Skip to content
This repository has been archived by the owner on Apr 19, 2023. It is now read-only.

enmasse messageuser resource not created during installation #674

Open
secondsun opened this issue Jun 3, 2019 · 10 comments
Open

enmasse messageuser resource not created during installation #674

secondsun opened this issue Jun 3, 2019 · 10 comments

Comments

@secondsun
Copy link
Contributor

secondsun commented Jun 3, 2019
edited

Description

The messaginguser custom resource type is not created when you install from master.

Expected Behavior

When enmasse is installed, there should be a api-resource "Messagingusers" created in the cluster.

Actual Behavior

In 1.3 this resource is created, in master and 1.4 rc9 it is not.

Environment

RHPDS Openshift workshop cluster with integr8ly installation from master.

Steps to reproduce

Install integr8ly from master on RPHDS's Openshift workshop cluster.
run oc api-resources and not that there is not a messageusers resource
@odra
Copy link
Contributor

odra commented Jun 3, 2019

Opened an issue in enmasse repo: EnMasseProject/enmasse#2869

@maleck13
Copy link
Contributor

maleck13 commented Jun 4, 2019

Do we know what the impact of this is? Does it effect the usage of AMQ Online 1.1?

@secondsun
Copy link
Contributor Author

To use enmasse/AMQ-Online you create addresses and address spaces secured by a message user. Without the messageuser api-resource we can't create the message user instances.

At least that's my understanding.

@maleck13
Copy link
Contributor

maleck13 commented Jun 4, 2019

Hmm ok so wondering how the walkthrough can work (as it clearly must have during testing).

@secondsun
Copy link
Contributor Author

Either a) the tests don't test this use case or b) since this was created before but stopped being created in the recent rc's we haven't hit it yet.

@secondsun
Copy link
Contributor Author

or c) something has changed that I'm not aware of

@secondsun
Copy link
Contributor Author

When I deploy the workshop in RHPDS the messaginguser resource is there to be used. However when I run the installer with 1.4rc9 it isn't there. If the testing is upgrading from 1.3 to 1.4rcX then the resource will still be there as it isn't removed
Which would also explain why tests pass.

@secondsun
Copy link
Contributor Author

@maleck13 So these resources still aren't being provisioned in the 1.4.0.

They don't affect the workshops because I don't think the workshops use them. However they are used by enmasse for controlling access to queues. Have message users been replaced with another mechanism or are all queues accessible to anything on the cluster?

@darahayes
Copy link
Contributor

darahayes commented Jun 13, 2019
edited

Do we know what the impact of this is? Does it effect the usage of AMQ Online 1.1?

Just to add to @secondsun's answer the impact of this is that it's not possible to create users using the approach recommended by enmasse and AMQ Online documentation.

My understanding is that by default, you cannot connect to a queue and consume messages without a user.

I'm not sure how the walkthrough creates the user but I'm thinking it's done through the service catalog -> Goes to the AMQ service-broker -> Perhaps that makes some direct API call to the AMQ api-server?

My suspicion is that the walkthrough and the tests are relying on creating the resources using the service catalog route which possibly circumvents the need for the appropriate API resources to be defined and that's why it wasn't caught in the tests.

Potential work around

Create an address space in your desired namespace using the service catalog.

I've just tested this in a 1.4 cluster and it works. This workaround has some problems that leaves AMQ Online on Integreatly unusable for any real world applications though.

  • Using the service catalog is not documented by enmasse or AMQ Online which leads me to believe they don't recommend it.
  • These offerings from the service catalog create a single address space with a fixed plan, A single queue with a fixed plan and a single user with fixed permissions.
  • When using the service catalog to create those resources in AMQ, their corresponding API Resources are never created in OpenShift. Using API resources is the most complete and most documented approach by which you configure enmasse / AMQ Online. For example, you cannot create users in the AMQ Online web console.
  • I cannot see a clear way to add users, to change their permissions or to configure address spaces and addresses appropriately (e.g. sizes, limits, addressplans) to suit the needs of a specific application if I use the service catalog. Basically you get a totally static config.

Potential Next Steps

  • Build a deeper understanding of the differences between creating AMQ resources via the service catalog and via the API Resources provided by Enmasse.
  • Find where/how those API resources are added.

With the end goal being:

  • Try to identify was this introduced by an update to the integreatly installer or by an update to AMQ Online installer.

@maleck13
Copy link
Contributor

I have created a JIra to track https://issues.jboss.org/browse/INTLY-2490

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@maleck13 @odra @secondsun @darahayes