-
Notifications
You must be signed in to change notification settings - Fork 4
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
AEROGEAR-7670 & AEROGEAR-7673 #2
Conversation
👀 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Getting this error when I try it locally:
TASK [provision-mcs-server-apb : Give default user admin permissions] **********
| fatal: [localhost]: FAILED! => {"changed": true, "cmd": "oc policy add-role-to-user admin system:serviceaccount:myproject:oauth-proxy -n myproject", "delta": "0:00:00.678129", "end": "2018-07-25 11:14:59.240348", "msg": "non-zero return code", "rc": 1, "start": "2018-07-25 11:14:58.562219", "stderr": "Error from server (Forbidden): rolebindings.authorization.openshift.io is forbidden: User \"system:serviceaccount:test-mcs-server-apb-prov-mfjpt:bundle-e9913e24-d451-46d7-8147-ac3746a3865e\" cannot list rolebindings.authorization.openshift.io in the namespace \"myproject\": User \"system:serviceaccount:test-mcs-server-apb-prov-mfjpt:bundle-e9913e24-d451-46d7-8147-ac3746a3865e\" cannot list rolebindings.authorization.openshift.io in project \"myproject\"", "stderr_lines": ["Error from server (Forbidden): rolebindings.authorization.openshift.io is forbidden: User \"system:serviceaccount:test-mcs-server-apb-prov-mfjpt:bundle-e9913e24-d451-46d7-8147-ac3746a3865e\" cannot list rolebindings.authorization.openshift.io in the namespace \"myproject\": User \"system:serviceaccount:test-mcs-server-apb-prov-mfjpt:bundle-e9913e24-d451-46d7-8147-ac3746a3865e\" cannot list rolebindings.authorization.openshift.io in project \"myproject\""], "stdout": "", "stdout_lines": []}
Also should the Dockerfile be regenerated? After I ran apb build
the Dockerfile is changed again.
Never mind, it is a problem with my local ASB setup. |
Dockerfile
Outdated
ZXIuaW8vYWVyb2dlYXIvbW9iaWxlLWNsaWVudC1zZXJ2aWNlOmxhdGVzdCIKICBzZXJ2aWNlTmFt\ | ||
ZTogbWNzLXNlcnZlcgogIGJpbmRpbmdzTGltaXQ6IDIKcGxhbnM6CiAgLSBuYW1lOiBkZWZhdWx0\ | ||
CiAgICBkZXNjcmlwdGlvbjogUGVyc2lzdGVudCBkZXBsb3ltZW50IG9mIG1jcy1zZXJ2ZXIKICAg\ | ||
IGZyZWU6IFRydWUKICAgIHBhcmFtZXRlcnM6IFtdCg==" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
when I ran apb build
, the Dockerfile is changed again. Should this file be regenerated?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes
- >- | ||
--openshift-sar={"namespace":"{{ namespace }}","resource":"deploymentconfigs","name":"mcs-server","verb":"update"} | ||
- --http-address=0.0.0.0:{{ mobile_client_service_proxy_port }} | ||
- --skip-auth-regex=/rest/sender,/rest/registry/device,/rest/prometheus/metrics,/rest/auth/config |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think this are required for this service.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I can provision the service from service catalog, and perform login using my openshift credentials. Although after login I am getting an error but after checking the logs it looks like it has something to do my local cluster setup.
I think we just need to regenerate the dockerfile and update the config for the proxy
@wei-lee apb build regenerates the dockerfile each time. Not really sure what do do about it. |
@secondsun Yes, it will regenerate the dockerfile, but I thought it shouldn't change anything unless the apb.yaml file has changed? |
@wei-lee Ahhh right. I've been changing the display name so I know when "push" gets finished. I may have changed a whitespace. |
@wei-lee Should be fixed now. |
- --provider=openshift | ||
- --openshift-service-account={{ proxy_serviceaccount_name }} | ||
- --upstream=http://localhost:{{ mobile_client_service_port }} | ||
- --openshift-sar={"namespace":"{{ namespace }}","resource":"deploymentconfigs","name":"mcs-server","verb":"update"} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
we can leave the option like this for now, but we probably will update it later.
This will provision the oauth proxy and the mobile-client-service image from docker hub.
After apb build and apb push you should be able to deploy the service from the catalog, navigate to the route, and log in with the oauth proxy.