Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

need apiVersion 2 of ansible servcie broker #1136

Closed
ghost opened this issue Nov 20, 2018 · 9 comments
Closed

need apiVersion 2 of ansible servcie broker #1136

ghost opened this issue Nov 20, 2018 · 9 comments
Assignees
@jmrodri
Labels
lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale.

Comments

@ghost
Copy link

ghost commented Nov 20, 2018

This form is for bug reports and feature requests. Major features will go through a spec process.

Feature:

Bug:

What happened:

What you expected to happen:

How to reproduce it:
@ghost ghost changed the title apiVersion need apiVersion 2 of ansible servcie broker Nov 20, 2018
@ghost
Copy link
Author

ghost commented Nov 20, 2018

Feature: Registring ansible service broker to cloud foundry
Bug: Server error, status code: 502, error code: 10001, message: The service broker rejected the request to https://54.205.122.2:8443/v2/catalog. Status Code: 403 Forbidden, Body: {"kind":"Status","apiVersion":"v1","metadata":{},"status":"Failure","message":"forbidden: User "system:anonymous" cannot get path "/v2/catalog": User "system:anonymous" cannot "get" on "/v2/catalog"","reason":"Forbidden","details":{},"code":403}

What happened: so, On cloud foundry I have apiVersion is 2 but your ansible service broker works on api version 1, I am using this template https://github.com/openshift/ansible-service-broker/blob/master/templates/simple-broker-template.yaml

Expected to happen: want to register the ansible service broker on my cloud foundry.

@djzager
Copy link
Member

djzager commented Nov 20, 2018

"kind":"Status","apiVersion":"v1"

this refers to the apiVersion for the kind: Status of the Kubernetes API, https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.12/#componentstatus-v1-core for reference.

forbidden: User "system:anonymous" cannot get path "/v2/catalog": User "system:anonymous" cannot "get" on "/v2/catalog would prevent you from being able to register the ansible service broker with cloud foundry. Requests to the broker's catalog are authenticated, in the simple-broker-template the token found in ansibleservicebroker-client secret is needed to make authenticated requests. See this portion of the simple-broker-template to get an idea of how we provide authentication information to the service-catalog when we register a ClusterServiceBroker.

@ghost
Copy link
Author

ghost commented Nov 20, 2018

Feature: Registring ansible service broker to cloud foundry
Bug: Server error, status code: 502, error code: 10001, message: The service broker rejected the request to https://54.205.122.2:8443/v2/catalog. Status Code: 403 Forbidden, Body: {"kind":"Status","apiVersion":"v1","metadata":{},"status":"Failure","message":"forbidden: User "system:anonymous" cannot get path "/v2/catalog": User "system:anonymous" cannot "get" on "/v2/catalog"","reason":"Forbidden","details":{},"code":403}

What happened: so, On cloud foundry I have apiVersion is 2 but your ansible service broker works on api version 1 , Link

@ghost
Copy link
Author

ghost commented Nov 23, 2018
edited by ghost

"kind":"Status","apiVersion":"v1"

this refers to the apiVersion for the kind: Status of the Kubernetes API, https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.12/#componentstatus-v1-core for reference.

forbidden: User "system:anonymous" cannot get path "/v2/catalog": User "system:anonymous" cannot "get" on "/v2/catalog would prevent you from being able to register the ansible service broker with cloud foundry. Requests to the broker's catalog are authenticated, in the simple-broker-template the token found in ansibleservicebroker-client secret is needed to make authenticated requests. See this portion of the simple-broker-template to get an idea of how we provide authentication information to the service-catalog when we register a ClusterServiceBroker.

I am not understanding that how to do the authentication.
so I am explaining what I have done till now.
I have installed ansible service broker on openshift on single centos VM using this link
https://blog.openshift.com/up-and-running-with-the-openshift-ansible-broker/

versions detail:
[root@ip-10-1-100-242 centos]# oc version
oc v3.9.0+191fece
kubernetes v1.9.1+a0ce1bc657
features: Basic-Auth GSSAPI Kerberos SPNEGO

Server https://54.205.122.2:8443

openshift v3.9.0+71543b2-33
kubernetes v1.9.1+a0ce1bc657

Then I tried registering the ansible service broker on cf using the command
on cloudfoundry CLI
cf create-service-broker ansible-service-broker admin admin https://54.205.122.2:8443

after this command, I am getting the issue which I mentioned earlier comment. After this I dont know where to do the authentication and what will be username and password or token for authentication.

@jmrodri
Copy link
Contributor

jmrodri commented Nov 23, 2018

@lordcf we've never formally tested the broker with Cloud Foundry. I believe you'll need to configure the broker to use Basic Auth so it will work with Cloud Foundry. Set auth.type to basic and auth.enabled to true. The simple template has it set to false:

auth:
          - type: basic
            enabled: false

The following document https://github.com/openshift/ansible-service-broker/blob/master/docs/auth.md explains how t o configure basic auth. The mechanism is simple, determine a username & password combination you want. Then on the OpenShift side where the broker lives, you create a secret with the username and password. Then in Cloud Foundry you need to configure it to use the same username & password combination when talking to the broker. This should fix the authentication problem between the two.

@jwmatthews
Copy link
Member

@lordcf I'm unsure of the use case you are working towards but wanted you to be aware that I don't believe our broker will run as-is on cloud foundry, even if you work through issues with the broker booting up and registering to the service catalog.

My concerns are around running service-bundles, we rely on k8s api's to create a pod and run a bundle. That portion of the broker will need updates to use a new mechanism for running a container to execute work if this is to run exclusively on cloud foundry.

@jmrodri jmrodri self-assigned this Nov 27, 2018
@openshift-bot
Copy link

Issues go stale after 90d of inactivity.

Mark the issue as fresh by commenting /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.
Exclude this issue from closing by commenting /lifecycle frozen.

If this issue is safe to close now please do so with /close.

/lifecycle stale

@openshift-ci-robot openshift-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Aug 30, 2020
@jmrodri
Copy link
Contributor

jmrodri commented Sep 20, 2020

/close

@openshift-ci-robot
Copy link

@jmrodri: Closing this issue.

In response to this:

/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jmrodri jmrodri

Labels
lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@jmrodri @jwmatthews @djzager @openshift-bot @openshift-ci-robot