Bug 1680535 - default APB registry in when using ASB operator to install should be downstream
Summary: default APB registry in when using ASB operator to install should be downstream
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Service Broker
Version: 4.1.0
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: ---
: 4.1.0
Assignee: Shawn Hurley
QA Contact: Zihan Tang
URL:
Whiteboard:
Depends On: 1685417 1685458
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-02-25 09:57 UTC by Zihan Tang
Modified: 2019-06-04 10:44 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: No Doc Update
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-06-04 10:44:27 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2019:0758 0 None None None 2019-06-04 10:44:33 UTC

Description Zihan Tang 2019-02-25 09:57:44 UTC 
Description of problem:
After ASB installation, the asb default registry should be downstream(or any release used) registry, such as 'redhat.io' and contain registry auth secret. Which to ensure customers can get released apb from the right registry by default.

Version-Release number of selected component (if applicable):
ASB operator: v4.0 

How reproducible:
always

Steps to Reproduce:
1. install asb by asb operator downstream image.
2. check cm 'broker-config' in asb namespace
3.

Actual results:


Expected results:
default registry should be 'redhat.io' or other public registry;
contain auth secret if need in namespace.

Additional info:
Comment 1 Zihan Tang 2019-02-25 09:59:16 UTC 
This is depend on https://bugzilla.redhat.com/show_bug.cgi?id=1652419#c25
Comment 4 Shawn Hurley 2019-03-18 14:24:21 UTC 
https://github.com/openshift/ansible-service-broker/pull/1190
Comment 6 Jian Zhang 2019-03-21 08:16:19 UTC 
Cluster version is 4.0.0-0.nightly-2019-03-19-004004

Install the Automation broker operator and automation broker on the Web console.
Create Automation Broker:
apiVersion: osb.openshift.io/v1alpha1
kind: AutomationBroker
metadata:
  name: ansible-service-broker
  namespace: jian
spec:
  createBrokerNamespace: 'false'
  waitForBroker: 'false'

[jzhang@dhcp-140-18 ocp210]$ oc get pods
NAME                                         READY   STATUS      RESTARTS   AGE
asb-1-deploy                                 0/1     OOMKilled   0          57m
asb-1-s6pfq                                  2/2     Running     0          56m
automation-broker-operator-5b465bbb5-2z2c7   1/1     Running     0          57m

Check the ansibleservicebroker image:
[jzhang@dhcp-140-18 ocp210]$ oc get pods asb-1-s6pfq -o yaml|grep image
    image: docker.io/ansibleplaybookbundle/origin-ansible-service-broker:v4.0

Check its version, this version doesn't contains the fixed PR, not ready for the test. Change status to MODIFIED.
[jzhang@dhcp-140-18 ocp210]$ oc exec asb-1-s6pfq -- asbd --version
Defaulting container name to dashboard-redirector.
Use 'oc describe pod/asb-1-s6pfq -n jian' to see all of the containers in this pod.
1.4.4
Comment 7 Zihan Tang 2019-04-04 08:00:29 UTC 
Using operator hub to install asb operator, the operator image is still upstream 'docker.io/automationbroker/automation-broker-operator:v4.0' ( depond on https://bugzilla.redhat.com/show_bug.cgi?id=1685458 )

after create CR, default registry is still 'docker.io',

Move to MODIFIED.
Comment 9 Zihan Tang 2019-04-12 02:42:37 UTC 
Current status is the same with #comment7 , move back to MODIFIED.
Comment 11 Mike Fiedler 2019-05-03 14:16:24 UTC 
I installed the latest green nightly build:  4.1.0-0.nightly-2019-05-03-093152 and then installed Automation Broker Operator and the ASB automation broker.   The asb pods are still using upstream images from docker.io:


# oc describe pod asb-1-6kq69 | grep Image
    Image:         docker.io/ansibleplaybookbundle/origin-ansible-service-broker:v4.0
    Image ID:      
    Image:          docker.io/ansibleplaybookbundle/origin-ansible-service-broker:v4.0
    Image ID:  


The automation-broker-operator image that was installed is also upstream:

     
# oc describe pod automation-broker-operator-65d8f97965-p9l5f | grep Image
    Image:          docker.io/automationbroker/automation-broker-operator:v4.0
    Image ID:       docker.io/automationbroker/automation-broker-operator@sha256:e988379d4436fd64a11117de20f3f2770acf4fe0d5658d353701cc9e34a48806


Moving to ASSIGNED.   If this is something that should show up in a later build than what is available, please move to POST
Comment 12 Shawn Hurley 2019-05-03 14:37:31 UTC 
This is done via the CR. The only way to do this is via the olm example. You will not be able to verify this until the downstream pipeline exits and you can use the UI.
Comment 13 Mike Fiedler 2019-05-03 15:05:07 UTC 
Shouldn't the example CR in the UI use the correct images?  Or we should provide documentation on how to use the correct images?
Comment 14 Shawn Hurley 2019-05-03 15:30:16 UTC 
The CR in the UI should use the correct configuration values. This only works when you are using OLM.
Comment 16 Zihan Tang 2019-05-07 06:36:56 UTC 
Verified:
ose-ansible-service-broker-operator:v4.1.0-201905051700
ose-ansible-service-broker:v4.1.0-201905051700

 broker-config: |
    registry: [{"auth_type": "secret", "name": "rhcc", "url": "https://registry.redhat.io", "white_list": [".*-apb$"], "auth_name": "asb-registry-auth", "type": "rhcc"}

but it didn't generate "asb-registry-auth" secret automatically by default, will open another bug to trace it.
Comment 18 errata-xmlrpc 2019-06-04 10:44:27 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2019:0758
Note You need to log in before you can comment on or make changes to this bug.