Description of problem: Pushing an updated version of an APB image to the internal OpenShift registry causes duplicate images to exist with different SHAs. This causes the subsequent `apb bootstrap` to arbitrarily select one of these images to add to a list of APBs which won't necessarily be the latest version of the image. Version-Release number of selected component (if applicable): 3.9.0 How reproducible: 100% Steps to Reproduce: 1. apb push an APB 2. change displayName in apb.yml 3. apb push the same APB Actual results: Running apb bootstrap changes which version of the APB is displayed in the webUI Expected results: The old image is deleted and updated with the newest one. Additional info:
Workaround: oc get images| grep $apbname | awk '{ print $1 }' | xargs oc delete image. Then `apb push` again. This will delete all old SHAs of the image and update to the latest version.
In my case, running OCP v3.7.1 on a multi-node cluster (1 master + 1 node) even with the manual `apb run` the image was not being refreshed. I had to manually remove the docker images from the node. ``` sudo docker rmi `sudo docker images | grep my-apb | awk '{print$3}'` --force ``` The pod definition should have the image with the hash: image: docker-registry.default.svc:5000/openshift/keycloak-apb@sha256:0bd0030121e43e6772d7e2ec3d5c113408db42bcc66b331b0683af5c2593f45d Instead of image: 172.30.246.105:5000/openshift/keycloak-apb
https://github.com/ansibleplaybookbundle/ansible-playbook-bundle/pull/227
Fixed in apb-1.1.13. apb push now deletes old shas to prevent bootstrap from picking up an older version.
The apb tool version: 1.1.13 [root@localhost hello-world-db-apb]# apb version Version: apb-1.1.13 The ASB version: 1.1.15 [root@host-172-16-120-94 ~]# docker run --rm --entrypoint=asbd registry.reg-aws.openshift.com:443/openshift3/ose-ansible-service-broker:v3.9.1 --version 1.1.15 Test steps: 1, Push an APB image to the internal Openshift registry. [root@localhost hello-world-db-apb]# apb push --registry-route docker-registry-default.apps.0301-duq.qe.rhcloud.com Didn't find OpenShift Ansible Broker route in namespace: ansible-service-broker. Trying openshift-ansible-service-broker version: 1.0 name: hello-world-db-apb description: A sample APB which deploys Hello World Database bindable: True async: optional metadata: displayName: Hello World Database (APB) dependencies: ['docker.io/centos/postgresql-94-centos7'] providerDisplayName: "Red Hat, Inc." plans: - name: default description: A sample APB which deploys Hello World Database free: True metadata: displayName: Default longDescription: This plan deploys a Postgres Database the Hello World application can connect to cost: $0.00 parameters: - name: postgresql_database title: PostgreSQL Database Name type: string default: admin - name: postgresql_user title: PostgreSQL User type: string default: admin - name: postgresql_password title: PostgreSQL Password type: string default: admin Finished writing dockerfile. Building APB using tag: [docker-registry-default.apps.0301-duq.qe.rhcloud.com/openshift/hello-world-db-apb] Successfully built APB image: docker-registry-default.apps.0301-duq.qe.rhcloud.com/openshift/hello-world-db-apb Pushing the image, this could take a minute... Successfully pushed image: docker-registry-default.apps.0301-duq.qe.rhcloud.com/openshift/hello-world-db-apb Contacting the ansible-service-broker at: https://asb-1338-openshift-ansible-service-broker.apps.0301-duq.qe.rhcloud.com/ansible-service-broker/v2/bootstrap Successfully bootstrapped Ansible Service Broker Successfully relisted the Service Catalog 2, Changed the displayName in the apb.yaml. 3, Push the same APB image. [root@localhost hello-world-db-apb]# vim apb.yml [root@localhost hello-world-db-apb]# apb push --registry-route docker-registry-default.apps.0301-duq.qe.rhcloud.com Didn't find OpenShift Ansible Broker route in namespace: ansible-service-broker. Trying openshift-ansible-service-broker version: 1.0 name: hello-world-db-apb description: A sample APB which deploys Hello World Database bindable: True async: optional metadata: displayName: Hello World Test (APB) dependencies: ['docker.io/centos/postgresql-94-centos7'] providerDisplayName: "Red Hat, Inc." plans: - name: default description: A sample APB which deploys Hello World Database free: True metadata: displayName: Default longDescription: This plan deploys a Postgres Database the Hello World application can connect to cost: $0.00 parameters: - name: postgresql_database title: PostgreSQL Database Name type: string default: admin - name: postgresql_user title: PostgreSQL User type: string default: admin - name: postgresql_password title: PostgreSQL Password type: string default: admin Finished writing dockerfile. Building APB using tag: [docker-registry-default.apps.0301-duq.qe.rhcloud.com/openshift/hello-world-db-apb] Successfully built APB image: docker-registry-default.apps.0301-duq.qe.rhcloud.com/openshift/hello-world-db-apb Pushing the image, this could take a minute... Successfully pushed image: docker-registry-default.apps.0301-duq.qe.rhcloud.com/openshift/hello-world-db-apb Contacting the ansible-service-broker at: https://asb-1338-openshift-ansible-service-broker.apps.0301-duq.qe.rhcloud.com/ansible-service-broker/v2/bootstrap Successfully bootstrapped Ansible Service Broker Successfully relisted the Service Catalog 4, Check the SHAs, but, the old one still exist. Detail as below: [root@host-172-16-120-94 ~]# oc get images | grep hello-world-db sha256:d46ef6dd9da5e423633e3d15c26b63d2b5bbb8af7a5eeb5581de99042b852e66 docker-registry.default.svc:5000/openshift/hello-world-db-apb@sha256:d46ef6dd9da5e423633e3d15c26b63d2b5bbb8af7a5eeb5581de99042b852e66 sha256:ebe721fb78ec0b0f37697ba424ca7ba8ccc715c91826315a3f16dea314053971 docker-registry.default.svc:5000/openshift/hello-world-db-apb@sha256:ebe721fb78ec0b0f37697ba424ca7ba8ccc715c91826315a3f16dea314053971 5, apb bootstrap and refresh/check the display name in web UI. But, still display the old name: Hello World Database (APB) [root@localhost hello-world-db-apb]# apb bootstrap Didn't find OpenShift Ansible Broker route in namespace: ansible-service-broker. Trying openshift-ansible-service-broker Contacting the ansible-service-broker at: https://asb-1338-openshift-ansible-service-broker.apps.0301-duq.qe.rhcloud.com/ansible-service-broker/v2/bootstrap Successfully bootstrapped Ansible Service Broker Successfully relisted the Service Catalog Verify failed.
This is an edge case since using the registry-route gets converted into the service definition (docker-registry.default.svc:5000/openshift/hello-world-db-apb). I will add a check to look for the svc definition as well.
https://github.com/ansibleplaybookbundle/ansible-playbook-bundle/pull/238
Verified and pass with apb-1.1.14 Steps: 1. apb init test-apb 2. cd test-apb; apb build 3. apb push --broker 4. change displayname in apb.yaml to test-again-apb 5. check image info in local registry # oc get images | grep test | grep apb --> only one image in here sha256:b444ae828bcb879345c24f3931fdda6a35bd9ba92dfdf2f9da241cb7f2611d3e docker-registry.default.svc:5000/openshift/test-apb@sha256:b444ae828bcb879345c24f3931fdda6a35bd9ba92dfdf2f9da241cb7f2611d3e 6. apb bootstrap 7. check apb displayname in web console --> test result is "test-again"
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2018:3748