THIS REPO IS MIGRATING: https://github.com/automationbroker/apb

License: GNU General Public License v2.0

Python 95.97% Shell 4.03%

ansible-playbook-bundles docker python openshift ansible-service-broker metadata meta-containers apb ansible-roles playbook

ansible-playbook-bundle's Introduction

Ansible Playbook Bundle (APB)

An Ansible Playbook Bundle (APB) is a lightweight application definition (meta-container). They are used to define and deploy complex groups of applications, deployment configs, deployments, and services to an OpenShift Origin cluster running the Ansible Service Broker. APBs offer more power and simple configuration by leveraging the power of Ansible. APBs have the following features:

Metadata contains list of required/optional parameters for use during deployment.
Leverages existing investment in Ansible Roles / Playbooks.
Actions under a directory with named playbooks and metadata defined in apb.yml.
Developer tooling to drive a guided approach.
Easily modified or extended.

Documentation

Getting Started - step by step tutorial to create an Ansible Playbook Bundle
Design - overall design of Ansible Playbook Bundles
Developers - in-depth explanation of Ansible Playbook Bundles
APB CLI Tool - installation and usage of the apb cli tool
Ansible Service Broker - more information about the Ansible Service Broker which runs APBs

ansible-playbook-bundle's People

Contributors

Stargazers

Watchers

ansible-playbook-bundle's Issues

Failed to install APB from source

Hi,

I followed the installing-from-source docs, but I got errors when executing pip install -r src/requirements.txtcommand.
Errors as the following, could you help to check it? Or something else I missed?

(apb)[root@ip-172-18-3-39 ansible-playbook-bundle]# pip install -r src/requirements.txt 
Downloading/unpacking PyYAML<4.0,>=3.10 (from -r src/requirements.txt (line 1))
  Downloading PyYAML-3.12.tar.gz (253kB): 253kB downloaded
  Running setup.py egg_info for package PyYAML
Downloading/unpacking docker<3.0.0,>=2.1.0 (from -r src/requirements.txt (line 2))
  Downloading docker-2.5.1.tar.gz (155kB): 155kB downloaded
  Running setup.py egg_info for package docker
Downloading/unpacking openshift>=0.0.1 (from -r src/requirements.txt (line 3))
  Downloading openshift-0.3.2.tar.gz (298kB): 298kB downloaded
  Running setup.py egg_info for package openshift
Downloading/unpacking Jinja2>=2.7.2 (from -r src/requirements.txt (line 4))
  Downloading Jinja2-2.9.6.tar.gz (437kB): 437kB downloaded
  Running setup.py egg_info for package Jinja2
    warning: no files found matching 'run-tests.py'
    warning: no files found matching '*' under directory 'custom_fixers'
    warning: no files found matching '*' under directory 'jinja2/testsuite/res'
    warning: no previously-included files matching '*' found under directory 'docs/_build'
    warning: no previously-included files matching '*.pyc' found under directory 'jinja2'
    warning: no previously-included files matching '*.pyc' found under directory 'docs'
    warning: no previously-included files matching '*.pyo' found under directory 'jinja2'
    warning: no previously-included files matching '*.pyo' found under directory 'docs'
Downloading/unpacking requests>=2.6.0 (from -r src/requirements.txt (line 5))
  Downloading requests-2.18.4.tar.gz (126kB): 126kB downloaded
  Running setup.py egg_info for package requests
    warning: no files found matching 'NOTICE'
Downloading/unpacking ruamel.yaml>=0.15 (from -r src/requirements.txt (line 6))
  Downloading ruamel.yaml-0.15.34.tar.gz (260kB): 260kB downloaded
  Running setup.py egg_info for package ruamel.yaml
    sys.argv ['-c', 'egg_info', '--egg-base', 'pip-egg-info']
Requirement already satisfied (use --upgrade to upgrade): six>=1.4.0 in /tmp/apb/lib/python2.7/site-packages (from docker<3.0.0,>=2.1.0->-r src/requirements.txt (line 2))
Downloading/unpacking websocket-client>=0.32.0 (from docker<3.0.0,>=2.1.0->-r src/requirements.txt (line 2))
  Downloading websocket_client-0.44.0.tar.gz (194kB): 194kB downloaded
  Running setup.py egg_info for package websocket-client
Downloading/unpacking docker-pycreds>=0.2.1 (from docker<3.0.0,>=2.1.0->-r src/requirements.txt (line 2))
  Downloading docker-pycreds-0.2.1.tar.gz
  Running setup.py egg_info for package docker-pycreds
Downloading/unpacking dictdiffer (from openshift>=0.0.1->-r src/requirements.txt (line 3))
  Downloading dictdiffer-0.6.1.tar.gz
  Running setup.py egg_info for package dictdiffer
    zip_safe flag not set; analyzing archive contents...
    
    Installed /tmp/apb/build/dictdiffer/.eggs/pytest_runner-2.12.1-py2.7.egg
Downloading/unpacking kubernetes~=3.0.0 (from openshift>=0.0.1->-r src/requirements.txt (line 3))
  Downloading kubernetes-3.0.0.tar.gz (328kB): 328kB downloaded
  Running setup.py egg_info for package kubernetes
    Traceback (most recent call last):
      File "<string>", line 16, in <module>
      File "/tmp/apb/build/kubernetes/setup.py", line 30, in <module>
        with open('requirements.txt') as f:
    IOError: [Errno 2] No such file or directory: 'requirements.txt'
    Complete output from command python setup.py egg_info:
    Traceback (most recent call last):

  File "<string>", line 16, in <module>

  File "/tmp/apb/build/kubernetes/setup.py", line 30, in <module>

    with open('requirements.txt') as f:

IOError: [Errno 2] No such file or directory: 'requirements.txt'

----------------------------------------
Cleaning up...
Command python setup.py egg_info failed with error code 1 in /tmp/apb/build/kubernetes
Storing complete log in /root/.pip/pip.log
(apb)[root@ip-172-18-3-39 ansible-playbook-bundle]# python
Python 2.7.5 (default, May  3 2017, 07:55:04) 
[GCC 4.8.5 20150623 (Red Hat 4.8.5-14)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> exit()
(apb)[root@ip-172-18-3-39 ansible-playbook-bundle]# cat src/requirements.txt 
PyYAML>=3.10,<4.0
docker>=2.1.0,<3.0.0
openshift>=0.0.1
Jinja2>=2.7.2
requests>=2.6.0
ruamel.yaml>=0.15
(apb)[root@ip-172-18-3-39 ansible-playbook-bundle]# pwd
/root/ansible-playbook-bundle
(apb)[root@ip-172-18-3-39 ansible-playbook-bundle]# uname -a
Linux ip-172-18-3-39.ec2.internal 3.10.0-693.el7.x86_64 #1 SMP Thu Jul 6 19:56:57 EDT 2017 x86_64 x86_64 x86_64 GNU/Linux
(apb)[root@ip-172-18-3-39 ansible-playbook-bundle]# lsb_release -a
LSB Version:	:core-4.1-amd64:core-4.1-noarch
Distributor ID:	RedHatEnterpriseServer
Description:	Red Hat Enterprise Linux Server release 7.4 (Maipo)
Release:	7.4
Codename:	Maipo

"apb relist" fails to trigger service-catalog relist with "404 page not found"

Using the latest service-catalog, latest origin, and canary ansible-service-broker, I'm hitting an error attempting to use apb relist (and also apb push).

$ apb relist
Relist failure: Received non-200 status code while retrieving broker: ansible-service-broker
Response body:
404 page not found

Quote from ernelson on IRC:

<ernelson> dwhatley: relist probably needs to be updated to reflect the new namechange
<ernelson> dwhatley: it's 404ing because the /servicebroker path doesn't exist anymore

$ rpm -qa | grep apb
apb-1.0.0-1.20171009135441.fc25.noarch

Connection refused when using HTTPS

After the latest changes to the templates I can not use HTTP (only HTTPS is allowed). When using oc cluster up, the CA is automatically generated upon server startup and is not trusted in the system.

Now, when I try to list APBs, I get the following error:

$ apb list --broker https://asb-1338-ansible-service-broker.127.0.0.1.nip.io --secure
ERROR: Failed broker request (get) https://asb-1338-ansible-service-broker.127.0.0.1.nip.io/v2/catalog
Exception occurred! ("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')],)",)

$ rpm -qa apb
apb-0.2.4-1.20170926162656.fc26.noarch

With the latest Docker image it's even worse:

$ sudo docker run --rm --privileged -v `pwd`:/mnt -v /home/slaskawi/.kube:/.kube -v /var/run/docker.sock:/var/run/docker.sock -u `id -u` docker.io/ansibleplaybookbundle/apb list --broker https://asb-1338-ansible-service-broker.127.0.0.1.nip.io --secure
ERROR: Failed broker request (get) https://asb-1338-ansible-service-broker.127.0.0.1.nip.io/v2/catalog
Exception occurred! HTTPSConnectionPool(host='asb-1338-ansible-service-broker.127.0.0.1.nip.io', port=443): Max retries exceeded with url: /v2/catalog (Caused by NewConnectionError('<requests.packages.urllib3.connection.VerifiedHTTPSConnection object at 0x2fcc9d0>: Failed to establish a new connection: [Errno 111] Connection refused',))

$ sudo docker images | grep ansibleplaybookbundle/apb
registry.hub.docker.com/ansibleplaybookbundle/apb-base                               latest              15a9c4faab0c        6 hours ago         645 MB
docker.io/ansibleplaybookbundle/apb                                                  latest              dbd62e0e79a2        7 days ago          705 MB

So it seems there is no --allow-untrusted (or similar) switch, which would allow using oc cluster up. And the second thing is that RPM and Docker image of APB are out of sync.

When Removing (deprovision) Role Binding I get

Deprovisioning service with Role Binding results in error:

fatal: [localhost]: FAILED! => {"changed": false, "error": 403, "failed": true, "msg": "Failed to retrieve requested object: User \"system:serviceaccount:myproject:apb-3e385e84-6a7a-4e2f-a344-4b81d0a838f2\" cannot get rolebindings in project \"myproject\""}

Full logs:

+ [[ deprovision --extra-vars {"_apb_plan_id":"caching-service","application_name":"caching-service-app","docker_image":"docker-registry.engineering.redhat.com/jboss-dataservices/datagrid-online-services","namespace":"myproject"} == *\s\2\i\/\a\s\s\e\m\b\l\e* ]]
--
  | + ACTION=deprovision
  | + shift
  | + playbooks=/opt/apb/actions
  | + CREDS=/var/tmp/bind-creds
  | + TEST_RESULT=/var/tmp/test-result
  | + whoami
  | + '[' -w /etc/passwd ']'
  | ++ id -u
  | + echo 'apb:x:1000060000:0:apb user:/opt/apb:/sbin/nologin'
  | + oc-login.sh
  | Attempting to login with a service account...
  | Logged into "https://kubernetes.default:443" as "system:serviceaccount:myproject:apb-3e385e84-6a7a-4e2f-a344-4b81d0a838f2" using the token provided.
  | You have one project on this server: "myproject"
  | Using project "myproject".
  | Welcome! See 'oc help' to get started.
  | + set +x
  | ls: cannot access /etc/apb-secrets: No such file or directory
  | + [[ -e /opt/apb/actions/deprovision.yaml ]]
  | + [[ -e /opt/apb/actions/deprovision.yml ]]
  | + ANSIBLE_ROLES_PATH=/etc/ansible/roles:/opt/ansible/roles
  | + ansible-playbook /opt/apb/actions/deprovision.yml --extra-vars '{"_apb_plan_id":"caching-service","application_name":"caching-service-app","docker_image":"docker-registry.engineering.redhat.com/jboss-dataservices/datagrid-online-services","namespace":"myproject"}'
  | PLAY [datagrid-online-services-apb playbook to deprovision the application] ****
  | TASK [ansible.kubernetes-modules : Install latest openshift client] ************
  | skipping: [localhost]
  | TASK [deprovision-datagrid-online-services-apb : Delete Service Account] *******
  | ok: [localhost]
  | TASK [deprovision-datagrid-online-services-apb : Delete Role Binding] **********
  | fatal: [localhost]: FAILED! => {"changed": false, "error": 403, "failed": true, "msg": "Failed to retrieve requested object: User \"system:serviceaccount:myproject:apb-3e385e84-6a7a-4e2f-a344-4b81d0a838f2\" cannot get rolebindings in project \"myproject\""}
  | to retry, use: --limit @/opt/apb/actions/deprovision.retry
  | PLAY RECAP *********************************************************************
  | localhost                  : ok=1    changed=0    unreachable=0    failed=1
  | + EXIT_CODE=2
  | + set +ex
  | + '[' -f /var/tmp/test-result ']'
  | + '[' -f /var/tmp/bind-creds ']'
  | + exit 2

Deprovision snippet:

- name: Delete Role Binding
  openshift_v1_role_binding:
    namespace: '{{ namespace }}'
    name: '{{ application_name }}'
    state: absent

Generate APB spec in yaml format within python instead of Jinja

The Jinja templating creates some unwanted whitespace within the spec file. In order to make this cleaner we want to generate the YAML within Python and write it out to a file so it looks cleaner. For an example of the unwanted whitespace see here: https://github.com/fusor/apb-examples/blob/master/hello-world-apb/apb.yml#L16

apb busted when run from rpm build

tito build --test --rpm -i will work but the resulting apb tool fails to run.

[jesusr@speed3 ansible-playbook-bundle{master}]$ apb init --help
Traceback (most recent call last):
  File "/usr/bin/apb", line 5, in <module>
    from pkg_resources import load_entry_point
  File "/usr/lib/python3.5/site-packages/pkg_resources/__init__.py", line 2958, in <module>
    @_call_aside
  File "/usr/lib/python3.5/site-packages/pkg_resources/__init__.py", line 2944, in _call_aside
    f(*args, **kwargs)
  File "/usr/lib/python3.5/site-packages/pkg_resources/__init__.py", line 2971, in _initialize_master_working_set
    working_set = WorkingSet._build_master()
  File "/usr/lib/python3.5/site-packages/pkg_resources/__init__.py", line 635, in _build_master
    ws.require(__requires__)
  File "/usr/lib/python3.5/site-packages/pkg_resources/__init__.py", line 943, in require
    needed = self.resolve(parse_requirements(requirements))
  File "/usr/lib/python3.5/site-packages/pkg_resources/__init__.py", line 829, in resolve
    raise DistributionNotFound(req, requirers)
pkg_resources.DistributionNotFound: The 'docker==2.2.1' distribution was not found and is required by apb

The problem is the src/requirements.txt lists docker==2.2.1 but there is no python-docker in Fedora 25. The apb.spec has the wrong Requires: docker, I thought we required DOCKER, but we need python-docker.

Fedora 25 has python-docker-py version 1.10.6.
Fedora 26 has python-docker-py version 1.10.6 and
python-docker version 2.2.1.

We need to be careful with willy nilly pulling in dependencies using pip without first checking to see if there is a packaged version for our target OSes: Fedora, CentOS, RHEL.

Remove organization from the image field in the apb.yml

Current behavior:
#apb.yml
image: ansibleplaybookbundle/my-apb
This means that the broker downloads the spec from an organization, but may actually download the image from an entirely different organization, leading to confusion.

Proposed:
#apb.yml
image: my-apb
ASB will assume the apb image is in the same repository and org where the spec was found.

Will require changes in:

ansible-service-broker - no longer use the org in a spec and use where it's hosted instead.
ansible-playbook-bundle - remove org from apb-init and build

Reasoning:

Stable - Allow a user to download an image, retag it, and then push it to a different org for either testing or production use without modifying and rebuilding. We want to test the built image as is without modifying it and introducing changes.
Less confusion - since a user may forget to change the org, they'd be testing the original image on a different org and may be confused why changes aren't reflected.
Reusable - we would want users and developers to be sharing images without forcing them to rebuild the image with changes before pushing to their own organization for use.

Add Basic Auth support for dev endpoints

We need a mechanism to allow the user to pass in user/pass when using tools such as 'apb list' and 'apb push' so that we don't need to disable basic_auth in the broker. Ideally this would try to use creds stored in kubeconfig.

apb remove results in broker relist failure

$ apb remove --id 6ea2ce9070dcf31e7a187ddac9971195
Relist failure: 'broker_name'
Successfully deleted APB

APB test should allow for a verbose option that will print out the logs for the pod

We should allow users to see the logs of the pod as it executes for the APB test method.

Create a lint command for both apb.yml as well as general APB files itself

Need ability to lint an apb.yml content, helps with verifying APBs in relation to partner APBs submitted.

In addition, would help to go through all ansible playbooks and sanity check

Dockerized apb-tool not able to perform push

Installing the apb CLI locally, via dnf (version 1.1.1.1), I am able to push to Openshift/ASB. But running into exactly this problem:
#180

However, when I am using the same cluster environment (I am using the run_latest_build.sh from the ASB), I am not able to perform a push, like:

docker run --rm --privileged -v $(PWD):/mnt:z -v $(HOME)/.kube:/.kube -v /var/run/docker.sock:/var/run/docker.sock -u $(USER) docker.io/ansibleplaybookbundle/apb-tools:latest push --openshift

This does actually result in this problem:

Successfully built a2950fdafd98
docker run --rm --privileged -v /home/Matthias/Work/Conferences/DevConf/kafka-apb:/mnt:z -v /home/Matthias/.kube:/.kube -v /var/run/docker.sock:/var/run/docker.sock -u 1000 docker.io/ansibleplaybookbundle/apb-tools:latest push --openshift
2017-12-19 17:12:26,836 WARNING Retrying (Retry(total=2, connect=None, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x3e7d510>: Failed to establish a new connection: [Errno 111] Connection refused',)': /oapi/v1/namespaces/ansible-service-broker/routes
2017-12-19 17:12:26,837 WARNING Retrying (Retry(total=1, connect=None, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x3e7d3d0>: Failed to establish a new connection: [Errno 111] Connection refused',)': /oapi/v1/namespaces/ansible-service-broker/routes
2017-12-19 17:12:26,837 WARNING Retrying (Retry(total=0, connect=None, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x3e7d110>: Failed to establish a new connection: [Errno 111] Connection refused',)': /oapi/v1/namespaces/ansible-service-broker/routes
2017-12-19 17:12:26,907 WARNING Retrying (Retry(total=2, connect=None, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x3e6eed0>: Failed to establish a new connection: [Errno 111] Connection refused',)': /api/v1/namespaces/default/services/docker-registry
2017-12-19 17:12:26,908 WARNING Retrying (Retry(total=1, connect=None, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x3e6e890>: Failed to establish a new connection: [Errno 111] Connection refused',)': /api/v1/namespaces/default/services/docker-registry
2017-12-19 17:12:26,908 WARNING Retrying (Retry(total=0, connect=None, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x3e6e750>: Failed to establish a new connection: [Errno 111] Connection refused',)': /api/v1/namespaces/default/services/docker-registry
version: 1.0
name: kafka-apb
description: APB for Apache Kafka and Apache Zookeeper
bindable: False
async: optional
metadata:
  displayName: Apache Kafka Cluster
  imageUrl: "https://svn.apache.org/repos/asf/kafka/site/logos/kafka-logo-no-text.png"
  documentationUrl: "http://kafka.apache.org/documentation"
  providerDisplayName: "Matthias Wessendorf"
plans:
  - name: default
    description: This default plan deploys kafka-apb
    free: True
    metadata: {}
    parameters: []
Exception occurred! HTTPSConnectionPool(host='127.0.0.1', port=8443): Max retries exceeded with url: /api/v1/namespaces/default/services/docker-registry (Caused by NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x3e7b490>: Failed to establish a new connection: [Errno 111] Connection refused',))
make: *** [Makefile:20: apb_push] Error 1

I have a make file that basically embeds the apb push --openshift1

Update design with working no parameter update

We created a placeholder for an example APB with no parameters in #19. We should update this example when we get a working APB with no parameters.

wrap apb tool in docker image

Wonder if creating an apb docker image would be a good way to go here?
Setting up python and the virtural env took a while for different reasons. Where as being able to do docker run fusor/apb init org/image might provide a better option for those not familiar with python ?

Build fails with : in the description

With few examples apb build fails due yaml file parsing error as there is : in the description field and fields are not wrapped in semacomma

[root@ip-172-18-10-234 rds-mysql-apb]# apb build                                                                                                                                                                                                                                          
ERROR: Failed to load spec!
Exception occurred! mapping values are not allowed here
  in "<string>", line 62, column 80:
     ...  database engine to use. (values: "UTC", "US/Pacific", "US/Easte ...

  - MysqlServerTimezone:
      default: UTC
      type: string
      description: The default timezone for the database engine to use. (values: "UTC", "US/Pacific", "US/Eastern", etc.)
      title: MySQL Server Timezone

  - MysqlServerTimezone:
      default: UTC
      type: string
      description: 'The default timezone for the database engine to use. (values: "UTC", "US/Pacific", "US/Eastern", etc.)'
      title: MySQL Server Timezone

Unable to authenticate when a user does not have a token

When the logged in user does not have a token we are throwing an error even if they input basic auth parameters.

Could not find route to ansible-service-broker

Hello,

I've started the Openshift Origin (upstream) 3.6.0 release, like:

oc cluster up --metrics --service-catalog=true

Now I want to run an APB, located here: https://github.com/feedhenry/3scale-apb

On its master branch, I did:

make DOCKERORG="matzew" 
apb bootstrap

our Makefile went well, and some image got pushed to my docker-hub account, however, on the apb boostrap, I am getting the following error:

Exception occurred! Could not find route to ansible-service-broker. Use --broker or log into the cluster using "oc login"

Any ideas ?

BTW. I am on this version:

apb-0.2.4-1.20171004141547.fc26.noarch

Ensure that apb.yml is packaged with a built APB Image

Goal is to ensure that all APB related files are present inside of an APB.

We want to be sure a user is able to pull down an APB, use it/modify, update parameters, and rebuild.

Assume we need to keep the apb.yml present in the image to make it easier to update.
At a minimal this helps to make it easier to see what the APB is exposing.

The apb.yml created by 'apb init' is invalid yaml

1. Run 'apb init' 
(apb) [root@dhcp-140-98 dma]# apb init my_apb -p name=my_apb_param,type=string,default=foo_param,description="sample description" --async=optional --bindable --org my_organization
Initializing /tmp/dma/my_apb for an APB.
Generating playbook files
Successfully initialized project directory at: /tmp/dma/my_apb
Please run *apb prepare* inside of this directory after editing files.
2. Check apb.yml 
(apb) [root@dhcp-140-98 dma]# cat my_apb/apb.yml 
id: b30a594e-94a8-4c6b-b4ca-29b9d465db55
name: my_apb
image: my_organization/my_apb
description: This is a sample application generated by apb init
bindable: True
async: optional
parameters: 
- name: my_apb_param
    description: sample description
    type: string
    default: foo_param

Result: my_apb/apb.yml is invalid yaml format

Can not create RoleBinding object - "not found" error

I'm trying to create a Role Binding object linked to my Service Account. Here's an example from my template.

When I try to create the following objects:

- name: Create Service Account
  k8s_v1_service_account:
    name: '{{ application_name }}'
    namespace: '{{ namespace }}'

- name: Create Role Binding
  openshift_v1_role_binding:
    namespace: '{{ namespace }}'
    name: '{{ application_name }}'
    user_names:
      - system:serviceaccount:{{ namespace }}:{{ application_name }}
    role_ref_name: "view"
    subjects:
    - kind: ServiceAccount
      name: '{{ application_name }}'
      namespace: '{{ namespace }}'

I get the following error:

$ oc run apb-test --image=jboss-dataservices/datagrid-online-services-dev --restart=Never --attach=true -- provision -vvvvv -e namespace=myproject
If you don't see a command prompt, try pressing enter.
+ [[ provision -vvvvv -e namespace=myproject == *\s\2\i\/\a\s\s\e\m\b\l\e* ]]
+ ACTION=provision
+ shift
+ playbooks=/opt/apb/actions
+ CREDS=/var/tmp/bind-creds
+ TEST_RESULT=/var/tmp/test-result
+ whoami
+ '[' -w /etc/passwd ']'
++ id -u
+ echo 'apb:x:1000060000:0:apb user:/opt/apb:/sbin/nologin'
+ oc-login.sh
Attempting to login with a service account...
Logged into "https://kubernetes.default:443" as "system:serviceaccount:myproject:default" using the token provided.
You have one project on this server: "myproject"
Using project "myproject".
Welcome! See 'oc help' to get started.
+ set +x
ls: cannot access /etc/apb-secrets: No such file or directory
+ [[ -e /opt/apb/actions/provision.yaml ]]
+ [[ -e /opt/apb/actions/provision.yml ]]
+ ANSIBLE_ROLES_PATH=/etc/ansible/roles:/opt/ansible/roles
+ ansible-playbook /opt/apb/actions/provision.yml -vvvvv -e namespace=myproject
Using /etc/ansible/ansible.cfg as config file
 [WARNING]: provided hosts list is empty, only localhost is available
Loading callback plugin default of type stdout, v2.0 from /usr/lib/python2.7/site-packages/ansible/plugins/callback/__init__.pyc
PLAYBOOK: provision.yml ********************************************************
1 plays in /opt/apb/actions/provision.yml
PLAY [datagrid-online-services-apb playbook to provision the application] ******
META: ran handlers
TASK [ansible.kubernetes-modules : Install latest openshift client] ************
task path: /etc/ansible/roles/ansible.kubernetes-modules/tasks/main.yml:4
skipping: [localhost] => {
    "changed": false, 
    "skip_reason": "Conditional result was False", 
    "skipped": true
}
TASK [ansibleplaybookbundle.asb-modules : debug] *******************************
task path: /etc/ansible/roles/ansibleplaybookbundle.asb-modules/tasks/main.yml:2
ok: [localhost] => {
    "msg": "Ansible Service Broker modules loaded"
}
TASK [provision-datagrid-online-services-apb : Create Role Binding] ************
task path: /opt/ansible/roles/provision-datagrid-online-services-apb/tasks/main.yml:10
Using module file /etc/ansible/roles/ansible.kubernetes-modules/library/openshift_v1_role_binding.py
<127.0.0.1> ESTABLISH LOCAL CONNECTION FOR USER: apb
<127.0.0.1> EXEC /bin/sh -c 'echo ~ && sleep 0'
<127.0.0.1> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /opt/apb/.ansible/tmp/ansible-tmp-1506330119.75-68815943302 `" && echo ansible-tmp-1506330119.75-68815943302="` echo /opt/apb/.ansible/tmp/ansible-tmp-1506330119.75-68815943302 `" ) && sleep 0'
<127.0.0.1> PUT /tmp/tmpOzsbzI TO /opt/apb/.ansible/tmp/ansible-tmp-1506330119.75-68815943302/openshift_v1_role_binding.py
<127.0.0.1> EXEC /bin/sh -c 'chmod u+x /opt/apb/.ansible/tmp/ansible-tmp-1506330119.75-68815943302/ /opt/apb/.ansible/tmp/ansible-tmp-1506330119.75-68815943302/openshift_v1_role_binding.py && sleep 0'
<127.0.0.1> EXEC /bin/sh -c '/usr/bin/python2 /opt/apb/.ansible/tmp/ansible-tmp-1506330119.75-68815943302/openshift_v1_role_binding.py; rm -rf "/opt/apb/.ansible/tmp/ansible-tmp-1506330119.75-68815943302/" > /dev/null 2>&1 && sleep 0'
fatal: [localhost]: FAILED! => {
    "changed": false, 
    "error": 404, 
    "failed": true, 
    "invocation": {
        "module_args": {
            "annotations": null, 
            "api_key": null, 
            "cert_file": null, 
            "context": null, 
            "debug": false, 
            "force": false, 
            "group_names": null, 
            "host": null, 
            "key_file": null, 
            "kubeconfig": null, 
            "labels": null, 
            "name": "caching-service", 
            "namespace": "myproject", 
            "password": null, 
            "resource_definition": null, 
            "role_ref_api_version": null, 
            "role_ref_field_path": null, 
            "role_ref_kind": null, 
            "role_ref_name": "caching-service", 
            "role_ref_namespace": "myproject", 
            "role_ref_resource_version": null, 
            "role_ref_uid": null, 
            "src": null, 
            "ssl_ca_cert": null, 
            "state": "present", 
            "subjects": [
                {
                    "kind": "ServiceAccount", 
                    "name": "caching-service", 
                    "namespace": "myproject"
                }
            ], 
            "user_names": [
                "system:serviceaccount:myproject:caching-service"
            ], 
            "username": null, 
            "verify_ssl": null
        }
    }, 
    "msg": "Failed to create object: role.authorization.openshift.io \"caching-service\" not found"
}
	to retry, use: --limit @/opt/apb/actions/provision.retry

This might be connected to #119 but I'm not sure.

Unhelpful error message when using "apb push --broker-name <name>" before "oc login"

When I attempt an apb push using the broker-name option before I've authenticated with "oc login", I get an error message that doesn't indicate the problem.

$ apb push --broker-name aws-service-broker
Exception occurred! unsupported operand type(s) for +: 'NoneType' and 'str'

$ oc login
Authentication required for https://172.17.0.1:8443 (openshift)
Username: admin
Password: 
Login successful.

$ apb push --broker-name aws-service-broker
Successfully added APB to Ansible Service Broker
Successfully relisted the Service Catalog

Support for binding schemas.

Is there a way currently with apbs to specify a bind creation parameters schema as per the spec
https://github.com/openservicebrokerapi/servicebroker/blob/v2.13/spec.md#input-parameters-object

If not is there a plan to allow this kind of schema to be specified as part of an apb? As our requirements around binding increase, we want to be able to specify a set of parameters that can be passed at binding time.

Generated Dockerfile FROM is wrong.

It should be:
ansibleplaybookbundle/apb-base

but is actually:
apb/apb-base

Multi-line strings in apb.yml get corrupted during prepare

When the apb.yml spec file has a multi-line string, e.g....

metadata:
  documentationUrl: https://access.redhat.com
  imageUrl: ansibleplaybookbundle/mongodb-apb
  dependencies: []
  displayName: MongoDB-Persistent (APB)
  longDescription: |-
    This template provides a standalone MongoDB server with a database
    created. The database is stored on persistent storage.  The database
    name, username, and password are chosen via parameters when provisioning
    this service.

...running apb prepare corrupts the file so it's no longer valid yaml, e.g.

metadata:
  documentationUrl: https://access.redhat.com
  imageUrl: ansibleplaybookbundle/mongodb-apb
  dependencies: []
  displayName: MongoDB-Persistent (APB)
  longDescription: This template provides a standalone MongoDB server with a database
created. The database is stored on persistent storage.  The database
name, username, and password are chosen via parameters when provisioning
this service.

It's unexpected to have the apb.yml file change when running prepare. I made edits to it that are intentional. I understand this can be disabled with --skip-spec-update opt but why do we do it?

Got "Exception occurred! 'verifY'" when try to remove apb from ansible-service-broker

➜  my_apb git:(master) ✗ apb remove --all --broker http://localhost:1338
Exception occurred! 'verifY'

Unable to "apb push -o" using local openshift registry

When I do a "apb push -o" I am seeing "Execption occurred! 'authorization". It is unclear to me what is the authorization error and how to fix it. I have setup the ansible service broker to use the local openstack registry. Please see config file and details below.

[vagrant@localhost mariadb-apb]$ apb push -o
version: 1.0
id: 5a9eb5f8-cbde-4e62-a30a-9fa30006fc9a
name: tripleo-k8s-mariadb
image: tripleo/tripleo-k8s-mariadb
description: This is a sample application generated by apb init
bindable: True
async: optional
metadata:
displayName: tripleo-k8s-mariadb
plans:

name: tripleo-k8s-mariadb
description: This plan deploys mariadb on k8s
free: True
metadata: {}
parameters: []

Found registry IP at: 172.30.1.1:5000
Building image with the tag: 172.30.1.1:5000/openshift/tripleo-k8s-mariadb
Exception occurred! 'authorization'

The openshift environment was brought up using
ORIGIN_VERSION=v3.7.0 ./run_latest_build.sh

[vagrant@localhost mariadb-apb]$ oc status
In project ansible-service-broker on server https://127.0.0.1:8443

https://asb-1338-ansible-service-broker.172.17.0.1.nip.io (reencrypt) to pod port port-1338 (svc/asb)
dc/asb deploys docker.io/ansibleplaybookbundle/origin-ansible-service-broker:latest
deployment #1 deployed about an hour ago - 1 pod

svc/asb-etcd - 172.30.134.117:2379
dc/asb-etcd deploys quay.io/coreos/etcd:latest
deployment #1 deployed about an hour ago - 1 pod

1 warning identified, use 'oc status -v' to see details.

[vagrant@localhost mariadb-apb]$ oc version
oc v3.7.0+7ed6862
kubernetes v1.7.6+a08f5eeb62
features: Basic-Auth GSSAPI Kerberos SPNEGO

Server https://127.0.0.1:8443
openshift v3.7.0+7ed6862
kubernetes v1.7.6+a08f5eeb62

[vagrant@localhost ansible-service-broker]$ cat /etc/ansible-service-broker/config.yaml
broker:
devbroker: true
registry:

type: local_openshift
name: lo
namespaces:
- openshift
  white_list:
- ".*-apb$"

need unit tests

Need to add nose unit tests.

Investigate improving how variables are declared for an APB as well as default values are specified.

See the below email from @aweiteka

https://www.redhat.com/archives/ansible-service-broker/2017-August/msg00012.html

Dockerfile created during apb init uses named user

I'm referring to the line:

USER apb

See the section on "Named user vs numeric user ID" in [1] for more information on why this is dangerous.

[1] http://blog.dscpl.com.au/2015/12/random-user-ids-when-running-docker.html

Ensure that the user has access to ASB and ClusterServiceBroker

When a user is logged into the cluster we will use that user. We should make sure that the user has access to the required resources before trying to use that user.

Repurpose ansible-playbook-bundle repo as only an apb config rendering tool

The ansible-playbook-bundle repo has a bunch of extra files in it that have nothing to do with rendering APB Dockerfiles with the encoded config data. I think we should clean up this repo so that it only focuses on being a helpful tool for rendering APBs.

apb build: 'module' object has no attribute 'DockerClient'

When run apb build, I get an error, anyone could help what's wrong with my env? thanks.

# apb build docker.io/deshuai/hello-apb
Building APB using tag: [docker.io/deshuai/hello-apb]
Finished writing dockerfile.
Exception occurred! 'module' object has no attribute 'DockerClient'
# pip list|grep docker
docker (2.3.0)
docker-py (1.10.6)
docker-pycreds (0.2.1)

Improve error messaging and timeout messages

A lot of issues are popping up with regards to the apb tool connecting to the broker or the cluster. I think we need to improve on our error messaging to help identify common issues. Additionally, I think adding good docs and a series of tests to the apb tool will also help improve its durability.

apb push assumes that broker uses SSL

This is not always true (see here). In case of using http it returns the following warnings:

$ apb push --broker http://172.30.109.101:1338

2017-09-21 08:52:57,662 WARNING Retrying (Retry(total=2, connect=None, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x3cbcb10>: Failed to establish a new connection: [Errno 111] Connection refused',)': /api/v1/namespaces/service-catalog/pods
2017-09-21 08:52:57,662 WARNING Retrying (Retry(total=1, connect=None, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x3cbc590>: Failed to establish a new connection: [Errno 111] Connection refused',)': /api/v1/namespaces/service-catalog/pods
2017-09-21 08:52:57,662 WARNING Retrying (Retry(total=0, connect=None, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x3cbc3d0>: Failed to establish a new connection: [Errno 111] Connection refused',)': /api/v1/namespaces/service-catalog/pods
Successfully added APB to Ansible Service Broker

Note that the operation is successful (apart from warnings reported).

support license field in abp.yaml file

It would be nice if the apb.yaml would support (and being valid) a license: field, so that one could do:

version: 1.0
license: Apache 2.0
name: my-cool-apb
...

Creating a Service Account fails

When I try to create a Service Account using the following snippet:

- name: Create Service Account
  k8s_v1_service_account:
    name: '{{ application_name }}'
    namespace: '{{ namespace }}'

I get an error:

$ oc run apb-test --image=jboss-dataservices/datagrid-online-services-dev --restart=Never --attach=true -- provision -vvvvv -e namespace=myproject
If you don't see a command prompt, try pressing enter.
+ [[ provision -vvvvv -e namespace=myproject == *\s\2\i\/\a\s\s\e\m\b\l\e* ]]
+ ACTION=provision
+ shift
+ playbooks=/opt/apb/actions
+ CREDS=/var/tmp/bind-creds
+ TEST_RESULT=/var/tmp/test-result
+ whoami
+ '[' -w /etc/passwd ']'
++ id -u
+ echo 'apb:x:1000060000:0:apb user:/opt/apb:/sbin/nologin'
+ oc-login.sh
Attempting to login with a service account...
Logged into "https://kubernetes.default:443" as "system:serviceaccount:myproject:default" using the token provided.
You have one project on this server: "myproject"
+ set +x
Using project "myproject".
Welcome! See 'oc help' to get started.
ls: cannot access /etc/apb-secrets: No such file or directory
+ [[ -e /opt/apb/actions/provision.yaml ]]
+ [[ -e /opt/apb/actions/provision.yml ]]
+ ANSIBLE_ROLES_PATH=/etc/ansible/roles:/opt/ansible/roles
+ ansible-playbook /opt/apb/actions/provision.yml -vvvvv -e namespace=myproject
Using /etc/ansible/ansible.cfg as config file
Loading callback plugin default of type stdout, v2.0 from /usr/lib/python2.7/site-packages/ansible/plugins/callback/__init__.pyc
 [WARNING]: provided hosts list is empty, only localhost is available
PLAYBOOK: provision.yml ********************************************************
1 plays in /opt/apb/actions/provision.yml
PLAY [datagrid-online-services-apb playbook to provision the application] ******
META: ran handlers
TASK [ansible.kubernetes-modules : Install latest openshift client] ************
task path: /etc/ansible/roles/ansible.kubernetes-modules/tasks/main.yml:4
skipping: [localhost] => {
    "changed": false, 
    "skip_reason": "Conditional result was False", 
    "skipped": true
}
TASK [ansibleplaybookbundle.asb-modules : debug] *******************************
task path: /etc/ansible/roles/ansibleplaybookbundle.asb-modules/tasks/main.yml:2
ok: [localhost] => {
    "msg": "Ansible Service Broker modules loaded"
}
TASK [provision-datagrid-online-services-apb : Create Service Account] *********
task path: /opt/ansible/roles/provision-datagrid-online-services-apb/tasks/main.yml:4
Using module file /etc/ansible/roles/ansible.kubernetes-modules/library/k8s_v1_service_account.py
<127.0.0.1> ESTABLISH LOCAL CONNECTION FOR USER: apb
<127.0.0.1> EXEC /bin/sh -c 'echo ~ && sleep 0'
<127.0.0.1> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /opt/apb/.ansible/tmp/ansible-tmp-1506327197.18-130421672005838 `" && echo ansible-tmp-1506327197.18-130421672005838="` echo /opt/apb/.ansible/tmp/ansible-tmp-1506327197.18-130421672005838 `" ) && sleep 0'
<127.0.0.1> PUT /tmp/tmpkaWZWz TO /opt/apb/.ansible/tmp/ansible-tmp-1506327197.18-130421672005838/k8s_v1_service_account.py
<127.0.0.1> EXEC /bin/sh -c 'chmod u+x /opt/apb/.ansible/tmp/ansible-tmp-1506327197.18-130421672005838/ /opt/apb/.ansible/tmp/ansible-tmp-1506327197.18-130421672005838/k8s_v1_service_account.py && sleep 0'
<127.0.0.1> EXEC /bin/sh -c '/usr/bin/python2 /opt/apb/.ansible/tmp/ansible-tmp-1506327197.18-130421672005838/k8s_v1_service_account.py; rm -rf "/opt/apb/.ansible/tmp/ansible-tmp-1506327197.18-130421672005838/" > /dev/null 2>&1 && sleep 0'
The full traceback is:
Traceback (most recent call last):
  File "/tmp/ansible_EeOs1k/ansible_module_k8s_v1_service_account.py", line 370, in <module>
    main()
  File "/tmp/ansible_EeOs1k/ansible_module_k8s_v1_service_account.py", line 364, in main
    module.execute_module()
  File "/tmp/ansible_EeOs1k/ansible_modlib.zip/ansible/module_utils/k8s_common.py", line 199, in execute_module
  File "/tmp/ansible_EeOs1k/ansible_modlib.zip/ansible/module_utils/k8s_common.py", line 251, in _create
  File "/usr/lib/python2.7/site-packages/openshift/helper/base.py", line 242, in create_object
    return_obj = self._wait_for_response(name, namespace, 'create')
  File "/usr/lib/python2.7/site-packages/openshift/helper/base.py", line 493, in _wait_for_response
    elif obj and obj.status and hasattr(obj.status, 'phase'):
AttributeError: 'V1ServiceAccount' object has no attribute 'status'
fatal: [localhost]: FAILED! => {
    "changed": false, 
    "failed": true, 
    "module_stderr": "Traceback (most recent call last):\n  File \"/tmp/ansible_EeOs1k/ansible_module_k8s_v1_service_account.py\", line 370, in <module>\n    main()\n  File \"/tmp/ansible_EeOs1k/ansible_module_k8s_v1_service_account.py\", line 364, in main\n    module.execute_module()\n  File \"/tmp/ansible_EeOs1k/ansible_modlib.zip/ansible/module_utils/k8s_common.py\", line 199, in execute_module\n  File \"/tmp/ansible_EeOs1k/ansible_modlib.zip/ansible/module_utils/k8s_common.py\", line 251, in _create\n  File \"/usr/lib/python2.7/site-packages/openshift/helper/base.py\", line 242, in create_object\n    return_obj = self._wait_for_response(name, namespace, 'create')\n  File \"/usr/lib/python2.7/site-packages/openshift/helper/base.py\", line 493, in _wait_for_response\n    elif obj and obj.status and hasattr(obj.status, 'phase'):\nAttributeError: 'V1ServiceAccount' object has no attribute 'status'\n", 
    "module_stdout": "", 
    "msg": "MODULE FAILURE", 
    "rc": 0
}
	to retry, use: --limit @/opt/apb/actions/provision.retry

PLAY RECAP *********************************************************************
localhost                  : ok=1    changed=0    unreachable=0    failed=1   

+ EXIT_CODE=2
+ set +ex
+ '[' -f /var/tmp/test-result ']'
+ '[' -f /var/tmp/bind-creds ']'
+ exit 2
pod myproject/apb-test terminated (Error)
make: *** [Makefile:146: test-apb-provision] Error 2

The fun part is that the SA has actually been created:

$ oc get sa                                                                                                                                                                    
NAME              SECRETS   AGE
builder           2         3m
caching-service   2         2m
default           2         3m
deployer          2         3m

Role Binding uses name as an alias for role_ref_name

The documentation states that name is an alias for role_ref_name (here's a link). This is simply wrong. It is possible to have a Role Binding with different RoleRefName and Name:

apiVersion: v1
groupNames: null
kind: RoleBinding
metadata:
  creationTimestamp: 2017-09-25T08:35:15Z
  labels:
    template: jdg-caching-service
# Name = infinispan-app-view
  name: infinispan-app-view
  namespace: myproject
  resourceVersion: "1989"
  selfLink: /oapi/v1/namespaces/myproject/rolebindings/infinispan-app-view
  uid: 7425976b-a1cc-11e7-b3a4-54ee751d46e3
roleRef:
# Role Ref Name = view
  name: view
subjects:
- kind: ServiceAccount
  name: infinispan-app
  namespace: myproject
userNames:
- system:serviceaccount:myproject:infinispan-app

Make a developer APB to help develop the broker & catalog

It would be nice to create an APB that could be used by developers working on the broker & catalog. The apb would be very simple and can perform [provision, deprovision, bind, unbind] in a flexible and debuggable manner. It would also serve as an example template for array of APBs. A perfect example of this is an apb that has a pinch of every feature we're adding into an apb, but as all hard coded values. The hello-world-apb currently is useful in that it's simple, but it doesn't have bind.

apb init got "Exception occurred! 'str object' has no attribute 'keys'"

apb init my_apb -p name=my_apb_param,type=string,default=foo_param,description="sample description" --async=optional --bindable --org my_organization
Initializing /home/wjiang/git/ansible-playbook-bundle/my_apb for an APB.
Exception occurred! 'str object' has no attribute 'keys'

Version:
apb (0.2.0)

>>> template.render(apb_dict=apb_dict, params=params)
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/lib/python2.7/site-packages/jinja2/environment.py", line 969, in render
    return self.environment.handle_exception(exc_info, True)
  File "/usr/lib/python2.7/site-packages/jinja2/environment.py", line 742, in handle_exception
    reraise(exc_type, exc_value, tb)
  File "/usr/lib/python2.7/site-packages/apb/dat/apb.yml.j2", line 14, in top-level template code
    {% for pair in param.values()[0].keys() -%}{{ pair }}: {{ param[param.keys()[0]][pair] }}
jinja2.exceptions.UndefinedError: 'str object' has no attribute 'keys'

apb list fails with a local broker

After setting up the broker locally apb list fails because it uses the etcd route to try and contact the broker.

[rhallisey@rhev-i16c-04 test-apb]$ apb list
url = https://asb-etcd-ansible-service-broker.172.17.0.1.nip.io/ansible-service-broker/v2/catalog
Error: Attempt to list APBs in the broker returned status: 503
Unable to list APBs in Ansible Service Broker.

Hardcoding cluster resources names prevents new service creation in the same namespace

- name: set development deployment config state to {{ state }}
  openshift_v1_deployment_config:
    name: postgresql
    namespace: '{{ namespace }}'
    labels:
      app: rhscl-postgresql-apb
      service: postgresql
...

The deployment config name is hardcoded to postgresql. If I run a second postgresql apb in the same namespace then nothing will happen because the resources will already exist. This is the case for all our apbs.

apb install failed with pip install

[root@host-8-241-60 pip-1.5.4]# python --version
Python 2.7.5
 
[root@host-8-241-60 pip-1.5.4]# pip --version
pip 1.5.4 from /usr/lib/python2.7/site-packages/pip-1.5.4-py2.7.egg (python 2.7)
 
[root@host-8-241-60 pip-1.5.4]# pip install apb
Downloading/unpacking apb
  Downloading apb-0.2.2.tar.gz
  Running setup.py (path:/tmp/pip_build_root/apb/setup.py) egg_info for package apb
   
    warning: no files found matching '*.txt'
    warning: no files found matching '*.txt' under directory 'docs'
Requirement already satisfied (use --upgrade to upgrade): PyYAML>=3.10,<4.0 in /usr/lib64/python2.7/site-packages (from apb)
Downloading/unpacking docker>=2.1.0,<3.0.0 (from apb)
  Downloading docker-2.5.1-py2.py3-none-any.whl (111kB): 111kB downloaded
Downloading/unpacking openshift>=0.0.1 (from apb)
  Downloading openshift-0.0.1-py2.py3-none-any.whl (1.6MB): 1.6MB downloaded
Cleaning up...
Exception:
Traceback (most recent call last):
  File "/usr/lib/python2.7/site-packages/pip-1.5.4-py2.7.egg/pip/basecommand.py", line 122, in main
    status = self.run(options, args)
  File "/usr/lib/python2.7/site-packages/pip-1.5.4-py2.7.egg/pip/commands/install.py", line 278, in run
    requirement_set.prepare_files(finder, force_root_egg_info=self.bundle, bundle=self.bundle)
  File "/usr/lib/python2.7/site-packages/pip-1.5.4-py2.7.egg/pip/req.py", line 1265, in prepare_files
    req_to_install.extras):
  File "/usr/lib/python2.7/site-packages/pip-1.5.4-py2.7.egg/pip/_vendor/pkg_resources.py", line 2232, in requires
    dm = self._dep_map
  File "/usr/lib/python2.7/site-packages/pip-1.5.4-py2.7.egg/pip/_vendor/pkg_resources.py", line 2423, in _dep_map
    self.__dep_map = self._compute_dependencies()
  File "/usr/lib/python2.7/site-packages/pip-1.5.4-py2.7.egg/pip/_vendor/pkg_resources.py", line 2447, in _compute_dependencies
    parsed = next(parse_requirements(distvers))
  File "/usr/lib/python2.7/site-packages/pip-1.5.4-py2.7.egg/pip/_vendor/pkg_resources.py", line 45, in <lambda>
    next = lambda o: o.next()
  File "/usr/lib/python2.7/site-packages/pip-1.5.4-py2.7.egg/pip/_vendor/pkg_resources.py", line 2544, in parse_requirements
    line, p, specs = scan_list(VERSION,LINE_END,line,p,(1,2),"version spec")
  File "/usr/lib/python2.7/site-packages/pip-1.5.4-py2.7.egg/pip/_vendor/pkg_resources.py", line 2512, in scan_list
    raise ValueError("Expected "+item_name+" in",line,"at",line[p:])
ValueError: ('Expected version spec in', 'kubernetes ~=1.0.1', 'at', ' ~=1.0.1')
 
Storing debug log for failure in /root/.pip/pip.log

missing docker.io/ansibleplaybookbundle/apb

docker pull docker.io/ansibleplaybookbundle/apb results with:

Using default tag: latest Trying to pull repository docker.io/ansibleplaybookbundle/apb ... repository docker.io/ansibleplaybookbundle/apb not found: does not exist or no pull access

apb install failed with pip install

Test for card: https://trello.com/c/8qsYQRsB/

# python --version
Python 2.7.13

# pip install apb
Collecting apb
  Downloading apb-0.1.0.tar.gz
    Complete output from command python setup.py egg_info:
    Traceback (most recent call last):
      File "<string>", line 1, in <module>
      File "/tmp/pip-build-bblqZ1/apb/setup.py", line 5, in <module>
        reqs = [str(ir.req) for ir in install_reqs]
      File "/usr/lib/python2.7/site-packages/pip/req/req_file.py", line 84, in parse_requirements
        filename, comes_from=comes_from, session=session
      File "/usr/lib/python2.7/site-packages/pip/download.py", line 425, in get_file_content
        'Could not open requirements file: %s' % str(exc)
    pip.exceptions.InstallationError: Could not open requirements file: [Errno 2] No such file or directory: 'src/requirements.txt'
    
    ----------------------------------------
Command "python setup.py egg_info" failed with error code 1 in /tmp/pip-build-bblqZ1/apb/

system: fedora24

'apb push' restarts controller-manager pod, but it does not refresh the updated APB

When doing and 'apb push' the controller-manager pod is killed and restarted. However, it does not refresh the APB (which was just pushed).

When the pod is manually kill and restarted via the webui, the new APB updates can be visible.

apb does not appear in "apb list" after "apb push -o"

My environment was setup using this guide: https://github.com/openshift/ansible-service-broker#getting-started-with-the-ansible-service-broker

[root@localhost my-test-apb]# oc status
oc v3.7.0+7ed6862
kubernetes v1.7.6+a08f5eeb62
features: Basic-Auth GSSAPI Kerberos SPNEGO

Server https://172.17.0.1.nip.io:8443
openshift v3.7.0+7ed6862
kubernetes v1.7.6+a08f5eeb62

I went through the steps under "Using apb init" in https://github.com/ansibleplaybookbundle/ansible-playbook-bundle/blob/master/docs/getting_started.md. But "apb list" doesn't show dh-my-test-apb. Only the default apbs.

[root@localhost my-test-apb]# apb push -o
version: 1.0
name: my-test-apb
description: This is a sample application generated by apb init
bindable: False
async: optional
metadata:
  displayName: my-test
plans:
  - name: default
    description: This default plan deploys my-test-apb
    free: True
    metadata: {}
    parameters: []
Found registry IP at: 172.30.1.1:5000
Building image with the tag: 172.30.1.1:5000/openshift/my-test-apb
Successfully pushed image: 172.30.1.1:5000/openshift/my-test-apb
https://asb-1338-ansible-service-broker.172.17.0.1.nip.io/ansible-service-broker
Successfully bootstrapped Ansible Service Broker
Successfully relisted the Service Catalog
[root@localhost my-test-apb]# apb list
ID                                NAME                   DESCRIPTION                                                                                                                                                                
ca91b61da8476984f18fc13883ae2fdb  dh-etherpad-apb        Note taking web application                                                                                                                                                
ab24ffd54da0aefdea5277e0edce8425  dh-hastebin-apb        This is a sample application generated by apb init                                                                                                                         
9f7da06f179b895a8ee5f9a3ce4af7ef  dh-hello-world-apb     deploys hello-world web application                                                                                                                                        
b43a4272a6efcaaa3e0b9616324f1099  dh-hello-world-db-apb  A sample APB which deploys Hello World Database                                                                                                                            
f4509733ca0636df3d69b6af53260160  dh-jenkins-apb         Jenkins service with optional persistent storage and S2I build                                                                                                             
6df7afbd132c094704b4a8bfd44378c0  dh-manageiq-apb        ManageIQ                                                                                                                                                                   
67042296c7c95e84142f21f58da2ebfe  dh-mariadb-apb         Mariadb apb implementation                                                                                                                                                 
f6c4486b7fb0cdac4b58e193607f7011  dh-mediawiki-apb       Mediawiki apb implementation                                                                                                                                               
ddd528762894b277001df310a126d5ad  dh-mysql-apb           Software Collections MySQL APB                                                                                                                                             
135bd0df0401e2fdd52fd136935014fb  dh-nginx-apb           An open source reverse proxy web server                                                                                                                                    
1dda1477cace09730bd8ed7a6505607e  dh-postgresql-apb      SCL PostgreSQL apb implementation                                                                                                                                          
0e991006d21029e47abe71acc255e807  dh-pyzip-demo-apb      Python Zip Demo APB Implementation                                                                                                                                         
693cb128e68365830c913631300deac0  dh-pyzip-demo-db-apb   Python Zip Demo Database APB Implementation                                                                                                                                
c65fbd4e701cb71d74fd2cc35e14432b  dh-rds-postgres-apb    Managed relational database service with a choice of six popular database engines.  Set up, operate, and scale a relational database in the cloud with just a few clicks.  
ba9c2d4db404ce97111bea80225de968  dh-rocketchat-apb      This APB deploys RocketChat backed by MongoDB                                                                                                                              
eebf92c7670f30007a4b8db3a8166d5c  dh-thelounge-apb       This is a sample application generated by apb init                                                                                                                         
a946a139a9308a59bf642ac52b4ba317  dh-wordpress-ha-apb    High Availability Wordpress APB

push to openshift-ansible-service-broker fails

Have 3.6 setup and Serivce broker deployed.
created example apb as per example https://github.com/fusor/ansible-playbook-bundle/blob/master/docs/getting_started.md
trying to push to asb :
apb push --broker http://asb-1338-openshift-ansible-service-broker.apps.192.168.20.187.xip.io

and getting:

[mjudeiki@redhat test-apb]$ apb push --broker asb-1338-openshift-ansible-service-apb push --broker asb-1338-openshift-ansible-service-broker.apps.192.168.20.187.xip.io 
Error: Attempt to add APB to the Broker returned status: 404
Unable to add APB to Ansible Service Broker.

and asb errors:
10.128.0.1 - - [19/Jul/2017:13:14:12 +0000] "POST /apb/spec HTTP/1.1" 404 19

Image Im using on asb:
sha256:bb8953b67a694bea24d3340095de4ec23fa874a5500231f9bd63790f3fd9dd70 openshift3/ansible-service-broker

Do I use latest image or there is difference in running it in oc cluster up and dedicated install (as I'm doing)

yaml vs yml

Failure in examples due naming in yaml vs yml
playbook: /opt/apb/actions/**provision.yaml** could not be found

root@ip-172-18-10-234 rds-mysql-apb]# docker run -it --entrypoint="/bin/bash" docker.io/mangirdas/apb-example
ls -la /opt/apb/actions/
-rw-r--r--. 1 root root 232 Jul 21 22:26 deprovision.yml
drwxr-xr-x. 2 root root  23 Jul 21 22:26 group_vars
-rw-r--r--. 1 root root 213 Jul 21 22:26 **provision.yml**

Remove id generation from apb tooling

It was a mistake to introduce ids into the APBs, and the broker now ignores them entirely and does its own internal bookkeeping. We should remove it from the tooling.

APB Test is not working

It appears that when creating the role, we are not assigning the service account as a subject. Because of this, it appears that the no action can be taken by a provision playbook.

Copy and pasting the object and running with the oc create -f seems to be working just fine.
Running the test with oc run command style still works as well.

ansibleplaybookbundle / ansible-playbook-bundle Goto Github PK

ansible-playbook-bundle's Introduction

Ansible Playbook Bundle (APB)

Documentation

ansible-playbook-bundle's People

Contributors

Stargazers

Watchers

Forkers

ansible-playbook-bundle's Issues

Recommend Projects

Recommend Topics

Recommend Org