Bug 1564542 - Provision Credentials should always be sent to deprovision action
Summary: Provision Credentials should always be sent to deprovision action
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Service Broker
Version: 3.10.0
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
: 3.11.0
Assignee: Jesus M. Rodriguez
QA Contact: Jian Zhang
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-04-06 15:04 UTC by Shawn Hurley
Modified: 2018-10-11 07:20 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: No Doc Update
Doc Text:
undefined
Clone Of:
Environment:
Last Closed: 2018-10-11 07:19:09 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2018:2652 0 None None None 2018-10-11 07:20:11 UTC

Description Shawn Hurley 2018-04-06 15:04:06 UTC
Description of problem:
Deprovision action will only sometimes get the provision credential parameter 

Version-Release number of selected component (if applicable):


How reproducible:
100%

Steps to Reproduce:
1. Make an APB that is unbindable
2. Provision
3. Deprovision and assume that _apb_provision_crendentials is sent as a parameter

Actual results:
The key is not found

Expected results:
The key should be found but with no values 

Additional info:

Comment 1 Dylan Murray 2018-04-06 15:05:50 UTC
Additionally, if a user passes data back to the broker using `asb_encode_binding` in provision they should expect to see those keys populated on deprovision.

Comment 2 Jesus M. Rodriguez 2018-05-04 03:48:41 UTC
Fixed by PR 821

https://github.com/openshift/ansible-service-broker/pull/821

Comment 3 Jian Zhang 2018-05-04 10:11:41 UTC
Shawn & Jesus,

I provision the Mediawiki APB and then deprovision it, but I did not find the key "_apb_provision_crendentials" in the ASB logs, so are there any special steps need to be set?

And, this issue reported on April 6th, but the above fixed PR merged on March 16th, I'm very confused for that. Could you help explanation this?

Comment 4 Jian Zhang 2018-05-16 08:46:29 UTC
Shawn & Jesus

Sorry, I still cannot get the key "_apb_provision_crendentials" during deprovision action. And, one more question, the target release of this bug is 3.11?

Comment 5 Jesus M. Rodriguez 2018-05-18 03:39:58 UTC
I provisioned VNC APB which is an unbindable apb, and the key was still passed to deprovision. The key is _apb_provision_creds.

### Deprovision parameters

{
  "_apb_last_requesting_user": "admin",
  "_apb_plan_id": "f28",
  "_apb_provision_creds": {},
  "_apb_service_class_id": "1dd62d51c52cc2ac404d58abc0c8fa94",
  "_apb_service_instance_id": "eb13b473-5a4b-11e8-8985-0242ac110008",
  "cluster": "openshift",
  "de": "Xfce",
  "deshell": "bash",
  "namespace": "blog-project",
  "resolution": "1360x768",
  "vncpass": "password"
}

Comment 6 Jian Zhang 2018-05-21 06:36:54 UTC
Jesus,

How did you get these deprovision parameters? I provisioned the Mediawiki APB which is an unbindable apb, but, I didn't see the key in the deprovision parameters from the ASB logs. And, can you tell me how to set the "asb_encode_binding"?

Comment 7 Jesus M. Rodriguez 2018-05-22 02:34:34 UTC
I grabbed them from the broker logs, they were printed as parameters to the APB. Then I captured the log and cut out the json parameters and piped to jq to get the above formatted response.

Comment 8 Jesus M. Rodriguez 2018-05-22 03:30:16 UTC
(In reply to Jian Zhang from comment #6)
> Jesus,
> 
> How did you get these deprovision parameters? I provisioned the Mediawiki
> APB which is an unbindable apb, but, I didn't see the key in the deprovision
> parameters from the ASB logs. And, can you tell me how to set the
> "asb_encode_binding"?

I was wrong in comment #7. I got the parameters from the apb deprovision pod. I configured the broker to keep_namespace = true so that the provision and deprovision pods remain.

### the APB projects
$ oc get projects | grep dh-vnc
dh-vnc-desktop-apb-depr-s52fc                      Active
dh-vnc-desktop-apb-prov-z4ctz                      Active

### the provision project
$ oc project dh-vnc-desktop-apb-prov-z4ctz
oc Already on project "dh-vnc-desktop-apb-prov-z4ctz" on server "https://172.17.0.1:8443".

### the log from the APB for provision
$ oc logs apb-8d0acb25-86e5-47dd-b555-65145d024b24 
+ [[ provision --extra-vars {"_apb_last_requesting_user":"admin","_apb_plan_id":"f28","_apb_service_class_id":"1dd62d51c52cc2ac404d58abc0c8fa94","_apb_service_instance_id":"fcfbdadb-5d6e-11e8-87e8-0242ac11000b","cluster":"openshift","de":"Xfce","deshell":"bash","namespace":"blog-project","resolution":"1360x768","vncpass":"password"} == *\s\2\i\/\a\s\s\e\m\b\l\e* ]]
...

### deprovision project
$ oc project dh-vnc-desktop-apb-depr-s52fc
Now using project "dh-vnc-desktop-apb-depr-s52fc" on server "https://172.17.0.1:8443".

### the log from the APB for deprovision
$ oc logs apb-7808a4b4-9769-4e70-84ff-1e7aadbb0f9a 
+ [[ deprovision --extra-vars {"_apb_last_requesting_user":"admin","_apb_plan_id":"f28","_apb_provision_creds":{},"_apb_service_class_id":"1dd62d51c52cc2ac404d58abc0c8fa94","_apb_service_instance_id":"fcfbdadb-5d6e-11e8-87e8-0242ac11000b","cluster":"openshift","de":"Xfce","deshell":"bash","namespace":"blog-project","resolution":"1360x768","vncpass":"password"} == *\s\2\i\/\a\s\s\e\m\b\l\e* ]]
...

I copied the json parameters and then used jq to create a pretty printed version.

So the parameters are in the APBs, use the VNC Desktop (APB) to see the parameters.

Comment 9 Jesus M. Rodriguez 2018-05-22 03:36:51 UTC
Fixed in PR https://github.com/openshift/ansible-service-broker/pull/959

This will be fixed in a release 1.2.13-1 or later.

Comment 10 Jian Zhang 2018-05-22 06:11:27 UTC
Jesus,

Thank you! I see now.

Comment 11 Jian Zhang 2018-07-18 10:03:11 UTC
Jesus,

How can I check the details log about the provision/deprovision? Now, I could NOT find the configure info(as you showd above) by the `oc logs` command.

Provision logs:
[root@qe-chezhang-310master-etcd-1 ~]# oc get pods
NAME                                       READY     STATUS      RESTARTS   AGE
apb-17eecc76-5a71-422b-a735-af4f93d4269f   0/1       Completed   0          2m
[root@qe-chezhang-310master-etcd-1 ~]# oc logs apb-17eecc76-5a71-422b-a735-af4f93d4269f

PLAY [mediawiki-apb provision] *************************************************

TASK [ansibleplaybookbundle.asb-modules : debug] *******************************
skipping: [localhost]

TASK [mediawiki-apb : Update last operation] ***********************************
changed: [localhost]

TASK [mediawiki-apb : Determine cluster type] **********************************
changed: [localhost]

TASK [mediawiki-apb : Set facts] ***********************************************
ok: [localhost]

TASK [mediawiki-apb : Include variables based on ansible version] **************
skipping: [localhost]

TASK [mediawiki-apb : Validate Admin User and Password] ************************
skipping: [localhost]

TASK [mediawiki-apb : Set mediawiki objects state=present] *********************
changed: [localhost] => (item=service.yaml)
changed: [localhost] => (item=pvc.yaml)

TASK [mediawiki-apb : Set mediawiki route state=present] ***********************
changed: [localhost]

TASK [mediawiki-apb : Set mediawiki deployment state=present] ******************
changed: [localhost]

TASK [mediawiki-apb : Update last operation] ***********************************
changed: [localhost]

PLAY RECAP *********************************************************************
localhost                  : ok=7    changed=6    unreachable=0    failed=0  

Deprovision logs:
[root@qe-chezhang-310master-etcd-1 ~]# oc logs apb-4741b423-e759-4d57-9f5c-244843d5ebfe

PLAY [Deprovision mediawiki-apb from openshift] ********************************

TASK [ansibleplaybookbundle.asb-modules : debug] *******************************
skipping: [localhost]

TASK [mediawiki-apb : Update last operation] ***********************************
changed: [localhost]

TASK [mediawiki-apb : Determine cluster type] **********************************
changed: [localhost]

TASK [mediawiki-apb : Set facts] ***********************************************
ok: [localhost]

TASK [mediawiki-apb : Include variables based on ansible version] **************
skipping: [localhost]

TASK [mediawiki-apb : Validate Admin User and Password] ************************
skipping: [localhost]

TASK [mediawiki-apb : Set mediawiki objects state=absent] **********************
changed: [localhost] => (item=service.yaml)
changed: [localhost] => (item=pvc.yaml)

TASK [mediawiki-apb : Set mediawiki route state=absent] ************************
changed: [localhost]

TASK [mediawiki-apb : Set mediawiki deployment state=absent] *******************
changed: [localhost]

TASK [mediawiki-apb : Update last operation] ***********************************
changed: [localhost]

PLAY RECAP *********************************************************************
localhost                  : ok=7    changed=6    unreachable=0    failed=0   

The ASB version: 1.2.17
Maybe I need to add "-vvv" option for the ansible playbooks, but how to do that? How to check these details logs?

Comment 12 Zhang Cheng 2018-07-19 05:35:13 UTC
The fix focus on ASB side, so you can use upstream apb image mongodb-apb from ansibleplaybookbundle for verification.

Comment 13 Jian Zhang 2018-07-19 09:24:13 UTC
@Cheng,

Thanks, I think I can use the VNC APB for the test.

Comment 14 David Zager 2018-08-01 22:37:33 UTC
https://errata.devel.redhat.com/advisory/33505 updated

openshift-enterprise-mariadb-apb-v3.11.0-0.10.0.3
openshift-enterprise-mediawiki-apb-v3.11.0-0.10.0.3
openshift-enterprise-postgresql-apb-v3.11.0-0.10.0.3
openshift-enterprise-mysql-apb-v3.11.0-0.10.0.3
openshift-enterprise-mediawiki-container-v3.11.0-0.10.0.0
openshift-enterprise-asb-container-v3.11.0-0.10.0.1
openshift-enterprise-apb-base-container-v3.11.0-0.10.0.3

Comment 15 Jian Zhang 2018-08-03 13:19:31 UTC
We can see the `"_apb_provision_creds\":{}` in the deprovision action. Details as below, LGTM, verify it.

[root@ip-172-18-5-253 ~]# oc logs -f bundle-6ac6a918-1685-4fff-b19d-1ca274c7f7ad --loglevel 8
...
I0803 09:13:20.452729   19004 request.go:897] Response Body: {"kind":"Pod","apiVersion":"v1","metadata":{"name":"bundle-6ac6a918-1685-4fff-b19d-1ca274c7f7ad","namespace":"aws-mediawiki-apb-depr-22m7g","selfLink":"/api/v1/namespaces/aws-mediawiki-apb-depr-22m7g/pods/bundle-6ac6a918-1685-4fff-b19d-1ca274c7f7ad","uid":"caa0cb08-971e-11e8-9298-0e21f4d9ce82","resourceVersion":"33313","creationTimestamp":"2018-08-03T13:11:53Z","labels":{"bundle-action":"deprovision","bundle-fqname":"aws-mediawiki-apb","bundle-pod-name":"bundle-6ac6a918-1685-4fff-b19d-1ca274c7f7ad"},"annotations":{"apb_last_operation":"100%: Done","openshift.io/scc":"restricted"}},"spec":{"volumes":[{"name":"bundle-6ac6a918-1685-4fff-b19d-1ca274c7f7ad-token-m5txl","secret":{"secretName":"bundle-6ac6a918-1685-4fff-b19d-1ca274c7f7ad-token-m5txl","defaultMode":420}}],"containers":[{"name":"apb","image":"registry.reg-aws.openshift.com:443/openshift3/mediawiki-apb:v3.11","args":["deprovision","--extra-vars","{\"_apb_last_requesting_user\":\"jiazha\",\"_apb_plan_id\":\"default\",\"_apb_provision_creds\":{},\"_apb_s [truncated 2902 chars]
...
DEPRECATED: APB playbooks should be stored at /opt/apb/project

PLAY [Deprovision mediawiki-apb from openshift] ********************************

TASK [ansibleplaybookbundle.asb-modules : debug] *******************************
skipping: [localhost]

TASK [mediawiki-apb : Update last operation] ***********************************
changed: [localhost]

TASK [mediawiki-apb : Set facts] ***********************************************
ok: [localhost]

TASK [mediawiki-apb : Validate Admin User and Password] ************************
skipping: [localhost]

TASK [mediawiki-apb : Set mediawiki objects state=absent] **********************
changed: [localhost] => (item={u'name': u'service.yaml.j2'})
changed: [localhost] => (item={u'name': u'pvc.yaml.j2'})
changed: [localhost] => (item={u'apply': True, u'name': u'route.yaml.j2'})
changed: [localhost] => (item={u'name': u'deployment.yaml.j2'})

TASK [mediawiki-apb : Update last operation] ***********************************
changed: [localhost]

PLAY RECAP *********************************************************************
localhost                  : ok=4    changed=3    unreachable=0    failed=0

Comment 17 errata-xmlrpc 2018-10-11 07:19:09 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:2652


Note You need to log in before you can comment on or make changes to this bug.