Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Broker bind output #25

Merged
merged 8 commits into from
Jul 13, 2017
Merged

Broker bind output #25

merged 8 commits into from
Jul 13, 2017

Conversation

rthallisey
Copy link
Contributor

@rthallisey rthallisey commented May 24, 2017
edited

Rework of the broker bind output. We're going to have the broker exec into the container to gather bind creds.
Ref: openshift/ansible-service-broker#124

This was referenced May 24, 2017
Merged
Merged
cfchase
cfchase reviewed May 25, 2017
View reviewed changes
postgresql-apb/roles/postgresql-apb-openshift/tasks/main.yml Outdated
- debug:
msg: "<BIND_CREDENTIALS>{{ encoded_bind_credentials.stdout }}</BIND_CREDENTIALS>"
- copy:
content="<BIND_CREDENTIALS>{{ encoded_bind_credentials.stdout }}</BIND_CREDENTIALS>"
Copy link
Contributor

@cfchase cfchase May 25, 2017
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we use colons instead of equals?

- copy:
   content: "<BIND_CREDENTIALS>{{ encoded_bind_credentials.stdout }}</BIND_CREDENTIALS>"
   dest: /etc/ansible-service-broker/bind-creds

instead of:

- copy:
   content="<BIND_CREDENTIALS>{{ encoded_bind_credentials.stdout }}</BIND_CREDENTIALS>"
   dest=/etc/ansible-service-broker/bind-creds

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Now that bind credentials are in their own file instead of scraping a log, do we still need to use <BIND_CREDENTIALS> tags? Can the broker just read it without having to look for and omit the tags?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ya I can make that work.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm going to fix <BIND_CRENTIALS> in another patch #34

jmrodri
jmrodri requested changes May 26, 2017
View reviewed changes
Copy link
Contributor

@jmrodri jmrodri left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

More of a question, I'm a little confused how all this fits together. maybe because it's 1:13am and I'm not thinking clearly. :)

apb-base/Dockerfile Outdated
/etc/ansible /opt/ansible \
${BASE_DIR} ${BASE_DIR}/etc \
${BASE_DIR}/.kube ${BASE_DIR}/.ansible/tmp && \
useradd -u ${USER_UID} -r -g 0 -M -d ${BASE_DIR} -b ${BASE_DIR} -s /sbin/nologin -c "apb user" ${USER_NAME} && \
chown -R ${USER_NAME}:0 /opt/{ansible,apb} && \
chown -R ${USER_NAME}:0 /etc/ansible-service-broker && \
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I actually find it weird to see ansible-service-broker in the base apb image. Maybe it's not a bad thing, but I find it weird to see it leaking in. Especially in /etc/ which I think of a config directory

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm using this location to hold the bind credentials for the apb. I can change it to be /etc/apb if that makes it clearer.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Agree with wanting to remove 'ansible-service-broker' and go with a different name, also feels weird to be writing into '/etc' for this, I would think we'd want a dir under /var

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I figured '/etc' because it's storing credentials. But I could also see '/var/lib/apb' since it's data relative to the apb.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I never addressed this. I think we want this to be apb.

cfchase
cfchase requested changes May 31, 2017
View reviewed changes
Copy link
Contributor

@cfchase cfchase left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Switch to : from = and test.

@rthallisey
Copy link
Contributor Author

@cfchase tested : for =. I'll remove the <BIND_CRENTIALS> tag later.

@jmrodri
Copy link
Contributor

jmrodri commented Jun 5, 2017

@rthallisey I think I understand what's going on. We used to just print out the credentials to stdout. The container could conceivably go away before the broker saw the credentials. This patch seems to keep the container running until broker can get the creds. And instead of using stdout, it uses a file on the container.

@jwmatthews jwmatthews changed the title Broker bind output [DO NOT MERGE] Broker bind output Jun 23, 2017
@jwmatthews
Copy link
Member

Before we merge this I want to confirm the workflow with a few others on AOS to be sure we are on right track.

Tracking this in card:
https://trello.com/c/PZJfBeph

@jwmatthews jwmatthews changed the title [DO NOT MERGE] Broker bind output Broker bind output Jun 27, 2017
@jwmatthews
Copy link
Member

Verified this approach is good to go.

We want to get this in when we can.

@rthallisey rthallisey force-pushed the broker-bind-output branch 3 times, most recently from bb4e706 to c3b7642 Compare June 29, 2017 21:21
@rthallisey rthallisey force-pushed the broker-bind-output branch 2 times, most recently from 796ca99 to 39ef43b Compare July 11, 2017 18:52
Ryan Hallisey added 6 commits July 12, 2017 07:33
Rework the Broker Bind Output
4509fe3 
- Script for the broker to use when it execs into the container
- Script that will keep the apb running until the broker scoops
  up the bind credentials
Update the existing APBs with bind to use the new bind method
b59c831
Post rebase additions
e6a7dd3
Change ansible-service-broker to apb
4640f87
Change bind creds directory from ansible-service-broker to apb in the…
c2258f6 
… playbooks
Fix logic to support provision and bind
544feb5 
This patch was written when only bind was returning
credentials. Reconfigure this to support both provision and bind.
eriknelson
eriknelson requested changes Jul 12, 2017
View reviewed changes
Copy link

@eriknelson eriknelson left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

NACK pending changes from the broker PR:

openshift/ansible-service-broker#124 (review)

@rthallisey rthallisey closed this Jul 13, 2017
@rthallisey rthallisey reopened this Jul 13, 2017
Move all retry logic to the broker
adea5dd 
Only execute a one time command and exit so we keep
the retry logic in one place.
@eriknelson
Copy link

Merging, openshift/ansible-service-broker#124 just got merged to broker master. This PR is required for any images that will be run by that broker moving forwards.

@eriknelson eriknelson merged commit e480a05 into fusor:master Jul 13, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jwmatthews jwmatthews jwmatthews left review comments

@jmrodri jmrodri jmrodri approved these changes

@eriknelson eriknelson eriknelson approved these changes

@cfchase cfchase cfchase approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@rthallisey @jmrodri @jwmatthews @eriknelson @cfchase