Closed tsanders-rh closed 5 years ago
@BenHall Here is what I am seeing in the new 3.10 env.
Perfect! Thanks. We'll get this fixed
It does appear that the 3.9 Playground is doing this with an environment script run in the background at course init:
"intro": { "courseData": "env-init.sh", "code": "set-env.sh", "text": "intro.md" },
env-init.sh:
ssh root@host01 'for i in {1..200}; do oc policy add-role-to-user system:image-puller system:anonymous && break || sleep 1; done'
ssh root@host01 'oc adm policy add-cluster-role-to-group sudoer system:authenticated'
ssh root@host01 "~/.setup-volumes"
ssh root@host01 "~/.setup-templates"
I tried something similar with the 3.10 env, but it doesn't seem to be invoking the env-init.sh properly; as the script doesn't seem to run. If we could get this working, I would be ok with this approach as well.
@BenHall @mhausenblas - Any chance we can get this investigated/fixed this week? We were hoping to have our Operator-SDK course / playground in place for KubeCon. I'd be happy with fixing the issues with running a background "courseData" script...but again this doesn't appear to be working in the 3.10 env.
@tsanders-rh Do you the Katacoda scenario URL so I can reproduce the courseData issue?
This is being used with 3.10 and Istio scenarios - https://github.com/openshift-labs/learn-katacoda/blob/master/servicemesh/2-deploy-microservices/run-init.sh
The newer playgrounds should copy how 3.9 version was done. The changes in that version were made that way to address problems with 3.9. Possibly the 3.10 and 3.11 are now not going to work in same ways 3.9 wasn't until fixed. The 3.9 version in the end was still unusable as oc rsh
didn't work though. https://github.com/openshift-labs/learn-katacoda/issues/233
These scripts are now run when 3.11 boots.
We still need to investigate your issue with run-init.sh, please provide an example when you get a chance.
@BenHall Thanks. So I think the env-init.sh issue is on me. I am trying to add an entry to the /etc/hosts file to make pushing images to the internal registry easier for students. This is the line that doesn't seem to be working:
ssh root@host01 'registry_ip=$(oc get svc/docker-registry -o yaml | grep clusterIP: | awk '{print $2}') && echo "$registry_ip ocp-registry" >> /etc/hosts'
In fact, if I modify this to simply: ssh root@host01 'echo "foo" >> /etc/hosts' I get nothing added to the /etc/hosts file.
Probably my misunderstanding of the environment. Thoughts?
-Todd
@tsanders-rh Could you point me to your Katacoda profile please? :)
In the browser's console, you can see the output from the script. The error is:
Background Output bash: cannot set terminal process group (-1): Inappropriate ioctl for device
bash: no job control in this shell
role "system:image-puller" added: "system:anonymous"
cluster role "sudoer" added: "system:authenticated"
error: the path "volumes.json" does not exist
Within https://github.com/tsanders-rh/learn-katacoda/blob/master/ansibleop/ansible-op-overview/env-init.sh#L5 it attempts to create the volumes.
This was previously uploaded as an asset - see https://github.com/openshift-labs/learn-katacoda/blob/master/playgrounds/openshift311/index.json#L33 / https://github.com/openshift-labs/learn-katacoda/blob/master/playgrounds/openshift311/assets/volumes.json
Fix: Include the volumes.json file or remove the call if volumes aren't required.
We'll look at making the browser console output into a dialog when you are the content creator for debugging purposes.
@BenHall Thanks for the pointer on getting at the script output. Helpful.
For the Operator-SDK module, I need to:
For these reasons, I had added the following to op-sdk-setup.sh script:
setup a /etc/hosts entry for the internal registry
registry_ip=$(oc get svc/docker-registry -o yaml | grep clusterIP: | awk '{print $2}') echo "$registry_ip ocp-registry" >> /etc/hosts
grant the user: developer permissions to push images to the internal registry
oc policy add-role-to-user registry-editor developer --as system:admin
setup sudoer role for user: developer
oc create clusterrolebinding developer-sudoer-binding --clusterrole=sudoer --user=developer
The registry entry in /etc/hosts is incomplete as no ipaddress is listed. This entry was added to assist the user from having to look up the internal registry address repeatedly.
The developer account is required vs system:admin in order to interact with the internal registry. For this reason, having the sudoer role as present in the 3-9 env is required.
-Todd