Bug 1469368 - Need make 'kube-service-catalog' project network global
Need make 'kube-service-catalog' project network global
Status: CLOSED ERRATA
Product: OpenShift Container Platform
Classification: Red Hat
Component: Installer (Show other bugs)
3.6.0
Unspecified Unspecified
medium Severity medium
: ---
: ---
Assigned To: ewolinet
DeShuai Ma
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2017-07-11 02:42 EDT by DeShuai Ma
Modified: 2017-08-16 15 EDT (History)
7 users (show)

See Also:
Fixed In Version:
Doc Type: No Doc Update
Doc Text:
as part of the 3.6 deliverable to install the service catalog, we needed to make the kube-service-catalog project network global
Story Points: ---
Clone Of:
Environment:
Last Closed: 2017-08-10 01:31:01 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
sdodson: needinfo-


Attachments (Terms of Use)

  None (edit)
Description DeShuai Ma 2017-07-11 02:42:34 EDT
Description of problem:
In multitenant env, as service-catalog & asb in different project. the controller-manager can't access the the asb to get catalog.

Version-Release number of selected component (if applicable):
openshift v3.6.136
kubernetes v1.6.1+5115d708d7
etcd 3.2.1
openshift-ansible-3.6.140-1.git.0.4a02427.el7.noarch.rpm

How reproducible:
Always

Steps to Reproduce:
1. Check broker status
[root@ip-172-18-6-17 asb]# oc describe broker
Name:		ansible-service-broker
Namespace:	
Labels:		<none>
Events:
  FirstSeen	LastSeen	Count	From					SubObjectPath	Type		Reason			Message
  ---------	--------	-----	----					-------------	--------	------			-------
  7m		11s		21	service-catalog-controller-manager			Warning		ErrorFetchingCatalog	Error getting broker catalog for broker "ansible-service-broker": Get http://asb.openshift-ansible-service-broker.svc:1338/v2/catalog: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
[root@ip-172-18-6-17 asb]# oc get broker ansible-service-broker -o json
{
    "apiVersion": "servicecatalog.k8s.io/v1alpha1",
    "kind": "Broker",
    "metadata": {
        "creationTimestamp": "2017-07-11T05:39:55Z",
        "finalizers": [
            "kubernetes-incubator/service-catalog"
        ],
        "name": "ansible-service-broker",
        "resourceVersion": "17561",
        "selfLink": "/apis/servicecatalog.k8s.io/v1alpha1/brokersansible-service-broker",
        "uid": "5e7040d3-65fb-11e7-973f-0a580a810003"
    },
    "spec": {
        "url": "http://asb.openshift-ansible-service-broker.svc:1338"
    },
    "status": {
        "conditions": [
            {
                "lastTransitionTime": "2017-07-11T05:40:10Z",
                "message": "Error fetching catalog. Error getting broker catalog for broker \"ansible-service-broker\": Get http://asb.openshift-ansible-service-broker.svc:1338/v2/catalog: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)",
                "reason": "ErrorFetchingCatalog",
                "status": "False",
                "type": "Ready"
            }
        ]
    }
}

2.
3.

Actual results:

Expected results:

Additional info:
After join 'kube-service-catalog' & 'openshift-ansible-service-broker' get catalog success.
$ oadm pod-network join-projects --to=openshift-ansible-service-broker kube-service-catalog

Description of problem:

Version-Release number of the following components:
rpm -q openshift-ansible
rpm -q ansible
ansible --version

How reproducible:

Steps to Reproduce:
1.
2.
3.

Actual results:
Please include the entire output from the last TASK line through the end of output if an error is generated

Expected results:

Additional info:
Please attach logs from ansible-playbook with the -vvv flag
Comment 1 DeShuai Ma 2017-07-11 03:07:16 EDT
CC to Derek Carr, Not sure if you want make the project global or move it to other project
Comment 3 Derek Carr 2017-07-11 13:13:43 EDT
CC to Paul Morie.
Comment 7 Scott Dodson 2017-07-13 12:55:08 EDT
Probably need to make it conditional on use of the multitenant plugin, luckly there's only one way to set that, so something like this

when: os_sdn_network_plugin_name | default('') == 'redhat/openshift-ovs-multitenant'
Comment 10 DeShuai Ma 2017-07-18 01:40:35 EDT
Test on latest puddle, this is fixed.
Comment 12 errata-xmlrpc 2017-08-10 01:31:01 EDT
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2017:1716

Note You need to log in before you can comment on or make changes to this bug.