Description of problem: When using apb from rhel-7-server-ose-3.7-rpms and running apb list --broker <broker URL> I do get: Error: Attempt to list APBs in the broker returned status: 404 Unable to list APBs in Ansible Service Broker. Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. Install OCP 3.7 with APB deployed 2. # yum install apb -y 3. # apb list --broker https://asb-1338-openshift-ansible-service-broker.apps.example.com Actual results: Error: Attempt to list APBs in the broker returned status: 404 Unable to list APBs in Ansible Service Broker. Expected results: shows list from ansible service broker Additional info: trying one one master with apb from ose-3.7 repo: [root@master-1 ~]# [root@master-1 ~]# yum provides apb Loaded plugins: search-disabled-repos, subscription-manager apb-1.0.4-1.el7.noarch : Ansible Playbook Bundle (APB) is a lightweight application definition (meta-container). Repo : rhel-7-server-ose-3.7-rpms apb-1.0.4-1.el7.noarch : Ansible Playbook Bundle (APB) is a lightweight application definition (meta-container). Repo : @rhel-7-server-ose-3.7-rpms [root@master-1 ~]# [root@master-1 ~]# oc whoami admin [root@master-1 ~]# [root@master-1 ~]# oc whoami -t WUfqBhpy57wG3YU6xJAHu_xddBmI6XXa4POBYy4SDMk [root@master-1 ~]# [root@master-1 ~]# apb list Exception occurred! unsupported operand type(s) for +: 'NoneType' and 'str' [root@master-1 ~]# [root@master-1 ~]# apb list --broker https://asb-1338-openshift-ansible-service-broker.apps.example.com Error: Attempt to list APBs in the broker returned status: 404 Unable to list APBs in Ansible Service Broker. [root@master-1 ~]# Doing the same with apb from EPEL repo : https://github.com/ansibleplaybookbundle/ansible-playbook-bundle/blob/master/docs/apb_cli.md#rpm-installation [root@master-0 ~]# rpm -qa apb apb-1.1.15-1.20180305205029.el7.centos.noarch [root@master-0 ~]# [root@master-0 ~]# oc whoami admin [root@master-0 ~]# oc whoami -t KPhzZc0u7TokgFwQuwJWAAr_67yk9IhIPPqCRQeEKPs [root@master-0 ~]# [root@master-0 ~]# [root@master-0 ~]# apb list Didn't find OpenShift Ansible Broker route in namespace: ansible-service-broker. Trying openshift-ansible-service-broker Contacting the ansible-service-broker at: https://asb-1338-openshift-ansible-service-broker.apps.example.com/ansible-service-broker/v2/catalog ID NAME DESCRIPTION 2c259ddd8059b9bc65081e07bf20058f rh-mariadb-apb Mariadb apb implementation 03b69500305d9859bb9440d9f9023784 rh-mediawiki-apb Mediawiki123 apb implementation 73ead67495322cc462794387fa9884f5 rh-mysql-apb Software Collections MySQL APB d5915e05b253df421efe6e41fb6a66ba rh-postgresql-apb SCL PostgreSQL apb implementation [root@master-0 ~]# [root@master-0 ~]# [root@master-0 ~]# apb list --broker https://asb-1338-openshift-ansible-service-broker.apps.example.com Contacting the ansible-service-broker at: https://asb-1338-openshift-ansible-service-broker.apps.example.com/ansible-service-broker/v2/catalog ID NAME DESCRIPTION 2c259ddd8059b9bc65081e07bf20058f rh-mariadb-apb Mariadb apb implementation 03b69500305d9859bb9440d9f9023784 rh-mediawiki-apb Mediawiki123 apb implementation 73ead67495322cc462794387fa9884f5 rh-mysql-apb Software Collections MySQL APB d5915e05b253df421efe6e41fb6a66ba rh-postgresql-apb SCL PostgreSQL apb implementation [root@master-0 ~]# note: even no need to set --broker
This issue appears to be due to the fact that the current oc user's permissions is causing the construction of the broker request to fail. At the very least we can patch a fix for 3.7 to print a proper error.
Plan for 3.7.z is to print the correct error for this case. 3.9 is already doing this.
Daniel, I confirm the `apb list --broker` is worked on the OCP 3.7 cluster for the 1.0.4 version. The usage is that you should add the "ansible-service-broker" strings in the tail of the broker URL, like below: [root@localhost hello-world-apb]# apb list --broker https://asb-1338-openshift-ansible-service-broker.apps.0314-p5u.qe.rhcloud.com/ansible-service-broker ID NAME DESCRIPTION 30ba0018270996447917c32b0d6c4e6b localregistry-hello-world-apb deploys hello-world web application 2c259ddd8059b9bc65081e07bf20058f rh-mariadb-apb Mariadb apb implementation 03b69500305d9859bb9440d9f9023784 rh-mediawiki-apb Mediawiki123 apb implementation 73ead67495322cc462794387fa9884f5 rh-mysql-apb Software Collections MySQL APB d5915e05b253df421efe6e41fb6a66ba rh-postgresql-apb SCL PostgreSQL apb implementation [root@localhost hello-world-apb]# rpm -qa | grep apb apb-1.0.4-1.el7.noarch For the 1.1.15 version, the users no longer need to add the "ansible-service-broker" strings in the broker URL. So, no matter the 1.0.4 or the 1.1.15 version, both of them are worked well on the OCP 3.7 cluster.
QE tested both in ocp3.7 + apb 1.0.4 and ocp3.7 + apb 1.1.15, apb list function work well. There are some usage difference in apb 1.0.4(ocp3.7 released version) and apb 1.1.15: For apb 1.0.4(for ocp3.7): You have to add the "ansible-service-broker" strings at the end of broker url, and apb list fail without "--broker" option by expected. For apb 1.1.15(for ocp3.9) : You don't need to add "ansible-service-broker" strings at the end of broker url(in another work, should be fine with or without string), and apb list both fine with or without "--broker" option. Certainly, it is better if developer can patch a fix for 3.7 to print a proper error when user have a wrong usage.
master1: -> apb from ocp channel master2: -> apb from epel users: - system:admin - user1 - cluster admin role - user2 - 'normal' user master1: ******** # yum install apb-1.0.4-1* -y [root@master-1 ~]# rpm -qa apb apb-1.0.4-1.el7.noarch [root@master-1 ~]# user:system:admin ------------------ [root@master-1 ~]# apb list Exception occurred! unsupported operand type(s) for +: 'NoneType' and 'str' [root@master-1 ~]# [root@master-1 ~]# apb list --broker https://asb-1338-openshift-ansible-service-broker.apps.example.com/ansible-service-broker/ Error: Attempt to list APBs in the broker returned status: 403 Unable to list APBs in Ansible Service Broker. [root@master-1 ~]# [root@master-1 ~]# apb list --broker https://asb-1338-openshift-ansible-service-broker.apps.example.com/ansible-service-broker Error: Attempt to list APBs in the broker returned status: 403 Unable to list APBs in Ansible Service Broker. [root@master-1 ~]# [root@master-1 ~]# apb list --broker https://asb-1338-openshift-ansible-service-broker.apps.example.com/ Error: Attempt to list APBs in the broker returned status: 403 Unable to list APBs in Ansible Service Broker. [root@master-1 ~]# [root@master-1 ~]# apb list --broker https://asb-1338-openshift-ansible-service-broker.apps.example.com Error: Attempt to list APBs in the broker returned status: 403 Unable to list APBs in Ansible Service Broker. [root@master-1 ~]# --> seems expected as no token for system:admin user: user1 (cluster admin role) -------------------------------- [root@master-1 ~]# apb list Exception occurred! unsupported operand type(s) for +: 'NoneType' and 'str' [root@master-1 ~]# [root@master-1 ~]# apb list --broker https://asb-1338-openshift-ansible-service-broker.apps.example.com/ansible-service-broker/ ID NAME DESCRIPTION 2c259ddd8059b9bc65081e07bf20058f rh-mariadb-apb Mariadb apb implementation 03b69500305d9859bb9440d9f9023784 rh-mediawiki-apb Mediawiki123 apb implementation 73ead67495322cc462794387fa9884f5 rh-mysql-apb Software Collections MySQL APB d5915e05b253df421efe6e41fb6a66ba rh-postgresql-apb SCL PostgreSQL apb implementation [root@master-1 ~]# [root@master-1 ~]# apb list --broker https://asb-1338-openshift-ansible-service-broker.apps.example.com/ansible-service-broker ID NAME DESCRIPTION 2c259ddd8059b9bc65081e07bf20058f rh-mariadb-apb Mariadb apb implementation 03b69500305d9859bb9440d9f9023784 rh-mediawiki-apb Mediawiki123 apb implementation 73ead67495322cc462794387fa9884f5 rh-mysql-apb Software Collections MySQL APB d5915e05b253df421efe6e41fb6a66ba rh-postgresql-apb SCL PostgreSQL apb implementation [root@master-1 ~]# [root@master-1 ~]# apb list --broker https://asb-1338-openshift-ansible-service-broker.apps.example.com/ Error: Attempt to list APBs in the broker returned status: 404 Unable to list APBs in Ansible Service Broker. [root@master-1 ~]# apb list --broker https://asb-1338-openshift-ansible-service-broker.apps.example.com Error: Attempt to list APBs in the broker returned status: 404 Unable to list APBs in Ansible Service Broker. [root@master-1 ~]# --> user with cluster role and token, works user: user2 (normal user) -------------------------- [root@master-1 ~]# apb list Exception occurred! Could not find route to ansible-service-broker. Use --broker or log into the cluster using "oc login" [root@master-1 ~]# [root@master-1 ~]# apb list --broker https://asb-1338-openshift-ansible-service-broker.apps.example.com/ansible-service-broker/ Error: Attempt to list APBs in the broker returned status: 403 Unable to list APBs in Ansible Service Broker. [root@master-1 ~]# [root@master-1 ~]# apb list --broker https://asb-1338-openshift-ansible-service-broker.apps.example.com/ansible-service-broker Error: Attempt to list APBs in the broker returned status: 403 Unable to list APBs in Ansible Service Broker. [root@master-1 ~]# [root@master-1 ~]# apb list --broker https://asb-1338-openshift-ansible-service-broker.apps.example.com/ Error: Attempt to list APBs in the broker returned status: 403 Unable to list APBs in Ansible Service Broker. [root@master-1 ~]# [root@master-1 ~]# apb list --broker https://asb-1338-openshift-ansible-service-broker.apps.example.com Error: Attempt to list APBs in the broker returned status: 403 Unable to list APBs in Ansible Service Broker. [root@master-1 ~]# --> user w/o access rights, does not work, expected ##################################################################################################################################################### master2: ******** # wget https://copr.fedorainfracloud.org/coprs/g/ansible-service-broker/ansible-service-broker-latest/repo/epel-7/group_ansible-service-broker-ansible-service-broker-latest-epel-7.repo -O /etc/yum.repos.d/ansible-service-broker.repo # yum -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm # yum install -y apb [root@master-2 ~]# rpm -qa apb apb-1.1.15-1.20180305205029.el7.centos.noarch [root@master-2 ~]# user:system:admin ------------------ [root@master-2 ~]# apb list Didn't find OpenShift Ansible Broker route in namespace: ansible-service-broker. Trying openshift-ansible-service-broker Contacting the ansible-service-broker at: https://asb-1338-openshift-ansible-service-broker.apps.example.com/ansible-service-broker/v2/catalog Error: Attempt to list APBs in the broker returned status: 403 Unable to list APBs in Ansible Service Broker. [root@master-2 ~]# [root@master-2 ~]# apb list --broker https://asb-1338-openshift-ansible-service-broker.apps.example.com/ansible-service-broker/ Contacting the ansible-service-broker at: https://asb-1338-openshift-ansible-service-broker.apps.example.com/ansible-service-broker/ansible-service-broker/v2/catalog Error: Attempt to list APBs in the broker returned status: 403 Unable to list APBs in Ansible Service Broker. [root@master-2 ~]# [root@master-2 ~]# apb list --broker https://asb-1338-openshift-ansible-service-broker.apps.example.com/ansible-service-broker Contacting the ansible-service-broker at: https://asb-1338-openshift-ansible-service-broker.apps.example.com/ansible-service-broker/v2/catalog Error: Attempt to list APBs in the broker returned status: 403 Unable to list APBs in Ansible Service Broker. [root@master-2 ~]# [root@master-2 ~]# apb list --broker https://asb-1338-openshift-ansible-service-broker.apps.example.com/ Contacting the ansible-service-broker at: https://asb-1338-openshift-ansible-service-broker.apps.example.com/ansible-service-broker/v2/catalog Error: Attempt to list APBs in the broker returned status: 403 Unable to list APBs in Ansible Service Broker. [root@master-2 ~]# apb list --broker https://asb-1338-openshift-ansible-service-broker.apps.example.com Contacting the ansible-service-broker at: https://asb-1338-openshift-ansible-service-broker.apps.example.com/ansible-service-broker/v2/catalog Error: Attempt to list APBs in the broker returned status: 403 Unable to list APBs in Ansible Service Broker. [root@master-2 ~]# --> seems expected as no token for system:admin user: user1 (cluster admin role) -------------------------------- [root@master-2 ~]# apb list Didn't find OpenShift Ansible Broker route in namespace: ansible-service-broker. Trying openshift-ansible-service-broker Contacting the ansible-service-broker at: https://asb-1338-openshift-ansible-service-broker.apps.example.com/ansible-service-broker/v2/catalog ID NAME DESCRIPTION 2c259ddd8059b9bc65081e07bf20058f rh-mariadb-apb Mariadb apb implementation 03b69500305d9859bb9440d9f9023784 rh-mediawiki-apb Mediawiki123 apb implementation 73ead67495322cc462794387fa9884f5 rh-mysql-apb Software Collections MySQL APB d5915e05b253df421efe6e41fb6a66ba rh-postgresql-apb SCL PostgreSQL apb implementation [root@master-2 ~]# [root@master-2 ~]# apb list --broker https://asb-1338-openshift-ansible-service-broker.apps.example.com/ansible-service-broker/ Contacting the ansible-service-broker at: https://asb-1338-openshift-ansible-service-broker.apps.example.com/ansible-service-broker/ansible-service-broker/v2/catalog Error: Attempt to list APBs in the broker returned status: 404 Unable to list APBs in Ansible Service Broker. [root@master-2 ~]# [root@master-2 ~]# apb list --broker https://asb-1338-openshift-ansible-service-broker.apps.example.com/ansible-service-broker Contacting the ansible-service-broker at: https://asb-1338-openshift-ansible-service-broker.apps.example.com/ansible-service-broker/v2/catalog ID NAME DESCRIPTION 2c259ddd8059b9bc65081e07bf20058f rh-mariadb-apb Mariadb apb implementation 03b69500305d9859bb9440d9f9023784 rh-mediawiki-apb Mediawiki123 apb implementation 73ead67495322cc462794387fa9884f5 rh-mysql-apb Software Collections MySQL APB d5915e05b253df421efe6e41fb6a66ba rh-postgresql-apb SCL PostgreSQL apb implementation [root@master-2 ~]# [root@master-2 ~]# apb list --broker https://asb-1338-openshift-ansible-service-broker.apps.example.com/ Contacting the ansible-service-broker at: https://asb-1338-openshift-ansible-service-broker.apps.example.com/ansible-service-broker/v2/catalog ID NAME DESCRIPTION 2c259ddd8059b9bc65081e07bf20058f rh-mariadb-apb Mariadb apb implementation 03b69500305d9859bb9440d9f9023784 rh-mediawiki-apb Mediawiki123 apb implementation 73ead67495322cc462794387fa9884f5 rh-mysql-apb Software Collections MySQL APB d5915e05b253df421efe6e41fb6a66ba rh-postgresql-apb SCL PostgreSQL apb implementation [root@master-2 ~]# [root@master-2 ~]# apb list --broker https://asb-1338-openshift-ansible-service-broker.apps.example.com Contacting the ansible-service-broker at: https://asb-1338-openshift-ansible-service-broker.apps.example.com/ansible-service-broker/v2/catalog ID NAME DESCRIPTION 2c259ddd8059b9bc65081e07bf20058f rh-mariadb-apb Mariadb apb implementation 03b69500305d9859bb9440d9f9023784 rh-mediawiki-apb Mediawiki123 apb implementation 73ead67495322cc462794387fa9884f5 rh-mysql-apb Software Collections MySQL APB d5915e05b253df421efe6e41fb6a66ba rh-postgresql-apb SCL PostgreSQL apb implementation [root@master-2 ~]# --> cluster admin role for user works es expected user: user2 (normal user) -------------------------- [root@master-2 ~]# apb list Exception occurred! Could not find route to ansible-service-broker. Use --broker or log into the cluster using "oc login" [root@master-2 ~]# apb list --broker https://asb-1338-openshift-ansible-service-broker.apps.example.com/ansible-service-broker/ Contacting the ansible-service-broker at: https://asb-1338-openshift-ansible-service-broker.apps.example.com/ansible-service-broker/ansible-service-broker/v2/catalog Error: Attempt to list APBs in the broker returned status: 403 Unable to list APBs in Ansible Service Broker. [root@master-2 ~]# apb list --broker https://asb-1338-openshift-ansible-service-broker.apps.example.com/ansible-service-broker Contacting the ansible-service-broker at: https://asb-1338-openshift-ansible-service-broker.apps.example.com/ansible-service-broker/v2/catalog Error: Attempt to list APBs in the broker returned status: 403 Unable to list APBs in Ansible Service Broker. [root@master-2 ~]# apb list --broker https://asb-1338-openshift-ansible-service-broker.apps.example.com/ Contacting the ansible-service-broker at: https://asb-1338-openshift-ansible-service-broker.apps.example.com/ansible-service-broker/v2/catalog Error: Attempt to list APBs in the broker returned status: 403 Unable to list APBs in Ansible Service Broker. [root@master-2 ~]# apb list --broker https://asb-1338-openshift-ansible-service-broker.apps.example.com Contacting the ansible-service-broker at: https://asb-1338-openshift-ansible-service-broker.apps.example.com/ansible-service-broker/v2/catalog Error: Attempt to list APBs in the broker returned status: 403 Unable to list APBs in Ansible Service Broker. [root@master-2 ~]# --> expected as user access rights not set my summary: - abp from official repos should have improved error message making it easier for users to understand why it is failing - cosmetig thing: - apb from ocp repo : --broker https://asb-1338-openshift-ansible-service-broker.apps.example.com/ansible-service-broker/ (trailing /) works while it does not for the one from epel, again cosmetic, but at least for me hard to spot ;) - probably we should improve documentation around this as looking at - https://docs.openshift.com/container-platform/3.7/apb_devel/cli_tooling.html#apb-devel-cli-overview as well as - https://docs.openshift.com/container-platform/3.7/apb_devel/writing/getting_started.html#apb-devel-writing-gs-dev-env do not mention that --broker is required
I have backported some fixes so that the --broker flag will work as expected without providing the required suffix. This should fix the 404 errors that Daniel has seen. https://github.com/ansibleplaybookbundle/ansible-playbook-bundle/pull/245
https://brewweb.engineering.redhat.com/brew/buildinfo?buildID=663785
Changing status to ON_QA since errata image ready for test.
It works well as we expected, LGTM, verified. version: [root@host-172-16-120-59 ~]# rpm -qa | grep apb apb-1.0.5-1.el7.noarch
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2018:2009