1733464 – [ServiceBroker] Install ASB and TSB operators failed in OCP4.2

Bug 1733464 - [ServiceBroker] Install ASB and TSB operators failed in OCP4.2

Summary: [ServiceBroker] Install ASB and TSB operators failed in OCP4.2

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	Service Broker
Sub Component:
Version:	4.2.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	high
Target Milestone:	---
Target Release:	4.2.0
Assignee:	Shawn Hurley
QA Contact:	Cuiping HUO
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1721516
TreeView+	depends on / blocked

Reported:	2019-07-26 08:01 UTC by Cuiping HUO
Modified:	2019-10-16 06:33 UTC (History)
CC List:	7 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2019-10-16 06:33:49 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2019:2922	0	None	None	None	2019-10-16 06:33:59 UTC

Description Cuiping HUO 2019-07-26 08:01:41 UTC

Description of problem:
Install ASB and TSB operators failed in OCP4.2. BTW, this is a known issue from Shawn’s mail, only for tracing the block issue in QE side.

Regarding PRs:
https://github.com/openshift/ansible-service-broker/pull/1238
https://github.com/openshift/template-service-broker-operator/pull/53


Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
Try to use the workaround from OCP4.1
1.Set up the redhat-operators-art OperatorSource
2.check the latest ASB and TSB operator version


Actual results:
The latest version are: openshiftansibleservicebroker.4.1.8-201907241243
openshifttemplateservicebroker.4.1.8-201907241243


Expected results:
the lastest version should be 4.2 for openshiftansibleservicebroker and openshifttemplateservicebroker

Additional info:
$ oc get packagemanifest openshiftansibleservicebroker -n openshift-marketplace -o jsonpath='{range .status}{.channels[0].currentCSV}{"\n"}{end}'
openshiftansibleservicebroker.4.1.8-201907241243

oc get packagemanifest openshifttemplateservicebroker -n openshift-marketplace -o jsonpath='{range .status}{.channels[0].currentCSV}{"\n"}{end}'
openshifttemplateservicebrokeroperator.4.1.8-201907241243

Comment 1 Dan Geoffroy 2019-09-05 15:41:19 UTC

Current state is that the ART/OSBS pipeline does not yet support 4.2.0 optional OLM managed OCP operators so these do not yet show up.  Keeping this open until that pipeline is functional and will close when 4.2.0 versions of both ASB and TSB are available.

Comment 3 Cuiping HUO 2019-09-10 07:25:08 UTC

Verify failed with ASB. Verify passed with TSB

cluster version: 4.2.0-0.nightly-2019-09-08-180038
openshiftansibleservicebrokeroperator.4.2.0-201909081401
openshifttemplateservicebrokeroperator.4.2.0-201909081401

1.Set up the redhat-operators-art OperatorSource
$ oc get opsrc -n openshift-marketplace
NAME                  TYPE          ENDPOINT              REGISTRY               DISPLAYNAME           PUBLISHER   STATUS      MESSAGE                                       AGE
qe-app-registry       appregistry   https://quay.io/cnr   redhat-operators-art   Red Hat Operators     Red Hat     Succeeded   The object has been successfully reconciled   67m

ASB operator and AutomationBroker installation
2.1 install ASB operator through web console(pass)
$ oc get po -n openshift-ansible-service-broker
NAME                                                         READY   STATUS    RESTARTS   AGE
openshift-ansible-service-broker-operator-66599bfd96-m9rnj   1/1     Running   0          21m

2.2 install Automation Broker through web console(FAILED) with not asb pod.
$ oc get automationbroker ansible-service-broker -n openshift-ansible-service-broker -o yaml
apiVersion: osb.openshift.io/v1
kind: AutomationBroker
metadata:
  creationTimestamp: "2019-09-10T07:18:27Z"
  generation: 1
  name: ansible-service-broker
  namespace: openshift-ansible-service-broker
  resourceVersion: "534286"
  selfLink: /apis/osb.openshift.io/v1/namespaces/openshift-ansible-service-broker/automationbrokers/ansible-service-broker
  uid: 2ef4858b-d39b-11e9-b489-0a5191f3ea26
spec:
  createBrokerNamespace: "false"
  registries:
  - auth_name: asb-registry-auth
    auth_type: secret
    name: rhcc
    type: rhcc
    url: https://registry.redhat.io
    white_list:
    - .*-apb$
  waitForBroker: "false"
$ oc get po -n openshift-ansible-service-broker
NAME                                                         READY   STATUS    RESTARTS   AGE
openshift-ansible-service-broker-operator-66599bfd96-m9rnj   1/1     Running   0          27m
$ oc logs -f openshift-ansible-service-broker-operator-66599bfd96-m9rnj -n openshift-ansible-service-broker
{"level":"info","ts":1568098355.8831747,"logger":"cmd","msg":"Go Version: go1.12.8"}
{"level":"info","ts":1568098355.8832142,"logger":"cmd","msg":"Go OS/Arch: linux/amd64"}
{"level":"info","ts":1568098355.8832226,"logger":"cmd","msg":"Version of operator-sdk: v0.10.0+git"}
{"level":"info","ts":1568098355.8832426,"logger":"cmd","msg":"Watching namespace.","Namespace":"openshift-ansible-service-broker"}
{"level":"info","ts":1568098356.0089905,"logger":"ansible-controller","msg":"Watching resource","Options.Group":"osb.openshift.io","Options.Version":"v1","Options.Kind":"AutomationBroker"}
{"level":"info","ts":1568098356.0092165,"logger":"kubebuilder.controller","msg":"Starting EventSource","controller":"automationbroker-controller","source":"kind source: osb.openshift.io/v1, Kind=AutomationBroker"}
{"level":"info","ts":1568098356.0094168,"logger":"leader","msg":"Trying to become the leader."}
{"level":"info","ts":1568098356.1304681,"logger":"leader","msg":"No pre-existing lock was found."}
{"level":"info","ts":1568098356.1400313,"logger":"leader","msg":"Became the leader."}
{"level":"info","ts":1568098356.2785285,"logger":"proxy","msg":"Starting to serve","Address":"127.0.0.1:8888"}
{"level":"info","ts":1568098356.3788166,"logger":"kubebuilder.controller","msg":"Starting Controller","controller":"automationbroker-controller"}
{"level":"info","ts":1568098356.4789257,"logger":"kubebuilder.controller","msg":"Starting workers","controller":"automationbroker-controller","worker count":1}
{"level":"info","ts":1568098360.359439,"logger":"logging_event_handler","msg":"[playbook task]","name":"ansible-service-broker","namespace":"openshift-ansible-service-broker","gvk":"osb.openshift.io/v1, Kind=AutomationBroker","event_type":"playbook_on_task_start","job":"8674665223082153551","EventData.Name":"ansible-service-broker : Environment Validation"}
{"level":"info","ts":1568098360.428414,"logger":"logging_event_handler","msg":"[playbook task]","name":"ansible-service-broker","namespace":"openshift-ansible-service-broker","gvk":"osb.openshift.io/v1, Kind=AutomationBroker","event_type":"playbook_on_task_start","job":"8674665223082153551","EventData.Name":"ansible-service-broker : Verify service catalog is installed"}
{"level":"info","ts":1568098360.484468,"logger":"logging_event_handler","msg":"[playbook task]","name":"ansible-service-broker","namespace":"openshift-ansible-service-broker","gvk":"osb.openshift.io/v1, Kind=AutomationBroker","event_type":"playbook_on_task_start","job":"8674665223082153551","EventData.Name":"ansible-service-broker : Set broker admin cluster rolebinding state=present"}
{"level":"info","ts":1568098362.196421,"logger":"proxy","msg":"Injecting owner reference"}
{"level":"error","ts":1568098362.3626807,"logger":"logging_event_handler","msg":"","name":"ansible-service-broker","namespace":"openshift-ansible-service-broker","gvk":"osb.openshift.io/v1, Kind=AutomationBroker","event_type":"runner_on_failed","job":"8674665223082153551","EventData.Task":"Set broker admin cluster rolebinding state=present","EventData.TaskArgs":"","EventData.FailedTaskPath":"/opt/ansible/roles/ansible-service-broker/tasks/main.yml:40","error":"[playbook task failed]","stacktrace":"github.com/go-logr/zapr.(*zapLogger).Error\n\tsrc/github.com/operator-framework/operator-sdk/vendor/github.com/go-logr/zapr/zapr.go:128\ngithub.com/operator-framework/operator-sdk/pkg/ansible/events.loggingEventHandler.Handle\n\tsrc/github.com/operator-framework/operator-sdk/pkg/ansible/events/log_events.go:84"}
{"level":"info","ts":1568098362.368727,"logger":"logging_event_handler","msg":"[playbook task]","name":"ansible-service-broker","namespace":"openshift-ansible-service-broker","gvk":"osb.openshift.io/v1, Kind=AutomationBroker","event_type":"playbook_on_task_start","job":"8674665223082153551","EventData.Name":"ansible-service-broker : fail"}
{"level":"info","ts":1568098362.3924665,"logger":"logging_event_handler","msg":"[playbook task]","name":"ansible-service-broker","namespace":"openshift-ansible-service-broker","gvk":"osb.openshift.io/v1, Kind=AutomationBroker","event_type":"playbook_on_task_start","job":"8674665223082153551","EventData.Name":"ansible-service-broker : fail"}
{"level":"error","ts":1568098362.4183214,"logger":"logging_event_handler","msg":"","name":"ansible-service-broker","namespace":"openshift-ansible-service-broker","gvk":"osb.openshift.io/v1, Kind=AutomationBroker","event_type":"runner_on_failed","job":"8674665223082153551","EventData.Task":"fail","EventData.TaskArgs":"","EventData.FailedTaskPath":"/opt/ansible/roles/ansible-service-broker/tasks/main.yml:51","error":"[playbook task failed]","stacktrace":"github.com/go-logr/zapr.(*zapLogger).Error\n\tsrc/github.com/operator-framework/operator-sdk/vendor/github.com/go-logr/zapr/zapr.go:128\ngithub.com/operator-framework/operator-sdk/pkg/ansible/events.loggingEventHandler.Handle\n\tsrc/github.com/operator-framework/operator-sdk/pkg/ansible/events/log_events.go:84"}
{"level":"error","ts":1568098362.634904,"logger":"runner","msg":"\u001b[0;34mansible-playbook 2.8.4\u001b[0m\r\n\u001b[0;34m  config file = /etc/ansible/ansible.cfg\u001b[0m\r\n\u001b[0;34m  configured module search path = [u'/usr/share/ansible/openshift']\u001b[0m\r\n\u001b[0;34m  ansible python module location = /usr/lib/python2.7/site-packages/ansible\u001b[0m\r\n\u001b[0;34m  executable location = /usr/bin/ansible-playbook\u001b[0m\r\n\u001b[0;34m  python version = 2.7.5 (default, Jun 11 2019, 14:33:56) [GCC 4.8.5 20150623 (Red Hat 4.8.5-39)]\u001b[0m\r\n\u001b[0;34mUsing /etc/ansible/ansible.cfg as config file\u001b[0m\r\n\u001b[0;34mstatically imported: /opt/ansible/roles/ansible-service-broker/tasks/validate_present.yml\u001b[0m\r\n\u001b[0;34mstatically imported: /opt/ansible/roles/ansible-service-broker/tasks/tls_k8s.yml\u001b[0m\r\n\r\nPLAYBOOK: playbook.yaml ********************************************************\n\u001b[0;34m1 plays in /opt/ansible/playbook.yaml\u001b[0m\n\r\nPLAY [localhost] ***************************************************************\n\u001b[0;34mMETA: ran handlers\u001b[0m\n\r\nTASK [ansible-service-broker : Get cluster api_groups] *************************\r\n\u001b[1;30mtask path: /opt/ansible/roles/ansible-service-broker/tasks/main.yml:4\u001b[0m\n\u001b[0;32mok: [localhost] => {\"ansible_facts\": {\"api_groups\": [\"apiregistration.k8s.io\", \"extensions\", \"apps\", \"events.k8s.io\", \"authentication.k8s.io\", \"authorization.k8s.io\", \"autoscaling\", \"batch\", \"certificates.k8s.io\", \"networking.k8s.io\", \"policy\", \"rbac.authorization.k8s.io\", \"storage.k8s.io\", \"admissionregistration.k8s.io\", \"apiextensions.k8s.io\", \"scheduling.k8s.io\", \"coordination.k8s.io\", \"node.k8s.io\", \"apps.openshift.io\", \"authorization.openshift.io\", \"build.openshift.io\", \"image.openshift.io\", \"oauth.openshift.io\", \"project.openshift.io\", \"quota.openshift.io\", \"route.openshift.io\", \"security.openshift.io\", \"template.openshift.io\", \"user.openshift.io\", \"servicecatalog.k8s.io\", \"packages.operators.coreos.com\", \"config.openshift.io\", \"operator.openshift.io\", \"autoscaling.openshift.io\", \"cloudcredential.openshift.io\", \"console.openshift.io\", \"imageregistry.operator.openshift.io\", \"ingress.operator.openshift.io\", \"k8s.cni.cncf.io\", \"logging.openshift.io\", \"machineconfiguration.openshift.io\", \"monitoring.coreos.com\", \"network.openshift.io\", \"operators.coreos.com\", \"osb.openshift.io\", \"samples.operator.openshift.io\", \"tuned.openshift.io\", \"automationbroker.io\", \"healthchecking.openshift.io\", \"metal3.io\", \"machine.openshift.io\", \"metrics.k8s.io\"]}, \"changed\": false}\u001b[0m\n\r\nTASK [ansible-service-broker : Set reconciled_generation and generation facts] ***\r\n\u001b[1;30mtask path: /opt/ansible/roles/ansible-service-broker/tasks/main.yml:13\u001b[0m\n\u001b[0;32mok: [localhost] => {\"ansible_facts\": {\"generation\": \"1\", \"reconciled_generation\": \"\"}, \"changed\": false}\u001b[0m\n\r\nTASK [ansible-service-broker : Set pending_config_changes fact] ****************\r\n\u001b[1;30mtask path: /opt/ansible/roles/ansible-service-broker/tasks/main.yml:32\u001b[0m\n\u001b[0;32mok: [localhost] => {\"ansible_facts\": {\"pending_config_changes\": true}, \"changed\": false}\u001b[0m\n\r\nTASK [ansible-service-broker : Environment Validation] *************************\r\n\u001b[1;30mtask path: /opt/ansible/roles/ansible-service-broker/tasks/validate_present.yml:4\u001b[0m\n\u001b[0;32mok: [localhost] => {\u001b[0m\r\n\u001b[0;32m    \"changed\": false, \u001b[0m\r\n\u001b[0;32m    \"msg\": \"All assertions passed\"\u001b[0m\r\n\u001b[0;32m}\u001b[0m\n\r\nTASK [ansible-service-broker : Verify service catalog is installed] ************\r\n\u001b[1;30mtask path: /opt/ansible/roles/ansible-service-broker/tasks/validate_present.yml:13\u001b[0m\n\u001b[0;32mok: [localhost] => {\u001b[0m\r\n\u001b[0;32m    \"changed\": false, \u001b[0m\r\n\u001b[0;32m    \"msg\": \"All assertions passed\"\u001b[0m\r\n\u001b[0;32m}...
...
"ansible-service-broker-openshift-ansible-service-broker-admin\\\",\\\"group\\\":\\\"rbac.authorization.k8s.io\\\",\\\"kind\\\":\\\"clusterrolebindings\\\"},\\\"code\\\":403}\\n\", \"reason\": \"Forbidden\", \"status\": 403}\u001b[0m\r\n\u001b[0;36m...ignoring\u001b[0m\n\r\nTASK [ansible-service-broker : fail] *******************************************\r\n\u001b[1;30mtask path: /opt/ansible/roles/ansible-service-broker/tasks/main.yml:47\u001b[0m\n\u001b[0;36mskipping: [localhost] => {\"changed\": false, \"skip_reason\": \"Conditional result was False\"}\u001b[0m\n\r\nTASK [ansible-service-broker : fail] *******************************************\r\n\u001b[1;30mtask path: /opt/ansible/roles/ansible-service-broker/tasks/main.yml:51\u001b[0m\n\u001b[0;31mfatal: [localhost]: FAILED! => {\"changed\": false, \"msg\": \"Unable to create broker-admin clusterrolebinding\"}\u001b[0m\n\r\nPLAY RECAP *********************************************************************\r\n\u001b[0;31mlocalhost\u001b[0m                  : \u001b[0;32mok=6   \u001b[0m changed=0    unreachable=0    \u001b[0;31mfailed=1   \u001b[0m \u001b[0;36mskipped=1   \u001b[0m rescued=0    \u001b[1;35mignored=1   \u001b[0m\r\n\n","job":"8674665223082153551","name":"ansible-service-broker","namespace":"openshift-ansible-service-broker","error":"exit status 2","stacktrace":"github.com/go-logr/zapr.(*zapLogger).Error\n\tsrc/github.com/operator-framework/operator-sdk/vendor/github.com/go-logr/zapr/zapr.go:128\ngithub.com/operator-framework/operator-sdk/pkg/ansible/runner.(*runner).Run.func1\n\tsrc/github.com/operator-framework/operator-sdk/pkg/ansible/runner/runner.go:190"}
{"level":"info","ts":1568098387.4054787,"logger":"logging_event_handler","msg":"[playbook task]","name":"ansible-service-broker","namespace":"openshift-ansible-service-broker","gvk":"osb.openshift.io/v1, Kind=AutomationBroker","event_type":"playbook_on_task_start","job":"6129484611666145821","EventData.Name":"ansible-service-broker : Verify the broker has no outstanding service instances if deprovisioning"}
{"level":"info","ts":1568098387.6072614,"logger":"logging_event_handler","msg":"[playbook task]","name":"ansible-service-broker","namespace":"openshift-ansible-service-broker","gvk":"osb.openshift.io/v1, Kind=AutomationBroker","event_type":"playbook_on_task_start","job":"6129484611666145821","EventData.Name":"ansible-service-broker : Set broker admin cluster rolebinding state=absent"}
{"level":"info","ts":1568098389.1001196,"logger":"logging_event_handler","msg":"[playbook task]","name":"ansible-service-broker","namespace":"openshift-ansible-service-broker","gvk":"osb.openshift.io/v1, Kind=AutomationBroker","event_type":"playbook_on_task_start","job":"6129484611666145821","EventData.Name":"ansible-service-broker : fail"}
{"level":"info","ts":1568098389.1555068,"logger":"logging_event_handler","msg":"[playbook task]","name":"ansible-service-broker","namespace":"openshift-ansible-service-broker","gvk":"osb.openshift.io/v1, Kind=AutomationBroker","event_type":"playbook_on_task_start","job":"6129484611666145821","EventData.Name":"ansible-service-broker : fail"}
{"level":"info","ts":1568098389.2380424,"logger":"logging_event_handler","msg":"[playbook task]","name":"ansible-service-broker","namespace":"openshift-ansible-service-broker","gvk":"osb.openshift.io/v1, Kind=AutomationBroker","event_type":"playbook_on_task_start","job":"6129484611666145821","EventData.Name":"ansible-service-broker : Create directory for cert"}
{"level":"info","ts":1568098389.2665164,"logger":"logging_event_handler","msg":"[playbook task]","name":"ansible-service-broker","namespace":"openshift-ansible-service-broker","gvk":"osb.openshift.io/v1, Kind=AutomationBroker","event_type":"playbook_on_task_start","job":"6129484611666145821","EventData.Name":"ansible-service-broker : Create cert"}
{"level":"info","ts":1568098389.466038,"logger":"logging_event_handler","msg":"[playbook task]","name":"ansible-service-broker","namespace":"openshift-ansible-service-broker","gvk":"osb.openshift.io/v1, Kind=AutomationBroker","event_type":"playbook_on_task_start","job":"6129484611666145821","EventData.Name":"ansible-service-broker : Set tls secret state=absent"}
{"level":"info","ts":1568098389.5754871,"logger":"logging_event_handler","msg":"[playbook task]","name":"ansible-service-broker","namespace":"openshift-ansible-service-broker","gvk":"osb.openshift.io/v1, Kind=AutomationBroker","event_type":"playbook_on_task_start","job":"6129484611666145821","EventData.Name":"ansible-service-broker : Remove tls secret"}
{"level":"info","ts":1568098389.6294715,"logger":"logging_event_handler","msg":"[playbook task]","name":"ansible-service-broker","namespace":"openshift-ansible-service-broker","gvk":"osb.openshift.io/v1, Kind=AutomationBroker","event_type":"playbook_on_task_start","job":"6129484611666145821","EventData.Name":"ansible-service-broker : Set dashboard redirector state=absent"}
{"level":"info","ts":1568098390.7435415,"logger":"proxy","msg":"Cache miss: route.openshift.io/v1, Kind=Route, openshift-ansible-service-broker/dr-1337"}
{"level":"info","ts":1568098390.9224665,"logger":"logging_event_handler","msg":"[playbook task]","name":"ansible-service-broker","namespace":"openshift-ansible-service-broker","gvk":"osb.openshift.io/v1, Kind=AutomationBroker","event_type":"playbook_on_task_start","job":"6129484611666145821","EventData.Name":"ansible-service-broker : ConfigMap for Broker"}
{"level":"info","ts":1568098392.217078,"logger":"proxy","msg":"Cache miss: /v1, Kind=ConfigMap, openshift-ansible-service-broker/broker-config"}
{"level":"info","ts":1568098392.348078,"logger":"logging_event_handler","msg":"[playbook task]","name":"ansible-service-broker","namespace":"openshift-ansible-service-broker","gvk":"osb.openshift.io/v1, Kind=AutomationBroker","event_type":"playbook_on_task_start","job":"6129484611666145821","EventData.Name":"ansible-service-broker : Broker application objects state=absent"}
{"level":"info","ts":1568098393.083432,"logger":"proxy","msg":"Cache miss: /v1, Kind=ServiceAccount, openshift-ansible-service-broker/ansible-service-broker"}
{"level":"info","ts":1568098395.5081365,"logger":"proxy","msg":"Cache miss: /v1, Kind=Service, openshift-ansible-service-broker/asb"}
{"level":"info","ts":1568098396.3175156,"logger":"proxy","msg":"Cache miss: apps.openshift.io/v1, Kind=DeploymentConfig, openshift-ansible-service-broker/asb"}
{"level":"info","ts":1568098397.0119429,"logger":"proxy","msg":"Cache miss: route.openshift.io/v1, Kind=Route, openshift-ansible-service-broker/asb-1338"}
{"level":"info","ts":1568098397.7999492,"logger":"proxy","msg":"Cache miss: /v1, Kind=ServiceAccount, openshift-ansible-service-broker/ansible-service-broker-client"}
{"level":"info","ts":1568098400.2795076,"logger":"proxy","msg":"Cache miss: /v1, Kind=Secret, openshift-ansible-service-broker/ansible-service-broker-client"}
{"level":"info","ts":1568098400.9611795,"logger":"proxy","msg":"Cache miss: /v1, Kind=ConfigMap, openshift-ansible-service-broker/broker-service-ca-bundle"}
{"level":"info","ts":1568098403.252654,"logger":"proxy","msg":"Cache miss: monitoring.coreos.com/v1, Kind=ServiceMonitor, openshift-ansible-service-broker/ansible-service-broker"}
E0910 06:53:24.039148       6 reflector.go:134] sigs.k8s.io/controller-runtime/pkg/cache/internal/informers_map.go:196: Failed to list *unstructured.Unstructured: roles.rbac.authorization.k8s.io is forbidden: User "system:serviceaccount:openshift-ansible-service-broker:openshift-ansible-service-broker-operator" cannot list resource "roles" in API group "rbac.authorization.k8s.io" in the namespace "openshift-ansible-service-broker"
E0910 06:53:25.041878       6 reflector.go:134] sigs.k8s.io/controller-runtime/pkg/cache/internal/informers_map.go:196: Failed to list *unstructured.Unstructured: roles.rbac.authorization.k8s.io is forbidden: User "system:serviceaccount:openshift-ansible-service-broker:openshift-ansible-service-broker-operator" cannot list resource "roles" in API group "rbac.authorization.k8s.io" in the namespace "openshift-ansible-service-broker"
E0910 06:53:26.043769       6 reflector.go:134] sigs.k8s.io/controller-runtime/pkg/cache/internal/informers_map.go:196: Failed to list *unstructured.Unstructured: roles.rbac.authorization.k8s.io is forbidden: User "system:serviceaccount:openshift-ansible-service-broker:openshift-ansible-service-broker-operator" cannot list resource "roles" in API group "rbac.authorization.k8s.io" in the namespace "openshift-ansible-service-broker"
E0910 06:53:27.045428       6 reflector.go:134] sigs.k8s.io/controller-runtime/pkg/cache/internal/informers_map.go:196: Failed to list *unstructured.Unstructured: roles.rbac.authorization.k8s.io is forbidden: User "system:serviceaccount:openshift-ansible-service-broker:openshift-ansible-service-broker-operator" cannot list resource "roles" in API group "rbac.authorization.k8s.io" in the namespace "openshift-ansible-service-broker"
E0910 06:53:28.050680       6 reflector.go:134] sigs.k8s.io/controller-runtime/pkg/cache/internal/informers_map.go:196: Failed to list *unstructured.Unstructured: roles.rbac.authorization.k8s.io is forbidden: User "system:serviceaccount:openshift-ansible-service-broker:openshift-ansible-service-broker-operator" cannot list resource "roles" in API group "rbac.authorization.k8s.io" in the namespace "openshift-ansible-service-broker"
E0910 06:53:29.052520       6 reflector.go:134] sigs.k8s.io/controller-runtime/pkg/cache/internal/informers_map.go:196: Failed to list *unstructured.Unstructured: roles.rbac.authorization.k8s.io is forbidden: User "system:serviceaccount:openshift-ansible-service-broker:openshift-ansible-service-broker-operator" cannot list resource "roles" in API group "rbac.authorization.k8s.io" in the namespace "openshift-ansible-service-broker"
E0910 06:53:30.054185       6 reflector.go:134] sigs.k8s.io/controller-runtime/pkg/cache/internal/informers_map.go:196: Failed to list *unstructured.Unstructured: roles.rbac.authorization.k8s.io is forbidden: User "system:serviceaccount:openshift-ansible-service-broker:openshift-ansible-service-broker-operator" cannot list resource "roles" in API group "rbac.authorization.k8s.io" in the namespace "openshift-ansible-service-broker"
E0910 06:53:31.055873       6 reflector.go:134] sigs.k8s.io/controller-runtime/pkg/cache/internal/informers_map.go:196: Failed to list *unstructured.Unstructured: roles.rbac.authorization.k8s.io is forbidden: User "system:serviceaccount:openshift-ansible-service-broker:openshift-ansible-service-broker-operator" cannot list resource "roles" in API group "rbac.authorization.k8s.io" in the namespace "openshift-ansible-service-broker"
E0910 06:53:32.059309       6 reflector.go:134] sigs.k8s.io/controller-runtime/pkg/cache/internal/informers_map.go:196: Failed to list *unstructured.Unstructured: roles.rbac.authorization.k8s.io is forbidden: User "system:serviceaccount:openshift-ansible-service-broker:openshift-ansible-service-broker-operator" cannot list resource "roles" in API group "rbac.authorization.k8s.io" in the namespace "openshift-ansible-service-broker"
E0910 06:53:33.061081       6 reflector.go:134] sigs.k8s.io/controller-runtime/pkg/cache/internal/informers_map.go:196: Failed to list *unstructured.Unstructured: roles.rbac.authorization.k8s.io is forbidden: User "system:serviceaccount:openshift-ansible-service-broker:openshift-ansible-service-broker-operator" cannot list resource "roles" in API group "rbac.authorization.k8s.io" in the namespace "openshift-ansible-service-broker"

TSB operator and TemplateServiceBroker installation
2.1 install TSB operator through web console(pass)
$ oc get po -n openshift-template-service-broker
NAME                                                          READY   STATUS      RESTARTS   AGE
openshift-template-service-broker-operator-7cbc5bd966-xc2zf   1/1     Running     0          23m

2.2 install Template Service Broker through web console(pass ) with not api pod.
$ oc get templateservicebroker -n openshift-template-service-broker
NAME                      AGE
template-service-broker   21m

$ oc get po -n openshift-template-service-broker
NAME                                                          READY   STATUS      RESTARTS   AGE
apiserver-1-7k6vv                                             1/1     Running     0          20m
apiserver-1-deploy                                            0/1     Completed   0          21m
openshift-template-service-broker-operator-7cbc5bd966-xc2zf   1/1     Running     0          23m

Comment 4 Cuiping HUO 2019-09-10 10:01:56 UTC

Verified.
(please ignore Comment 3, it is an env unstable mis-leading)

cluster version: 4.2.0-0.nightly-2019-09-08-180038
openshiftansibleservicebrokeroperator.4.2.0-201909081401
openshifttemplateservicebrokeroperator.4.2.0-201909081401


1.Set up the redhat-operators-art OperatorSource
$ oc get opsrc -n openshift-marketplace
NAME                  TYPE          ENDPOINT              REGISTRY               DISPLAYNAME           PUBLISHER   STATUS      MESSAGE                                       AGE
qe-app-registry       appregistry   https://quay.io/cnr   redhat-operators-art   Red Hat Operators     Red Hat     Succeeded   The object has been successfully reconciled   67m

ASB operator and AutomationBroker installation
2.1 install ASB operator through web console
$ oc get po -n openshift-ansible-service-broker
NAME                                                         READY   STATUS    RESTARTS   AGE
openshift-ansible-service-broker-operator-5f55c764f8-vb424    1/1     Running   0          10m

2.2 install Automation Broker through web console
$ oc get po -n openshift-ansible-service-broker
NAME                                                         READY   STATUS      RESTARTS   AGE
asb-1-deploy                                                 0/1     Completed   0          3m53s
asb-1-fv6rd                                                  2/2     Running     0          2m47s
openshift-ansible-service-broker-operator-5f55c764f8-vb424   1/1     Running     0          14m

TSB operator and TemplateServiceBroker installation
2.2 install Template Service Broker through web console
$ oc get templateservicebroker -n openshift-template-service-broker
NAME                      AGE
template-service-broker   178m

$ oc get po -n openshift-template-service-broker
NAME                                                          READY   STATUS      RESTARTS   AGE
apiserver-1-7k6vv                                             1/1     Running     0          176m
apiserver-1-deploy                                            0/1     Completed   0          177m
openshift-template-service-broker-operator-7cbc5bd966-xc2zf   1/1     Running     0          178m

$ oc get clusterservicebroker
NAME                      URL                                                                                         STATUS   AGE
ansible-service-broker    https://asb.openshift-ansible-service-broker.svc:1338/osb/                                  Ready    4m
template-service-broker   https://apiserver.openshift-template-service-broker.svc:443/brokers/template.openshift.io   Ready    2h

Comment 5 errata-xmlrpc 2019-10-16 06:33:49 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2019:2922

Note You need to log in before you can comment on or make changes to this bug.