Merge branch 'dev' into merge-dev-master

* dev: (30 commits)
  Get latest release of oc client from OpenShift Builds (#84)
  Enable service-catalog using oc cluster up option (#83)
  Tweak to remove_all_synced_docker_images.sh
  Remove all local images
  Updated --rcm to use latest rcm built images for openshift (#82)
  Use prebuilt binary stored in s3 for oc client. (#81)
  Added troubleshooting to README (#79)
  Fixed macOS to use setup_local_environment.yml
  add rcm option and source repetitive code (#75)
  Consolidate local playbooks (#73)
  Added broker relist interval variable to controller manager deployment (#76)
  Allow changing etcd image and path to support downstream (#74)
  adding recovery config values (#72)
  Fix for persistent volume cleanup on mac (#70)
  Add config options (#71)
  Recreate PV mount to avoid permissions issues on pvs. (#69)
  Use openshift template to deploy Ansible Service Broker (#65)
  Enable pod presets (#67)
  Bump to using v3.6.0-alpha.2 for 'oc' executable (#64)
  Change service catalog/apiserver to canary for testing in dev (#63)
  ...

.gitignore

@@ -0,0 +1,2 @@
+my_vars.yml
+ansible/roles/ansible_service_broker_setup/templates/ansible-service-broker-all.yaml.j2

ansible/group_vars/all.yml

@@ -80,13 +80,55 @@ cluster_user_password: admin
 cluster_system_admin: "system:admin"
 service_catalog_user: "system:serviceaccount:service-catalog:default"
 
+service_catalog_tag: "canary"
+svc_cat_apiserver_img_no_tag: "quay.io/kubernetes-service-catalog/apiserver"
+svc_cat_apiserver_img: "{{ svc_cat_apiserver_img_no_tag }}:{{ service_catalog_tag }}"
+svc_cat_apiserver_tag: "apiserver:{{ service_catalog_tag }}"
+svc_cat_controller_mgr_img_no_tag: "quay.io/kubernetes-service-catalog/controller-manager"
+svc_cat_controller_mgr_img: "{{ svc_cat_controller_mgr_img_no_tag }}:{{ service_catalog_tag }}"
+svc_cat_controller_mgr_tag: "controller-manager:{{ service_catalog_tag }}"
+svc_cat_controller_mgr_relist_interval: "5m"
+
+
 oc_client_install_path: "/usr/local/bin"
 oc_cmd: "{{ oc_client_install_path }}/oc"
 oadm_cmd: "{{ oc_client_install_path }}/oadm"
 kubectl_cmd: "{{ oc_client_install_path }}/kubectl"
 
+origin_image_name: docker.io/openshift/origin
+origin_image_tag: latest
 oc_host_config_dir: /var/lib/origin/openshift.local.config
 
+asb_project: ansible-service-broker
+
+
+# If you want to make changes to deploying the broker, grab a copy of the template and make local changes and update it to point to 'asb_template_url'
+# remember to use a file:// path as in:
+# asb_template_url: file:///path/to/file/deploy.yaml.j2
+asb_template_url: https://raw.githubusercontent.com/openshift/ansible-service-broker/master/templates/deploy-ansible-service-broker.template.yaml
+
+broker_registry_type: dockerhub
+broker_registry_url: docker.io
+broker_dev_broker: false
+broker_launch_apb_on_bind: false
+broker_output_request: false
+broker_recovery: true
+
+broker_tag: "latest"
+broker_image_name: docker.io/ansibleplaybookbundle/ansible-service-broker
+broker_image: "{{ broker_image_name }}:{{ broker_tag }}"
+
+
+etcd_tag: "latest"
+etcd_image_name: "quay.io/coreos/etcd"
+etcd_image: "{{ etcd_image_name }}:{{ etcd_tag }}"
+etcd_path: "/usr/local/bin/etcd"
+
+# Location where we will store the local template, note this will always attempt to fetch and overwrite from 'asb_template_url'
+# If you want to modify the template, modify 'asb_template_url'
+local_target_asb_template: /tmp/deploy-ansible-service-broker.template.yaml.local
+local_target_asb_template_processed: /tmp/deploy-ansible-service-broker.template.yaml.local.processed
+
 deploy_rds_demo_instance: true
 
 aws_sec_group_name: "{{ aws_tag_prefix }}_security_group"
@@ -104,25 +146,16 @@ remove_docker_images: false
 
 # These docker images we want to remove and fetch on each setup
 docker_images_group1:
-  - { img: "docker.io/ansibleplaybookbundle/ansible-service-broker-apb", tag: "summit" }
-  - { img: "docker.io/ansibleplaybookbundle/ansible-service-broker-asb", tag: "summit" }
-  - { img: "docker.io/ansibleplaybookbundle/ansible-service-broker-etcd", tag: "summit" }
-  - { img: "docker.io/ansibleplaybookbundle/postgresql-demo-apb", tag: "summit" }
-  - { img: "docker.io/ansibleplaybookbundle/rds-postgres-apb", tag: "summit" }
-  - { img: "manageiq/manageiq-pods", tag: "app-latest" }
-  - { img: "manageiq/manageiq-pods", tag: "memcached-latest" }
-  - { img: "manageiq/manageiq-pods", tag: "postgresql-latest" }
-  - { img: "docker.io/fabianvf/postgresql", tag: "postgis" }
+  - { img: "{{ broker_image_name }}", tag: "{{ broker_tag }}" }
+  - { img: "{{ etcd_image_name }}", tag: "{{ etcd_tag }}" }
+  - { img: "{{ svc_cat_controller_mgr_img_no_tag }}",  tag: "{{ service_catalog_tag }}" }
+  - { img: "{{ svc_cat_apiserver_img_no_tag }}", tag: "{{ service_catalog_tag }}" }
 
 # These docker images change less frequently, we are OK pulling them once and reusing
 docker_images_group2:
-  - { img: "docker.io/ansibleplaybookbundle/controller-manager", tag: "summit" }
-  - { img: "docker.io/ansibleplaybookbundle/apiserver", tag: "summit" }
-  - { img: "docker.io/centos/python-35-centos7", tag: "latest" }
-  - { img: "docker.io/centos/python-34-centos7", tag: "latest" }
-  - { img: "docker.io/centos/python-27-centos7", tag: "latest" }
-  - { img: "docker.io/ansibleplaybookbundle/origin", tag: "summit" }
-  - { img: "docker.io/ansibleplaybookbundle/origin-sti-builder", tag: "summit" }
-  - { img: "docker.io/ansibleplaybookbundle/origin-deployer", tag: "summit" }
-  - { img: "docker.io/ansibleplaybookbundle/origin-docker-registry", tag: "summit" }
-  - { img: "docker.io/ansibleplaybookbundle/origin-haproxy-router", tag: "summit" }
+  - { img: "{{ origin_image_name }}", tag: "{{ origin_image_tag }}" }
+  - { img: "{{ origin_image_name }}-sti-builder", tag: "{{ origin_image_tag }}" }
+  - { img: "{{ origin_image_name }}-deployer", tag: "{{ origin_image_tag }}" }
+  - { img: "{{ origin_image_name }}-docker-registry", tag: "{{ origin_image_tag }}" }
+  - { img: "{{ origin_image_name }}-pod", tag: "{{ origin_image_tag }}" }
+  - { img: "{{ origin_image_name }}-haproxy-router", tag: "{{ origin_image_tag }}" }

ansible/reset_environment.yml

@@ -20,13 +20,22 @@
     - name: Setting fact of security group id
       set_fact:
         my_security_group_id: "{{ hostvars.localhost.my_ec2_facts.instances[0].groups[0].id }}"
+  vars_prompt:
+    - name: dockerhub_user_name
+      prompt: "Enter your dockerhub username: "
+      private: no
+    - name: dockerhub_user_password
+      prompt: "Enter your dockerhub password: "
+      private: yes
+    - name: dockerhub_org_name
+      prompt: "Enter the dockerhub organization you'd like to pull images from: "
+      private: no
   roles:
     - { role: ssl_setup, when: use_ssl == True }
     - { role: openshift_setup, reset_cluster: True }
-    - service_catalog_setup
+    - env_hacks
     - ansible_service_broker_setup
     - demo_prep
-    - env_hacks
   post_tasks:
     - set_fact:
         msg: |
@@ -35,13 +44,11 @@
             SSH Key Name:              {{ ssh_key_name }}
             Region:                    {{ aws_region }}
             Next steps:
-            1) Visit https://apiserver-service-catalog.{{ openshift_routing_suffix }}
-            2) Accept the certificate
-            3) Visit https://{{ openshift_hostname }}:8443 for the console
-            4) Provision a RDS APB into awsdemo project
-            5) Add to the aws-demo project a Python 3.5 project based off of https://github.com/thesteve0/awsdemo.git
-            6) Click on the python project and select creating binding to the RDS APB
-            7) Redeploy the python project
+            1) Visit https://{{ openshift_hostname }}:8443 for the console
+            2) Provision a RDS APB into awsdemo project
+            3) Add to the aws-demo project a Python 3.5 project based off of https://github.com/thesteve0/awsdemo.git
+            4) Click on the python project and select creating binding to the RDS APB
+            5) Redeploy the python project
             OR
             For CLI access:
             oc login --insecure-skip-tls-verify {{ openshift_hostname }}:8443 -u {{ cluster_user }} -p {{ cluster_user_password }}

ansible/roles/ansible_service_broker_setup/defaults/main.yml

@@ -1,3 +1,13 @@
 asb_src_dir: /tmp/ansible-service-broker
 dockerhub_user_name: changeme
 dockerhub_user_password: changeme
+
+asb_registry: "ansibleplaybookbundle"
+
+broker_tag: "latest"
+broker_image_name: "{{ asb_registry }}/ansible-service-broker-apb"
+broker_image: "{{ broker_image_name }}:{{ broker_tag }}"
+
+etcd_tag: "latest"
+etcd_image_name: "{{ asb_registry }}/ansible-service-broker-etcd"
+etcd_image: "{{ etcd_image_name }}:{{ etcd_tag }}"

ansible/roles/ansible_service_broker_setup/tasks/main.yml

@@ -1,42 +1,53 @@
 ---
+  - name: Curling ansible-service-broker-all.yaml
+    get_url:
+      url: "{{ asb_template_url }}"
+      force: yes
+      dest: "{{ local_target_asb_template }}"
 
-  - name: git clone ansible-service-broker
-    git:
-      repo: https://github.com/openshift/ansible-service-broker.git
-      dest: "{{ asb_src_dir }}"
-      version: "demo"
-    register: git_clone_asb
+  - name: Setting facts for rendering ansible-service-broker-all.yaml template
+    set_fact:
+      dockerhub_pass: "{{ dockerhub_user_password }}"
+      dockerhub_user: "{{ dockerhub_user_name }}"
+      dockerhub_org: "{{ dockerhub_org_name }}"
+      openshift_pass: "{{ cluster_user_password }}"
+      openshift_user: "{{ cluster_user }}"
+      openshift_target: "{{ openshift_url }}"
 
-  - name: Install asbcli requirements
-    pip:
-      requirements: "{{ asb_src_dir }}/scripts/asbcli/requirements.txt"
-    when: git_clone_asb.changed
-    become: true
+  - name: check if the {{ asb_project }} project exists
+    shell: "{{ oc_cmd }} get project --no-headers=true | awk '{ print $1 }' | grep -E '^{{ asb_project }}( |$)' | cat"
+    register: project
 
-  - name: Docker pull ansibleplaybookbundle/ansible-service-broker-apb:summit
-    docker_image:
-      name: ansibleplaybookbundle/ansible-service-broker-apb:summit
+  - name: Create a new project for the {{ asb_project }}
+    shell: "{{ oc_cmd }} new-project {{ asb_project }}"
+    register: new_asb_project
+    when: project.stdout.find( "{{ asb_project }}" ) == -1
 
-  - name: Check if ansible-service-broker project already exists from a prior run
-    shell: "{{ oc_cmd }} get project --no-headers=true | awk '{ print $1 }' | grep -E '^ansible-service-broker( |$)' | cat"
-    register: oc_get_projects_asb
-
-  - name: Use asbcli up to install Ansible Service Broker
+  - name: Process template "{{ local_target_asb_template }}"
     shell: >
-      ./asbcli up {{ openshift_url }}
-      --cluster-user={{ cluster_user }}
-      --cluster-pass={{ cluster_user_password }}
-      --dockerhub-user={{ dockerhub_user_name }}
-      --dockerhub-pass={{ dockerhub_user_password }}
+      {{ oc_cmd }}
+      process
+      -f {{ local_target_asb_template }}
+      -n {{ asb_project }}
+      -p BROKER_IMAGE={{ broker_image }}
+      -p ETCD_IMAGE={{ etcd_image }}
+      -p ETCD_PATH={{ etcd_path }}
+      -p REGISTRY_TYPE={{ broker_registry_type }}
+      -p REGISTRY_URL={{ broker_registry_url }}
+      -p DEV_BROKER={{ broker_dev_broker }}
+      -p DOCKERHUB_ORG={{ dockerhub_org_name }}
+      -p DOCKERHUB_PASS={{ dockerhub_user_password }}
+      -p DOCKERHUB_USER={{ dockerhub_user_name }}
+      -p LAUNCH_APB_ON_BIND={{ broker_launch_apb_on_bind }}
+      -p OUTPUT_REQUEST={{ broker_output_request }}
+      -p RECOVERY={{ broker_recovery }}
+      &> {{ local_target_asb_template_processed }}
 
-    args:
-      chdir: "{{ asb_src_dir }}/scripts/asbcli"
-    retries: 2
-    register: asbcli_up
-    when: oc_get_projects_asb.stdout.find( "ansible-service-broker" ) == -1
+  - name: Running oc create on processed template
+    shell: "{{ oc_cmd }} create -f {{ local_target_asb_template_processed }}"
 
-  - name: Switch project to ansible-service-broker
-    shell: "{{ oc_cmd }} project ansible-service-broker"
+  - name: Switch project to {{ asb_project }}
+    shell: "{{ oc_cmd }} project {{ asb_project }}"
 
   - name: Waiting 10 minutes for ASB pod
     action:
@@ -63,12 +74,14 @@
   - set_fact:
       ansible_service_broker_route:  "{{ result_get_route_asb.stdout }}"
 
-  - uri:
+  - name: Trigger ASB bootstrap to load APBs
+    uri:
       url: http://{{ ansible_service_broker_route }}/v2/bootstrap
       method: POST
-    when: asbcli_up.changed
     register: response
-    failed_when: "not response.json or not response.json.SpecCount or response.json.SpecCount == 0"
+    until: response|success and response.json and response.json.spec_count is defined
+    retries: 3
+    delay: 30
 
   - name: Creating /tmp/ansible_service_broker.yaml
     template:
@@ -79,5 +92,4 @@
     register: ansible_service_broker_template
 
   - name: Create Broker resource in Service Catalog
-    shell: "{{ kubectl_cmd }} --kubeconfig={{ ansible_env.HOME }}/.kube/service-catalog.config create -f /tmp/ansible_service_broker.yaml"
-    when: asbcli_up.changed
+    shell: "{{ oc_cmd }} create -f /tmp/ansible_service_broker.yaml"

ansible/roles/demo_prep/tasks/main.yml

@@ -52,7 +52,7 @@
     shell: "{{ oc_cmd }} delete -n {{ demo_project_name }} is demoprep python-35-centos7"
 
   - name: check if the rds postgres demo instance exists
-    shell: "{{ kubectl_cmd }} --kubeconfig=/root/.kube/service-catalog.config get instance -n {{ demo_project_name }} --no-headers=true | awk '{ print $1}' | grep -E '^rds-postgres( |$)' | cat"
+    shell: "{{ oc_cmd }} get instance -n {{ demo_project_name }} --no-headers=true | awk '{ print $1}' | grep -E '^rds-postgres( |$)' | cat"
     register: rds_demo_deployment
 
   - name: create rds apb resource file
@@ -64,5 +64,5 @@
       mode: 0644
 
   - name: create rds postgres demo instance
-    shell: "{{ kubectl_cmd }} --kubeconfig=/root/.kube/service-catalog.config create -f /tmp/rds-instance.yml"
+    shell: "{{ oc_cmd }} create -f /tmp/rds-instance.yml"
     when: deploy_rds_demo_instance and rds_demo_deployment.stdout.find( "rds-postgres" ) == -1

ansible/roles/env_hacks/tasks/main.yml

@@ -8,24 +8,17 @@
   #   https://github.com/openshift/origin/issues/13496https://github.com/openshift/origin/issues/13496
   # Putting in a workaround for manually opening up the permissions
 
-  - name: wait for persistent volumes to be created
-    wait_for:
-      path: '{{ persistedvol_mount_point }}/pv{{ item }}'
-      timeout: 300
-    with_sequence: count=100 format="%004d"
-    become: true
-
-  - name: clear out persistent volumes
-    shell: |
-      for dir in `ls {{ persistedvol_mount_point }}/ | grep pv`; do
-        rm -rf {{ persistedvol_mount_point}}/$dir/* ; done
-    when: persistedvol_mount_point != "/"
-    become: true
+  - name: Waiting 10 minutes for 'persistent-volume-setup' pod to complete to create PVs
+    action:
+      shell "{{ oc_cmd }}" get pods -n default | grep ^persistent-volume-setup | grep Completed
+    register: wait_for_pv_setup_pod
+    until: wait_for_pv_setup_pod.rc == 0
+    retries: 60
+    delay: 10
 
   - name: Adjust persistent volume permissions to be 777 to make testing easier
     file:
       path: "{{ persistedvol_mount_point }}"
       mode: 0777
       recurse: true
     become: true
-

ansible/roles/openshift_setup/defaults/main.yml

@@ -1,3 +1,7 @@
 reset_cluster: False
-openshift_client_release_ver: openshift-origin-client-tools-v3.6.0-alpha.1-46942ad
+openshift_release_url: https://github.com/openshift/origin/releases/download/v3.6.0-alpha.2
+openshift_client_release_ver: openshift-origin-client-tools-v3.6.0-alpha.2-3c221d5
 oc_tools_dir: /usr/local/bin
+
+# Temporary fix until release version of oc client works with latest images.
+openshift_client_url: https://s3.amazonaws.com/catasb/linux/amd64/oc