Bug 1680535 - default APB registry in when using ASB operator to install should be downstream
Summary: default APB registry in when using ASB operator to install should be downstream
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Service Broker
Version: 4.1.0
Hardware: Unspecified
OS: Unspecified
Target Milestone: ---
: 4.1.0
Assignee: Shawn Hurley
QA Contact: Zihan Tang
Depends On: 1685417 1685458
TreeView+ depends on / blocked
Reported: 2019-02-25 09:57 UTC by Zihan Tang
Modified: 2019-06-04 10:44 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: No Doc Update
Doc Text:
Clone Of:
Last Closed: 2019-06-04 10:44:27 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2019:0758 0 None None None 2019-06-04 10:44:33 UTC

Description Zihan Tang 2019-02-25 09:57:44 UTC
Description of problem:
After ASB installation, the asb default registry should be downstream(or any release used) registry, such as 'redhat.io' and contain registry auth secret. Which to ensure customers can get released apb from the right registry by default.

Version-Release number of selected component (if applicable):
ASB operator: v4.0 

How reproducible:

Steps to Reproduce:
1. install asb by asb operator downstream image.
2. check cm 'broker-config' in asb namespace

Actual results:

Expected results:
default registry should be 'redhat.io' or other public registry;
contain auth secret if need in namespace.

Additional info:

Comment 1 Zihan Tang 2019-02-25 09:59:16 UTC
This is depend on https://bugzilla.redhat.com/show_bug.cgi?id=1652419#c25

Comment 6 Jian Zhang 2019-03-21 08:16:19 UTC
Cluster version is 4.0.0-0.nightly-2019-03-19-004004

Install the Automation broker operator and automation broker on the Web console.
Create Automation Broker:
apiVersion: osb.openshift.io/v1alpha1
kind: AutomationBroker
  name: ansible-service-broker
  namespace: jian
  createBrokerNamespace: 'false'
  waitForBroker: 'false'

[jzhang@dhcp-140-18 ocp210]$ oc get pods
NAME                                         READY   STATUS      RESTARTS   AGE
asb-1-deploy                                 0/1     OOMKilled   0          57m
asb-1-s6pfq                                  2/2     Running     0          56m
automation-broker-operator-5b465bbb5-2z2c7   1/1     Running     0          57m

Check the ansibleservicebroker image:
[jzhang@dhcp-140-18 ocp210]$ oc get pods asb-1-s6pfq -o yaml|grep image
    image: docker.io/ansibleplaybookbundle/origin-ansible-service-broker:v4.0

Check its version, this version doesn't contains the fixed PR, not ready for the test. Change status to MODIFIED.
[jzhang@dhcp-140-18 ocp210]$ oc exec asb-1-s6pfq -- asbd --version
Defaulting container name to dashboard-redirector.
Use 'oc describe pod/asb-1-s6pfq -n jian' to see all of the containers in this pod.

Comment 7 Zihan Tang 2019-04-04 08:00:29 UTC
Using operator hub to install asb operator, the operator image is still upstream 'docker.io/automationbroker/automation-broker-operator:v4.0' ( depond on https://bugzilla.redhat.com/show_bug.cgi?id=1685458 )

after create CR, default registry is still 'docker.io',


Comment 9 Zihan Tang 2019-04-12 02:42:37 UTC
Current status is the same with #comment7 , move back to MODIFIED.

Comment 11 Mike Fiedler 2019-05-03 14:16:24 UTC
I installed the latest green nightly build:  4.1.0-0.nightly-2019-05-03-093152 and then installed Automation Broker Operator and the ASB automation broker.   The asb pods are still using upstream images from docker.io:

# oc describe pod asb-1-6kq69 | grep Image
    Image:         docker.io/ansibleplaybookbundle/origin-ansible-service-broker:v4.0
    Image ID:      
    Image:          docker.io/ansibleplaybookbundle/origin-ansible-service-broker:v4.0
    Image ID:  

The automation-broker-operator image that was installed is also upstream:

# oc describe pod automation-broker-operator-65d8f97965-p9l5f | grep Image
    Image:          docker.io/automationbroker/automation-broker-operator:v4.0
    Image ID:       docker.io/automationbroker/automation-broker-operator@sha256:e988379d4436fd64a11117de20f3f2770acf4fe0d5658d353701cc9e34a48806

Moving to ASSIGNED.   If this is something that should show up in a later build than what is available, please move to POST

Comment 12 Shawn Hurley 2019-05-03 14:37:31 UTC
This is done via the CR. The only way to do this is via the olm example. You will not be able to verify this until the downstream pipeline exits and you can use the UI.

Comment 13 Mike Fiedler 2019-05-03 15:05:07 UTC
Shouldn't the example CR in the UI use the correct images?  Or we should provide documentation on how to use the correct images?

Comment 14 Shawn Hurley 2019-05-03 15:30:16 UTC
The CR in the UI should use the correct configuration values. This only works when you are using OLM.

Comment 16 Zihan Tang 2019-05-07 06:36:56 UTC

 broker-config: |
    registry: [{"auth_type": "secret", "name": "rhcc", "url": "https://registry.redhat.io", "white_list": [".*-apb$"], "auth_name": "asb-registry-auth", "type": "rhcc"}

but it didn't generate "asb-registry-auth" secret automatically by default, will open another bug to trace it.

Comment 18 errata-xmlrpc 2019-06-04 10:44:27 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.