search

smartabyar-smartvillage / smartabyar-smartvillage-sandbox-course

GNU General Public License v3.0
1 stars 3 forks source link

[FAIL] Deploy the MongoDB NOSQL Database in the OpenShift Developer Sandbox #5

Open ValheruEldarr opened 1 month ago

ValheruEldarr commented 1 month ago

Great resources!

When deploying MongDB with the command: %%bash ansible-playbook ~/smartvillage-operator/apply-edgemongodb.yaml \ -e ansible_operator_meta_namespace=$(oc get project -o jsonpath={.items[0].metadata.name}) \ -e crd_path=~/smartvillage-operator/kustomize/overlays/sandbox/edgemongodbs/mongodb/edgemongodb.yaml echo DONE

This error is received and status checks fail: [WARNING]: No inventory was parsed, only implicit localhost is available [WARNING]: provided hosts list is empty, only localhost is available. Note that the implicit localhost does not match 'all'

Task details: TASK [apply-edgemongodb : Query MongoDB pod] ***** fatal: [localhost]: FAILED! => {"msg": "An unhandled exception occurred while running the lookup plugin 'kubernetes.core.k8s'. Error was a <class 'kubernetes.dynamic.exceptions.ForbiddenError'>, original message: 403\nReason: Forbidden\nHTTP response headers: HTTPHeaderDict({'Audit-Id': '522d8e6c-f1c3-4399-9bfa-90297981a29b', 'Cache-Control': 'no-cache, private', 'Content-Type': 'application/json', 'Strict-Transport-Security': 'max-age=31536000; includeSubDomains; preload', 'X-Content-Type-Options': 'nosniff', 'X-Kubernetes-Pf-Flowschema-Uid': '0b321f04-3a18-431d-abfa-9d04ea93f4d5', 'X-Kubernetes-Pf-Prioritylevel-Uid': 'f0c457a4-deeb-4b75-a040-46e5f739dfc1', 'Date': 'Tue, 07 May 2024 21:38:05 GMT', 'Content-Length': '321'})\nHTTP response body: b'{\"kind\":\"Status\",\"apiVersion\":\"v1\",\"metadata\":{},\"status\":\"Failure\",\"message\":\"pods is forbidden: User \\\"system:serviceaccount:sheldonbernstein-dev:python\\\" cannot list resource \\\"pods\\\" in API group \\\"\\\" in the namespace \\\"openshift-virtualization-os-images\\\"\",\"reason\":\"Forbidden\",\"details\":{\"kind\":\"pods\"},\"code\":403}\n'\nOriginal traceback: \n File \"/opt/app-root/lib64/python3.9/site-packages/kubernetes/dynamic/client.py\", line 55, in inner\n resp = func(self, *args, kwargs)\n\n File \"/opt/app-root/lib64/python3.9/site-packages/kubernetes/dynamic/client.py\", line 270, in request\n api_response = self.client.call_api(\n\n File \"/opt/app-root/lib64/python3.9/site-packages/kubernetes/client/api_client.py\", line 348, in call_api\n return self.call_api(resource_path, method,\n\n File \"/opt/app-root/lib64/python3.9/site-packages/kubernetes/client/api_client.py\", line 180, in __call_api\n response_data = self.request(\n\n File \"/opt/app-root/lib64/python3.9/site-packages/kubernetes/client/api_client.py\", line 373, in request\n return self.rest_client.GET(url,\n\n File \"/opt/app-root/lib64/python3.9/site-packages/kubernetes/client/rest.py\", line 244, in GET\n return self.request(\"GET\", url,\n\n File \"/opt/app-root/lib64/python3.9/site-packages/kubernetes/client/rest.py\", line 238, in request\n raise ApiException(http_resp=r)\n. 403\nReason: Forbidden\nHTTP response headers: HTTPHeaderDict({'Audit-Id': '522d8e6c-f1c3-4399-9bfa-90297981a29b', 'Cache-Control': 'no-cache, private', 'Content-Type': 'application/json', 'Strict-Transport-Security': 'max-age=31536000; includeSubDomains; preload', 'X-Content-Type-Options': 'nosniff', 'X-Kubernetes-Pf-Flowschema-Uid': '0b321f04-3a18-431d-abfa-9d04ea93f4d5', 'X-Kubernetes-Pf-Prioritylevel-Uid': 'f0c457a4-deeb-4b75-a040-46e5f739dfc1', 'Date': 'Tue, 07 May 2024 21:38:05 GMT', 'Content-Length': '321'})\nHTTP response body: b'{\"kind\":\"Status\",\"apiVersion\":\"v1\",\"metadata\":{},\"status\":\"Failure\",\"message\":\"pods is forbidden: User \\\"system:serviceaccount:sheldonbernstein-dev:python\\\" cannot list resource \\\"pods\\\" in API group \\\"\\\" in the namespace \\\"openshift-virtualization-os-images\\\"\",\"reason\":\"Forbidden\",\"details\":{\"kind\":\"pods\"},\"code\":403}\n'\nOriginal traceback: \n File \"/opt/app-root/lib64/python3.9/site-packages/kubernetes/dynamic/client.py\", line 55, in inner\n resp = func(self, *args, **kwargs)\n\n File \"/opt/app-root/lib64/python3.9/site-packages/kubernetes/dynamic/client.py\", line 270, in request\n api_response = self.client.call_api(\n\n File \"/opt/app-root/lib64/python3.9/site-packages/kubernetes/client/api_client.py\", line 348, in call_api\n return self.call_api(resource_path, method,\n\n File \"/opt/app-root/lib64/python3.9/site-packages/kubernetes/client/api_client.py\", line 180, in __call_api\n response_data = self.request(\n\n File \"/opt/app-root/lib64/python3.9/site-packages/kubernetes/client/api_client.py\", line 373, in request\n return self.rest_client.GET(url,\n\n File \"/opt/app-root/lib64/python3.9/site-packages/kubernetes/client/rest.py\", line 244, in GET\n return self.request(\"GET\", url,\n\n File \"/opt/app-root/lib64/python3.9/site-packages/kubernetes/client/rest.py\", line 238, in request\n raise ApiException(http_resp=r)\n"}

PLAY RECAP ***** localhost : ok=7 changed=0 unreachable=0 failed=1 skipped=3 rescued=0 ignored=1

computate commented 1 month ago

Hello @ValheruEldarr , I'm glad you like the course. It looks like you ran into an issue with RoleBindings.

system:serviceaccount:sheldonbernstein-dev:python\\" cannot list resource \\"pods\\" in API group \\"\\" in the namespace \\"openshift-virtualization-os-images\\"

you seem to be trying to run this from the openshift-virtualization-os-images namespace, do you know why that is? Are you running on the Red Hat OpenShift Developer Sandbox?

You will need to follow my documentation in the README to grant the right RoleBindings to get this to work in OpenShift AI. I just tested my instructions and they seem to be working as long as you create an OpenShift AI workbench named python in your sheldonbernstein-dev Data Science Project. 

oc create rolebinding python-edit --clusterrole=edit \
  --serviceaccount=$(oc get project -o \
  jsonpath={.items[0].metadata.name}):python

oc create role python-edit-rolebindings \
  --verb=get,list,watch,create,update,patch,delete \
  --resource=roles,rolebindings

oc create rolebinding python-edit-rolebindings --role=python-edit-rolebindings \
  --serviceaccount=$(oc get project -o jsonpath={.items[0].metadata.name}):python
computate commented 1 month ago

Have a look at why this part -e ansible_operator_meta_namespace=$(oc get project -o jsonpath={.items[0].metadata.name}) of the Ansible Playbooks would be returning openshift-virtualization-os-images for you, but you can replace this with the right namespace sheldonbernstein-dev instead.

ValheruEldarr commented 1 month ago

Appreciate the reply and the incredible work! I initially began on my macbook but them moved to the online terminal. Certain there is where the mistake was made. Started over using just the online terminal: bingo! Got to step 12 without any issues. Trying to figure out how to commit the work I have done, to git hub. But not making traction as of: Setting imports and app. For example, throughout the notebook (very well documented), I was able to SHIFT ENTER to execute commands (very helpful). As of: Section 12 Setting imports and app - this doesn't seem to be the case. Where should I be executing the commands for the remainder that notebook?

ValheruEldarr commented 1 month ago

For example, where should I execute the following?

import os import pytz import requests from flask import Flask from datetime import datetime, timezone

Define the Flask app.

app = Flask(name)

rbaumgar commented 1 month ago

same problem. oc get project -o jsonpath={.items[0].metadata.name} is the wrong way! the correct way is oc project -q.

please update the 02-deploy-microservices.

computate commented 1 month ago

@ValheruEldarr So the Jupyter Notebook #12 is for building your own new python project in the Jupyter workbench. I realize from your feedback that it's a bit difficult to understand, since we wrote and walked through this notebook together at a live Hackathon with 3 Universities in North Carolina a few months ago. See the section later on "Building a container with my application." It has some commands for you to run to initialize the project directory. 

mkdir  ~/smartvillage-service
touch ~/smartvillage-service/Dockerfile
touch ~/smartvillage-service/app.py
mkdir -p ~/smartvillage-service/.github/workflows/
touch ~/smartvillage-service/.github/workflows/build.yml
echo "**/.ipynb_checkpoints" >> ~/smartvillage-service/.gitignore

I'll keep that in mind to make that more clear.

ValheruEldarr commented 1 month ago

Thanks. That helps.

Question: am I able to log into the smartcity instance on your page: https://www.smartabyarsmartvillage.org/

computate commented 2 weeks ago

Hi @ValheruEldarr , the smartabyarsmartvillage.org is for student researchers at Boston University for their research. I'm curious, what would you like to do with the Smart Village platform?

ValheruEldarr commented 6 days ago

Hi Christopher,

Apologies for the delay, I had taken ill. I am partnered with Tony and others in ogov and nova city. This is my research regarding RH’s deployment of such services. I like to get my hands dirty :)

Thanks, Sheldon

On Mon, Jun 3, 2024 at 10:28 Christopher Tate @.***> wrote:

Hi @ValheruEldarr https://github.com/ValheruEldarr , the smartabyarsmartvillage.org is for student researchers at Boston University for their research. I'm curious, what would you like to do with the Smart Village platform?

— Reply to this email directly, view it on GitHub https://github.com/smartabyar-smartvillage/smartabyar-smartvillage-sandbox-course/issues/5#issuecomment-2145645647, or unsubscribe https://github.com/notifications/unsubscribe-auth/BIK6S3ICOUXTNW3QVZWO4FDZFSKUJAVCNFSM6AAAAABHLZH4EWVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCNBVGY2DKNRUG4 . You are receiving this because you were mentioned.Message ID: <smartabyar-smartvillage/smartabyar-smartvillage-sandbox-course/issues/5/2145645647 @github.com>