registry:
- name: rhcc
type: rhcc
url: https://registry.redhat.io
auth_type: secret
auth_name: asb-registry-auth
You can install the OpenShift Ansible Broker to gain access to the service bundles that it provides.
The OpenShift Ansible Broker is deprecated in OpenShift Container Platform 4. Equivalent and better functionality is present in the Operator Framework and Operator Lifecycle Manager (OLM). |
The OpenShift Ansible Broker is an implementation of the Open Service Broker (OSB) API that manages applications defined by Ansible playbook bundles (APBs). APBs provide a method for defining and distributing container applications in OpenShift Container Platform, and consist of a bundle of Ansible playbooks built into a container image with an Ansible runtime. APBs leverage Ansible to create a standard mechanism to automate complex deployments.
The OpenShift Ansible Broker follows this basic workflow:
A user requests the list of available applications from the service catalog using the OpenShift Container Platform web console.
The service catalog requests the list of available applications from the OpenShift Ansible Broker.
The OpenShift Ansible Broker communicates with a defined container image registry to learn which APBs are available.
The user issues a request to provision a specific APB.
The OpenShift Ansible Broker fulfills the user’s provision request by invoking the provision method on the APB.
The OpenShift Ansible Broker is not installed by default in OpenShift Container Platform 4.
An Ansible playbook bundle (APB) is a lightweight application definition that allows you to leverage existing investment in Ansible roles and playbooks.
APBs use a simple directory with named playbooks to perform OSB API actions,
such as provision and bind. Metadata defined in the apb.yml
file contains a
list of required and optional parameters for use during deployment.
You have installed the service catalog.
The following procedure installs the OpenShift Ansible Service Broker Operator using the web console.
Create a namespace.
Navigate in the web console to Administration → Namespaces and click Create Namespace.
Enter openshift-ansible-service-broker
in the Name field and openshift.io/cluster-monitoring=true
in the Labels field and click Create.
The namespace must start with openshift- .
|
Create a cluster role binding.
Navigate to Administration → Role Bindings and click Create Binding.
For the Binding Type, select Cluster-wide Role Binding (ClusterRoleBinding).
For the Role Binding, enter ansible-service-broker
in the Name field.
For the Role, select admin.
For the Subject, choose the Service Account option, select the
openshift-ansible-service-broker
namespace, and enter openshift-ansible-service-broker-operator
in the
Subject Name field.
Click Create.
Create a secret to connect to the Red Hat Container Catalog.
Navigate to Workloads → Secrets. Verify that the openshift-ansible-service-broker
project is selected.
Click Create → Key/Value Secret.
Enter asb-registry-auth
as the Secret Name.
Add a Key of username
and a Value of your Red Hat Container Catalog user name.
Click Add Key/Value and add a Key of password
and a Value of your Red Hat Container Catalog password.
Click Create.
Navigate to the Catalog → OperatorHub page. Verify that the openshift-ansible-service-broker
project is selected.
Select OpenShift Ansible Service Broker Operator.
Read the information about the Operator and click Install.
Review the default selections and click Subscribe.
Next, you must start the OpenShift Ansible Broker in order to access the service bundles it provides.
After you have installed the OpenShift Ansible Service Broker Operator, you can start the OpenShift Ansible Broker using the following procedure.
You have installed the service catalog.
You have installed the OpenShift Ansible Service Broker Operator.
Navigate in the web console to Catalog → Installed Operators and select the openshift-ansible-service-broker
project.
Select the OpenShift Ansible Service Broker Operator.
Under Provided APIs, click Create New for Automation Broker.
Add the following to the spec
field in the default YAML provided:
registry:
- name: rhcc
type: rhcc
url: https://registry.redhat.io
auth_type: secret
auth_name: asb-registry-auth
This references the secret that was created when installing the OpenShift Ansible Service Broker Operator, which allows you to connect to the Red Hat Container Catalog.
Set any additional OpenShift Ansible Broker configuration options and click Create.
Verify that the OpenShift Ansible Broker has started.
After the OpenShift Ansible Broker has started, you can view the available service bundles by navigating to Catalog → Developer Catalog and selecting the Service Class checkbox. Note that it may take a few minutes for the OpenShift Ansible Broker to start and the service bundles to be available.
If you do not yet see these Service classes, you can check the status of the following items:
OpenShift Ansible Broker Pod status
From the Workloads → Pods page for the openshift-ansible-service-broker project,
verify that the Pod that starts with asb-
has a status of Running and
readiness of Ready.
Cluster service broker status
From the Catalog → Broker Management → Service Brokers page, verify that the ansible-service-broker service broker has a status of Ready.
Service catalog controller manager Pod logs
From the Workloads → Pods page for the
openshift-service-catalog-controller-manager project, review the logs for
each of the Pods and verify that you see a log entry with the message
Successfully fetched catalog entries from broker
.
You can set the following options for your OpenShift Ansible Broker.
YAML key | Description | Default value |
---|---|---|
|
The name used to identify the broker instance. |
|
|
The namespace where the broker resides. |
|
|
The fully qualified image used for the broker. |
|
|
The pull policy used for the broker image itself. |
|
|
The node selector string used for the broker’s deployment. |
|
|
Expressed as a yaml list of broker registry configs, allowing the user to configure the image registries the broker will discover and source its APBs from. |
See the default registries array. |
|
The log level used for the broker’s logs. |
|
|
The pull policy used for APB Pods. |
|
|
The role granted to the service account used to execute APBs. |
|
|
Whether the transient namespace created to run the APB is deleted after the conclusion of the APB, regardless of the result. |
|
|
Whether the transient namespace created to run the APB is deleted after the conclusion of the APB, only in the event of an error result. |
|
|
Whether or not the broker should run its bootstrap routine on startup. |
|
|
The interval of time between broker bootstraps, refreshing its inventory of APBs. |
|
|
Experimental: Toggles the broker executing APBs on bind operations. |
|
|
Whether the broker should escalate the permissions of a user while running the APB. This should typically remain |
|
|
Whether to output the low level HTTP requests that the broker receives. |
|
registries
- type: rhcc
name: rhcc
url: https://registry.redhat.io
white_list:
- ".*-apb$"
auth_type: secret
auth_name: asb-registry-auth