×

The OpenShift Ansible Broker is deprecated in OpenShift Container Platform 4. Equivalent and better functionality is present in the Operator Framework and Operator Lifecycle Manager (OLM).

Configuring the OpenShift Ansible Broker

The following procedure customizes the settings for your OpenShift Ansible Broker.

Prerequisites
  • You have installed and started the OpenShift Ansible Broker.

Procedure

This procedure assumes that you used ansible-service-broker both as the OpenShift Ansible Broker name and the project that it was installed into.

  1. Navigate in the web console to CatalogInstalled Operators and select the ansible-service-broker project.

  2. Select the OpenShift Ansible Service Broker Operator.

  3. On the Automation Broker tab, select ansible-service-broker.

  4. On the YAML tab, add or update any OpenShift Ansible Broker configuration options under the spec field.

    For example:

    spec:
      keepNamespace: true
      sandboxRole: edit
  5. Click Save to apply these changes.

OpenShift Ansible Broker configuration options

You can set the following options for your OpenShift Ansible Broker.

Table 1. OpenShift Ansible Broker configuration options
YAML key Description Default value

brokerName

The name used to identify the broker instance.

ansible-service-broker

brokerNamespace

The namespace where the broker resides.

openshift-ansible-service-broker

brokerImage

The fully qualified image used for the broker.

docker.io/ansibleplaybookbundle/origin-ansible-service-broker:v4.0

brokerImagePullPolicy

The pull policy used for the broker image itself.

IfNotPresent

brokerNodeSelector

The node selector string used for the broker’s deployment.

''

registries

Expressed as a yaml list of broker registry configs, allowing the user to configure the image registries the broker will discover and source its APBs from.

logLevel

The log level used for the broker’s logs.

info

apbPullPolicy

The pull policy used for APB Pods.

IfNotPresent

sandboxRole

The role granted to the service account used to execute APBs.

edit

keepNamespace

Whether the transient namespace created to run the APB is deleted after the conclusion of the APB, regardless of the result.

false

keepNamespaceOnError

Whether the transient namespace created to run the APB is deleted after the conclusion of the APB, only in the event of an error result.

false

bootstrapOnStartup

Whether or not the broker should run its bootstrap routine on startup.

true

refreshInterval

The interval of time between broker bootstraps, refreshing its inventory of APBs.

600s

launchApbOnBind

Experimental: Toggles the broker executing APBs on bind operations.

false

autoEscalate

Whether the broker should escalate the permissions of a user while running the APB. This should typically remain false since the broker performs originating user authorization to ensure that the user has permissions granted to the APB sandbox.

false

outputRequest

Whether to output the low level HTTP requests that the broker receives.

false

Default array for registries
- type: rhcc
  name: rhcc
  url: https://registry.redhat.io
  white_list:
  - ".*-apb$"
  auth_type: secret
  auth_name: asb-registry-auth

Configuring monitoring for the OpenShift Ansible Broker

In order for Prometheus to monitor the OpenShift Ansible Broker, you must create the following resources to grant Prometheus permission to access the namespace where the OpenShift Ansible Broker was installed.

Prerequisites
  • The OpenShift Ansible Broker is installed.

    This procedure assumes that you installed the OpenShift Ansible Broker into the openshift-ansible-service-broker namespace.

Procedure
  1. Create the role.

    1. Navigate to AdministrationRoles and click Create Role.

    2. Replace the YAML in the editor with the following:

      apiVersion: rbac.authorization.k8s.io/v1
      kind: Role
      metadata:
        name: prometheus-k8s
        namespace: openshift-ansible-service-broker
      rules:
      - apiGroups:
        - ""
        resources:
        - services
        - endpoints
        - pods
        verbs:
        - get
        - list
        - watch
    3. Click Create.

  2. Create the role binding.

    1. Navigate to AdministrationRole Bindings and click Create Binding.

    2. For the Binding Type, select Namespace Role Binding (RoleBinding).

    3. For the Role Binding, enter prometheus-k8s in the Name field and openshift-ansible-service-broker in the Namespace field.

    4. For the Role, select prometheus-k8s.

    5. For the Subject, choose the Service Account option, select the openshift-monitoring namespace, and enter prometheus-k8s in the Subject Name field.

    6. Click Create.

Prometheus will now have access to OpenShift Ansible Broker metrics.