Description of problem: The default permissions applied to the developer account with minishift cause most of the apb tooling features to fail. How reproducible: Every time Steps to Reproduce: 1. Follow the steps to install minishift with the ansible-service-broker addon 2. Log in as the developer user 3. Try to use the apb tool to interface with the minishift broker Actual results: apb list, apb relist, apb bootstrap, apb build, and apb push will all fail to run. Expected results: * apb list - should list the available APBs * apb relist - should relist the service catalog * apb build - should correctly build the apb image * apb push - should push the apb to the minishift registry and be visible in the "apb list" list of apbs, as well as be available in the service catalog. This can be verified with "oc get clusterserviceclasses -o yaml".
Addon PR: https://github.com/minishift/minishift-addons/pull/76 ansible-playbook-bundle PR: https://github.com/ansibleplaybookbundle/ansible-playbook-bundle/pull/207
Zhang, you should run the script as a non-root user. I added a PR that validates this and exits with an error message if the executing user is root: https://github.com/ansibleplaybookbundle/ansible-playbook-bundle/pull/225 Note: I am now seeing the following error trying to start v3.9.0-alpha.3, which I was previously able to start: > Error starting the cluster: Error attempting to download and cache 'oc': Cannot get binary 'oc' in version v3.9.0-alpha.3 for the target environment Linux I reported this on my issue tracking v3.9.0* deploy problems. v3.9.0-alpha.4 is blocked by the same problem: https://github.com/minishift/minishift/issues/1922
Erik, Thanks. I will try again with normal user tomorrow. For the issue you report in minishift, I really hit it, and have workaround by pre-prepare a oc binary in local Such as: $ mkdir -p ~/.minishift/cache/oc/v3.9.0-alpha.3/linux/ $ mv oc ~/.minishift/cache/oc/v3.9.0-alpha.3/linux/
Zhang, I'm actually seeing this as well, I think something got merged to canary that's potentially breaking the image. I will investigate and report back.
Erik, OKay. Thanks your response. I'm changing status to "Assign" follow test result at present, please move back if you think ready for test again. Thanks.
I deployed with my script here: https://github.com/jmontleon/minishift-scripts Copy config.example to config and adjust as needed/wanted. Most commands seem to be working: [jmontleo@jmontleo minishift-scripts]$ apb relist Successfully relisted the Service Catalog [jmontleo@jmontleo minishift-scripts]$ apb bootstrap Contacting the ansible-service-broker at: https://asb-1338-ansible-service-broker.192.168.42.253.nip.io/ansible-service-broker/v2/bootstrap Successfully bootstrapped Ansible Service Broker Successfully relisted the Service Catalog [jmontleo@jmontleo minishift-scripts]$ apb list Contacting the ansible-service-broker at: https://asb-1338-ansible-service-broker.192.168.42.253.nip.io/ansible-service-broker/v2/catalog ID NAME DESCRIPTION 880ef3b4ba5fa8d80908e9974228e603 dh-awx-apb AWX APB Implementation 21e1bfbf09d5a7fb8a54042f504f26be dh-demo-api-apb Internal Dog API d4684c1b61cd094af9aa6ec4a90b4d69 dh-demo-app-apb Deploys a demo application showing random pictures. ... [jmontleo@jmontleo foo]$ apb build Finished writing dockerfile. Building APB using tag: [foo-apb] Successfully built APB image: foo-apb apb push is failing for me: [jmontleo@jmontleo foo]$ apb push --namespace test ... Exception occurred trying to find docker-registry service in namespace default: (403) Reason: Forbidden HTTP response headers: HTTPHeaderDict({'Date': 'Thu, 22 Feb 2018 15:22:05 GMT', 'Content-Length': '122', 'Content-Type': 'text/plain', 'X-Content-Type-Options': 'nosniff', 'Cache-Control': 'no-store'}) HTTP response body: User "developer" cannot get services in the namespace "default": User "developer" cannot get services in project "default" Failed to find registry service IP address. Exception occurred! Unable to get registry IP from namespace default I'm not surprised that the developer can't see anything in the default namespace. I'm not sure if there is an alternative way of pushing. Asking around
apb push --registry-service-name docker-registry --registry-namespace default or apb push --push-to-broker seems to get the push working, but it looks like it's trying to pull library/foo-apb:latest which doesn't exist. Error: image library/foo-apb:latest not found I'm not sure what the expected behavior is or if what I'm passing in for options even makes sense.
@Jason, minishift instructions with asb are here: https://github.com/eriknelson/minishift-addons/tree/asb-updates/add-ons/ansible-service-broker. I am still in the process of getting them merged to minishift/minishift-addons. You are likely missing eval $(minishift docker-env), which is a required prereq for apb push to function correctly. I'm checking to see if I can reproduce @Zhang's issue with latest images.
That was my error. I can confirm success with all commands against minishift now. Your script (or settings an alias up to do similar) gets me to success.
@Zhang, We've confirmed the error that you and I were experiencing to be due to host networking rules. Run this script to add the necessary iptables rules and you should be able to use the apb container script. https://raw.githubusercontent.com/eriknelson/ansible-playbook-bundle/1d52d30e1835611b6f6b5aa63d04568c7891403f/scripts/setup-network.sh PR :https://github.com/ansibleplaybookbundle/ansible-playbook-bundle/pull/231
@Erik, You are right. apb list/relist/prepare worked fine after using setup-network.sh But apb build still failed(I remember "apb should not be run as root!", so using new user "chezhang"): [chezhang@host-172-16-120-40 test-demo]$ id uid=1001(chezhang) gid=1001(chezhang) groups=1001(chezhang),991(libvirt) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 [chezhang@host-172-16-120-40 test-demo]$ ls -l /var/run/docker.sock srwxrwxrwx. 1 root root 0 Feb 23 21:26 /var/run/docker.sock [chezhang@host-172-16-120-40 test-demo]$ pwd /home/chezhang/test-demo [chezhang@host-172-16-120-40 test-demo]$ eval $(minishift docker-env); . ../apb-docker-run.sh build Running APB image: docker.io/ansibleplaybookbundle/apb-tools:canary Targetting minishift host: tcp://192.168.42.20:2376 Finished writing dockerfile. Building APB using tag: [test-demo] Error accessing the docker API. Is the daemon running? Exception occurred! Error while fetching server API version: HTTPSConnectionPool(host='192.168.42.20', port=2376): Max retries exceeded with url: /version (Caused by NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x3ec2950>: Failed to establish a new connection: [Errno 111] Connection refused',))
@Erik I'm changing status to "ASSIGNED" since test result not looks good to me, refer to Comment 23. Please move back if have some mistake. Thanks.
This looks like a missing iptables rule. Trying to confirm that in your test environment.
I added the missing port to the iptables forwarding and tested in your environment, apb build/push/test all worked as expected. One note: you had an old version of the ansible-service-broker installed. You needed to checkout the asb-updates branch from my minishift-addons repo, instead the version from master was installed. PR with the additional port: https://github.com/ansibleplaybookbundle/ansible-playbook-bundle/pull/232
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2018:3748