[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: cannot get policybindings Error



Thanks, this is very useful. I'm almost there...

Usage for the oc login command says:

Usage:
  oc login [URL] [options]

Examples:
  # Log in interactively
  $ oc login

  # Log in to the given server with the given certificate authority file
  $ oc login localhost:8443 --certificate-authority=/path/to/cert.crt

  # Log in to the given server with the given credentials (will not prompt interactively)
  $ oc login localhost:8443 --username=myuser --password=mypass

Options:
  -p, --password='': Password, will prompt if not provided
  -u, --username='': Username, will prompt if not provided
      --certificate-authority='': Path to a cert. file for the certificate authority.

So I tried:

[root openshift-test admin]# ./oc login localhost:8443 --certificate-authority=./openshift.local.config/master/admin.crt
The server uses a certificate signed by an unknown authority.
You can bypass the certificate check, but any data you send to the server could be intercepted by others.
Use insecure connections? (y/n): y

Authentication required for https://localhost:8443 (openshift)
Username:

(I tried various other permutations as well...)
-> this doesn't seem to work as the login utility will always ask me for a username and password, ignoring the certificate information that I'm passing on the command line



On 07 Jan 2016, at 17:36, Jordan Liggitt <jliggitt redhat com> wrote:

You didn't actually log in as "system:admin", you logged in as the user "system", with the password "admin".

`oc login -u system:admin` should use certificate-based credentials already present in your kubeconfig file. If you get prompted for a password, it means you are not using the admin.kubeconfig file containing the cluster admin credentials.



On Thu, Jan 7, 2016 at 11:18 AM, Candide Kemmler <candide intrinsic world> wrote:
Hi Jordan,

That makes sense. Didn't know about the system:admin user. However having just logged in with that user, I'm still having issues:

[root openshift-test admin]# ./oadm policy add-cluster-role-to-user cluster-admin admin
Error from server: User "system" cannot get clusterpolicybindings at the cluster scope

Also, as I am trying to follow instructions (on how to install fabric8 on OpenShift) given here, I'm also getting problems:

[root openshift-test admin]# ./oadm router --create --credentials=/var/lib/openshift/openshift.local.config/master/openshift-router.kubeconfigerror: can't check for existing router "router": User "system" cannot get services in project "default"

Cheers,

Candide

On 07 Jan 2016, at 17:08, Jordan Liggitt <jliggitt redhat com> wrote:

It looks like you are trying to grant a role to yourself, which is disallowed because it is an escalation.

First log in as a user that has cluster-admin permissions. Typically, that is done like `oc login -u system:admin`

On Thu, Jan 7, 2016 at 10:46 AM, Candide Kemmler <candide intrinsic world> wrote:
Hi,

I'm having issues trying to add a role to the admin user. When running the following command:

./oadm policy add-cluster-role-to-user cluster-admin admin

I'm getting

Error from server: User "admin" cannot get clusterpolicybindings at the cluster scope

What am I doing wrong?

Candide

_______________________________________________
users mailing list
users lists openshift redhat com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]