64006a559cc9   jenkins-pipeline-example   template-service-broker   11m
c14f107f-5aaf-11ea-a9d2-64006a559cc9   postgresql-persistent      template-service-broker   11m
c1565999-5aaf-11ea-a9d2-64006a559cc9   rails-pgsql-persistent     template-service-broker   11m
c16a2a11-5aaf-11ea-a9d2-64006a559cc9   mariadb-persistent         template-service-broker   11m
c1937eee-5aaf-11ea-a9d2-64006a559cc9   django-psql-persistent     template-service-broker   11m
c1e79ccd-5aaf-11ea-a9d2-64006a559cc9   cakephp-mysql-persistent   template-service-broker   11m
c25c1de9-5aaf-11ea-a9d2-64006a559cc9   nodejs-mongo-persistent    template-service-broker   11m
c3026606-5aaf-11ea-a9d2-64006a559cc9   jenkins-ephemeral          template-service-broker   11m
Comment 23 Cuiping HUO 2020-03-16 10:20:55 UTC 
Verified. 
cluster version:3.11.188

Removed the *u* from white_list and black_list in config map and able to get apb for ansible-service-broker.

  - type: rhcc
    name: rh
    url: https://registry.redhat.io
    org: 
    tag: v3.11.157
    white_list: ['.*-apb$']
    black_list: ['.*automation-broker-apb$']
    auth_type: secret
    auth_name: asb-registry-auth

# oc get clusterserviceclass | grep ansible
03b69500305d9859bb9440d9f9023784       rh-mediawiki-apb                                    ansible-service-broker    3m
2c259ddd8059b9bc65081e07bf20058f       rh-mariadb-apb                                      ansible-service-broker    3m
73ead67495322cc462794387fa9884f5       rh-mysql-apb                                        ansible-service-broker    3m
d5915e05b253df421efe6e41fb6a66ba       rh-postgresql-apb                                   ansible-service-broker    3m
Comment 25 errata-xmlrpc 2020-03-20 00:12:43 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:0793