search

ansibleplaybookbundle / prometheus-apb

GNU General Public License v3.0
3 stars 4 forks source link

Cannot install Prometheus (APB) through the console #5

Closed cunningt closed 6 years ago

cunningt commented 6 years ago

If I follow the directions in the README.md -- which specifies to use apb run to do the provision - Prometheus provisions successfully.

If I log into the Openshift console and attempt to use the Prometheus (APB) to install, I get the following error - I'm logged in as developer.

TASK [prometheus-apb : [PROMETHEUS][PROVISION] Set to present RoleBinding for Service Account] *** fatal: [localhost]: FAILED! => {"changed": false, "error": 403, "msg": "Failed to retrieve requested object: User \"system:serviceaccount:dh-prometheus-apb-prov-rswjk:apb-1fb71304-b0ca-4a26-ad63-a78578913227\" cannot get rolebindings.rbac.authorization.k8s.io in the namespace \"myproject\": User \"system:serviceaccount:dh-prometheus-apb-prov-rswjk:apb-1fb71304-b0ca-4a26-ad63-a78578913227\" cannot get rolebindings.rbac.authorization.k8s.io in project \"myproject\""}

PLAY RECAP ***** localhost : ok=6 changed=1 unreachable=0 failed=1

[PROMETHEUS][PROVISION] Set to present the Prometheus ServiceAccount --- 21.57s [PROMETHEUS][PROVISION] Recovering Service Account token ---------------- 1.01s [PROMETHEUS][PROVISION] Set to present RoleBinding for Service Account --- 0.89s [PROMETHEUS APB][MAIN] Deploying Prometheus ----------------------------- 0.07s [PROMETHEUS][PROVISION] Recover secret name ----------------------------- 0.06s [PROMETHEUS-APB][MAIN] MongoDB ------------------------------------------ 0.03s [PROMETHEUS][PROVISION] Creating a fact with the secret token of Service Account --- 0.03s ------------------------------------------------------------------------ 0.03s Install latest openshift client ----------------------------------------- 0.01s

jparrill commented 6 years ago

This seems familiar to me, what version of origin are you using? I got this error when the oc client are not the same as origin installation because apb-base-container have the oc client for 3.7.1.

This is the bug that I open on the regarded repository: https://github.com/ansibleplaybookbundle/apb-base/issues/19

Try this:

on your shell execute this: oc version

Will show something like:

oc v3.7.1+ab0f056
kubernetes v1.7.6+a08f5eeb62
features: Basic-Auth GSSAPI Kerberos SPNEGO

Server https://127.0.0.1:8443
openshift v3.7.1+ab0f056
kubernetes v1.7.6+a08f5eeb62

Ensure that you are on openshift 3.7.X

If not, just modify the run_latest_build.sh pointing to the right version

cunningt commented 6 years ago

I'm seeing this on v3.7.1 --

tcunning@ovpn-121-172:~/Downloads$ oc version oc v3.7.1+ab0f056 kubernetes v1.7.6+a08f5eeb62 features: Basic-Auth

Server https://127.0.0.1:8443 openshift v3.7.1+a8deba5-34 kubernetes v1.7.6+a08f5eeb62

How I ran run_latest_build.sh $ ORIGIN_VERSION=v3.7.1 ./run_latest_build.sh

jparrill commented 6 years ago

Hummm, did you change the sandbox_role from "edit" to "admin" on the asb configmap and just make a rollout?

cunningt commented 6 years ago

I didn't - I've tried two ways -

1) as "admin", Prometheus (APB) shows up in the console after I do the run_latest_build.sh exec. I get the error above installing as admin.

2) as "developer", if I grant the permissions to developer (oc create -n ansible-service-broker -f https://raw.githubusercontent.com/ansibleplaybookbundle/ansible-playbook-bundle/apb-1.1.6-1/templates/openshift-permissions.template.yaml), the Prometheus (APB) shows up in the console, but if I try to provision in the Openshift console, I get the same error as above.

I only see the provision errors when I try to provision in the Openshift Console - apb run seems to work fine as developer.

jparrill commented 6 years ago

Follow this steps, I will assume that you already have this repo cloned:

ORIGIN_VERSION=v3.7.1 ./run_latest_build.sh
oc adm policy add-cluster-role-to-user cluster-admin developer
oc login -u developer
oc edit cm/broker-config -n ansible-service-broker

Modify the line with the key sandbox_role to admin as you see, by default must be on edit:

...
...
    openshift:
      host: ""
      ca_file: ""
      bearer_token_file: ""
      image_pull_policy: "IfNotPresent"
      sandbox_role: "admin"
      namespace: "ansible-service-broker"
      keep_namespace: false
      keep_namespace_on_error: true
...
...

Then execute a oc rollout:

oc rollout latest dc/asb -n ansible-service-broker

Now go to the web console and you must see the Prometheus (APB) on the service catalog. If you get the same error, we will go through it ;).

cunningt commented 6 years ago

That seems to fix it.