AEROGEAR-7670 & AEROGEAR-7673 #2
Conversation
|
👀 |
There was a problem hiding this comment.
Getting this error when I try it locally:
TASK [provision-mcs-server-apb : Give default user admin permissions] **********
| fatal: [localhost]: FAILED! => {"changed": true, "cmd": "oc policy add-role-to-user admin system:serviceaccount:myproject:oauth-proxy -n myproject", "delta": "0:00:00.678129", "end": "2018-07-25 11:14:59.240348", "msg": "non-zero return code", "rc": 1, "start": "2018-07-25 11:14:58.562219", "stderr": "Error from server (Forbidden): rolebindings.authorization.openshift.io is forbidden: User \"system:serviceaccount:test-mcs-server-apb-prov-mfjpt:bundle-e9913e24-d451-46d7-8147-ac3746a3865e\" cannot list rolebindings.authorization.openshift.io in the namespace \"myproject\": User \"system:serviceaccount:test-mcs-server-apb-prov-mfjpt:bundle-e9913e24-d451-46d7-8147-ac3746a3865e\" cannot list rolebindings.authorization.openshift.io in project \"myproject\"", "stderr_lines": ["Error from server (Forbidden): rolebindings.authorization.openshift.io is forbidden: User \"system:serviceaccount:test-mcs-server-apb-prov-mfjpt:bundle-e9913e24-d451-46d7-8147-ac3746a3865e\" cannot list rolebindings.authorization.openshift.io in the namespace \"myproject\": User \"system:serviceaccount:test-mcs-server-apb-prov-mfjpt:bundle-e9913e24-d451-46d7-8147-ac3746a3865e\" cannot list rolebindings.authorization.openshift.io in project \"myproject\""], "stdout": "", "stdout_lines": []}
Also should the Dockerfile be regenerated? After I ran apb build the Dockerfile is changed again.
|
Never mind, it is a problem with my local ASB setup. |
Dockerfile
Outdated
| ZXIuaW8vYWVyb2dlYXIvbW9iaWxlLWNsaWVudC1zZXJ2aWNlOmxhdGVzdCIKICBzZXJ2aWNlTmFt\ | ||
| ZTogbWNzLXNlcnZlcgogIGJpbmRpbmdzTGltaXQ6IDIKcGxhbnM6CiAgLSBuYW1lOiBkZWZhdWx0\ | ||
| CiAgICBkZXNjcmlwdGlvbjogUGVyc2lzdGVudCBkZXBsb3ltZW50IG9mIG1jcy1zZXJ2ZXIKICAg\ | ||
| IGZyZWU6IFRydWUKICAgIHBhcmFtZXRlcnM6IFtdCg==" |
There was a problem hiding this comment.
when I ran apb build, the Dockerfile is changed again. Should this file be regenerated?
| - >- | ||
| --openshift-sar={"namespace":"{{ namespace }}","resource":"deploymentconfigs","name":"mcs-server","verb":"update"} | ||
| - --http-address=0.0.0.0:{{ mobile_client_service_proxy_port }} | ||
| - --skip-auth-regex=/rest/sender,/rest/registry/device,/rest/prometheus/metrics,/rest/auth/config |
There was a problem hiding this comment.
I don't think this are required for this service.
There was a problem hiding this comment.
I can provision the service from service catalog, and perform login using my openshift credentials. Although after login I am getting an error but after checking the logs it looks like it has something to do my local cluster setup.
I think we just need to regenerate the dockerfile and update the config for the proxy
|
@wei-lee apb build regenerates the dockerfile each time. Not really sure what do do about it. |
|
@secondsun Yes, it will regenerate the dockerfile, but I thought it shouldn't change anything unless the apb.yaml file has changed? |
|
@wei-lee Ahhh right. I've been changing the display name so I know when "push" gets finished. I may have changed a whitespace. |
|
@wei-lee Should be fixed now. |
| - --provider=openshift | ||
| - --openshift-service-account={{ proxy_serviceaccount_name }} | ||
| - --upstream=http://localhost:{{ mobile_client_service_port }} | ||
| - --openshift-sar={"namespace":"{{ namespace }}","resource":"deploymentconfigs","name":"mcs-server","verb":"update"} |
There was a problem hiding this comment.
we can leave the option like this for now, but we probably will update it later.
This will provision the oauth proxy and the mobile-client-service image from docker hub.
After apb build and apb push you should be able to deploy the service from the catalog, navigate to the route, and log in with the oauth proxy.