Re: Need help to install service catalog & other service brokers in v3.9.

[Gilles Le Bris]

Replying to myself and for those who are interested.


Until now, setting up service brokers on OpenShift Origin/OKD was almost black 
magic.

I finally found a working configuration for v3.9 and v3.11 that I am publishing 
here (you should easily guess the v3.10 configuration).


v3.9 configuration:

# SERVICE CATALOG
openshift_enable_service_catalog=true
openshift_service_catalog_image_prefix=docker.io/openshift/origin-
openshift_service_catalog_image_version=v3.9.0

# TEMPLATE SERVICE BROKER
template_service_broker_install=true
template_service_broker_selector={"role":"infra"}
openshift_template_service_broker_namespaces=['openshift']

# ANSIBLE SERVICE BROKER
ansible_service_broker_install=true
ansible_service_broker_image=docker.io/ansibleplaybookbundle/origin-ansible-service-broker:v3.9
ansible_service_broker_local_registry_whitelist=['.*-apb$']
ansible_service_broker_registry_whitelist=['.*-apb$']


v3.11 configuration:

# SERVICE CATALOG
openshift_enable_service_catalog=true
openshift_service_catalog_image_prefix=docker.io/openshift/origin-
openshift_service_catalog_image_version=v3.11.0

# TEMPLATE SERVICE BROKER
template_service_broker_install=true
template_service_broker_selector={"node-role.kubernetes.io/infra":"true"}
openshift_template_service_broker_namespaces=['openshift']

# ANSIBLE SERVICE BROKER
ansible_service_broker_install=true
ansible_service_broker_node_selector={"node-role.kubernetes.io/infra":"true"}
ansible_service_broker_image=docker.io/ansibleplaybookbundle/origin-ansible-service-broker:v3.11
ansible_service_broker_local_registry_whitelist=['.*-apb$']
ansible_service_broker_registry_whitelist=['.*-apb$']

It is interesting to note that the ansible_service_broker_image variable 
generated by the OpenShift Ansible playbooks in all OpenShift Origin tested 
versions (v3.9 and v3.11) is consistently broken (up to at least 
openshift-ansible-playbook 3.9.49-1 and 3.11.37-1).
Could you fix that? It would make service broker installations so much easier 
for new starters.

About the warning described in my previous mail:
As the controller is started before the Ansible Service Broker during the 
initial installation process, it can't access it and sends a warning.
Later on, everything comes back to normal.

One way to check that the configuration is fine after the initial installation:
# oc describe clusterservicebroker ansible-service-broker | grep Message
It should display "Successfully fetched catalog entries from broker.".

________________________________
From: dev-boun...@lists.openshift.redhat.com 
<dev-boun...@lists.openshift.redhat.com> on behalf of Gilles Le Bris 
<lebr...@hotmail.com>
Sent: Friday, November 30, 2018 11:16 PM
To: dev@lists.openshift.redhat.com
Subject: Re: Need help to install service catalog & other service brokers in 
v3.9.

Replying to myself and for those who are interested.

In v3.9, the service catalog can only run on the master nodes:
openshift_service_catalog_nodeselector={"role":"infra"} is a mistake.

I still get a warning after installation but this doesn't seem to be a big deal.
"Error getting broker catalog: Get 
https://asb.openshift-ansible-service-broker.svc:1338/ansible-service-broker/v2/catalog:
 dial tcp 172.30.254.153:1338: getsockopt: no route to host"
________________________________
From: Gilles Le Bris
Sent: Monday, November 19, 2018 10:44 AM
To: dev@lists.openshift.redhat.com
Subject: Need help to install service catalog & other service brokers in v3.9.

I have been trying to install the service catalog & other service brokers in 
v3.9 for several weeks without any success.

I'm using the following versions:
- ansible-2.6.2-1.el7.ans.noarch,
- CentOS 7.5.1804,
- Ansible playbook packages 3.9.49.

To activate the service catalog and other service brokers, I use the following 
Ansible variables:
openshift_enable_service_catalog=true
openshift_service_catalog_nodeselector={"role":"infra"}
openshift_service_catalog_image_prefix=docker.io/openshift/origin-<http://docker.io/openshift/origin->
openshift_service_catalog_image_version=v3.9.0

openshift_hosted_etcd_storage_kind=glusterfs
openshift_hosted_etcd_storage_volume_name=etcd
openshift_hosted_etcd_storage_volume_size=1Gi
openshift_hosted_etcd_storage_access_modes=["ReadWriteOnce"]

ansible_service_broker_image_prefix=ansibleplaybookbundle/origin-
ansible_service_broker_local_registry_whitelist=['.*-apb$']
ansible_service_broker_registry_whitelist=['.*-apb$']
openshift_template_service_broker_namespaces=['openshift']
template_service_broker_selector={"role":"infra"}

I'm getting the following situation:
# oc get pod
NAME                       READY     STATUS             RESTARTS   AGE
apiserver-6nsps            1/1       Running            0          21m
apiserver-lcttx            0/1       CrashLoopBackOff   9          22m
controller-manager-2m2sv   1/1       Running            0          21m
controller-manager-9ddrj   1/1       Running            0          21m

# oc get event | grep -v Normal
LAST SEEN   FIRST SEEN   COUNT     NAME                                         
KIND                    SUBOBJECT                           TYPE      REASON    
                SOURCE                               MESSAGE
17m         18m          13        ansible-service-broker.1566bac548a5536a      
ClusterServiceBroker                                        Warning   
ErrorFetchingCatalog      service-catalog-controller-manager   Error getting 
broker catalog: Get 
https://asb.openshift-ansible-service-broker.svc:1338/ansible-service-broker/v2/catalog:
 dial tcp 172.30.194.121:1338<http://172.30.194.121:1338/>: getsockopt: no 
route to host

# oc logs apiserver-lcttx
F1113 16:28:33.231725       1 storage_decorator.go:57] Unable to create storage 
backend: config (&{ /registry 
[https://172.17.254.11:2379<https://172.17.254.11:2379/>] 
/etc/origin/master/master.etcd-client.key 
/etc/origin/master/master.etcd-client.crt /etc/origin/master/master.etcd-ca.crt 
true true 0 {0xc42024fd80 0xc42024fe00} <nil> 5m0s}), err (open 
/etc/origin/master/master.etcd-client.crt: no such file or directory)

# oc get pv
NAME                                       CAPACITY   ACCESS MODES   RECLAIM 
POLICY   STATUS    CLAIM                                   STORAGECLASS        
REASON    AGE
pvc-453b8c76-e75e-11e8-84df-fa163e77ee9e   1Gi        RWO            Delete     
      Bound     openshift-ansible-service-broker/etcd   glusterfs-storage       
      19m
registry-volume                            10Gi       RWX            Retain     
      Bound     default/registry-claim                                          
      21m

What am I doing wrong?

[https://ipmcdn.avast.com/images/icons/icon-envelope-tick-round-orange-animated-no-repeat-v1.gif]<https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail>
  Garanti sans virus. 
www.avast.com<https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail>

_______________________________________________
dev mailing list
dev@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/dev