Description of problem: Enable service catalog & template service broker by openshift-ansible. Since bug 1470623, no serviceclass default after install env successfully. Manually create servicebroker, then provision servicecalss in browse catalog with a normal user, met below error: Error provisioning Jenkins (Persistent) in xiu An error occurred provisioning the service. Version-Release number of selected component (if applicable): openshift v3.7.0-0.133.0 kubernetes v1.7.0+80709908fd How reproducible: always Steps to Reproduce: 1.Enable service catalog & template service broker by openshift-ansible 2.Manually create servicebroker 3.Provision a servicecalss in browse catalog Actual results: Error provisioning Jenkins (Persistent) in xiu An error occurred provisioning the service. Expected results: Should provision successfully. Additional info: Manually create servicebroker #oadm policy add-cluster-role-to-user cluster-admin -z default -n default #oc create secret generic token-for-tsb --from-literal=token=<secret_of_default_sa> -n kube-service-catalog #echo 'apiVersion: servicecatalog.k8s.io/v1alpha1 kind: ServiceBroker metadata: finalizers: - kubernetes-incubator/service-catalog name: template-service-broker spec: url: https://apiserver.openshift-template-service-broker.svc:443/brokers/template.openshift.io authInfo: bearer: secretRef: namespace: kube-service-catalog name: token-for-tsb'|oc create -f - #oadm policy add-cluster-role-to-user cluster-admin -z service-catalog-controller -n kube-service-catalog #oc delete pods --all -n kube-service-catalog #oc get servicebroker template-service-broker #pc get serviceclass
Jim, I suspect this is an issue of how the SC/TSB was installed/configured/registered (perhaps origin identity headers not being turned on, or the broker resource that registered the TSB with the SC didn't include all the right auth information to enable the SC to authenticate itself when calling the TSB back). Probably going to need to start by getting a better handle on exactly what got configured/installed and how.
Adding Eric in case there are known ansible installer issues/workarounds in this space as well.
--feature-gates is incorrectly unset on the SC controller and this is likely to be enough for everything to be broken. Eric, it looks like recent-ish changes to examples/service-catalog/service-catalog.yaml from origin needs to be reimported into openshift-ansible, then a smoke-test / comparison with what oc cluster up does needs to be done. Ben, shouldn't our origin e2e testing be relying on the TSB to have been deployed by Ansible at this point? Going to open an origin issue for the latter and transfer this bug to Eric.
This will be resolved by the changes in https://github.com/openshift/openshift-ansible/pull/5746.
No error shown when provision clusterserviceclass on webconsole in tsb server installed by openshift ansible. openshift-ansible-3.7.0-0.178.0.git.0.27a1039.el7.noarch.rpm openshift v3.7.0-0.178.0 kubernetes v1.7.6+a08f5eeb62 @ben please help move this bug to on_qa, thanks
As comment #10,move this bug as verified.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2017:3188