[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: role bindings incorrect after ose 3.2.0 upgrade



----- On Jun 1, 2016, at 10:01 AM, Jordan Liggitt <jliggitt redhat com> wrote:
No, the source build strategy permissions moved from the admin/edit roles into their own specific roles.

Automatic role reconciliation on upgrade should be additive only, which would have left the source build permissions previously defined in the admin/edit roles:
$ oadm policy reconcile-cluster-roles --additive- --confirm
Thanks for the response. Actually, I had already reconciled the cluster ROLES as above, but I still did not have permissions to do source builds.

I then (contrary to current docs) reconciled the cluster role BINDINGS like this:

$ oadm policy reconcile-cluster-role-bindings \
> --exclude-groups=system:unauthenticated \
> --exclude-users=system:anonymous \
> --additive- \
> --confirm
clusterrolebinding/self-provisioners
clusterrolebinding/system:build-strategy-docker-binding
clusterrolebinding/system:build-strategy-custom-binding
clusterrolebinding/system:build-strategy-source-binding

After that I can once again perform source builds.

My scratchpad
 http://guifreelife.com/blog/2016/05/17/OpenShift-Enterprise-Upgrade-3.1-to-3.2#update-cluster-policies-and-roles






On Wed, Jun 1, 2016 at 12:16 PM, Dale Bewley <dale bewley net> wrote:

After upgrading to OSE 3.2.0 developers can no longer use the source build strategy.

I used the playbook to upgrade and now I'm trying to reconcile the policy role bindings per:

https://docs.openshift.com/enterprise/3.2/install_config/upgrading/manual_upgrades.html#updating-policy-definitions

Is it because the docs:

 $ oadm policy reconcile-cluster-role-bindings \
    --exclude-groups=system:authenticated \
    --exclude-groups=system:authenticated:oauth \
    --exclude-groups=system:unauthenticated \
    --exclude-users=system:anonymous \
    --additive- \
    --confirm

Should actually be:

 $ oadm policy reconcile-cluster-role-bindings \
    --exclude-groups=system:unauthenticated \
    --exclude-users=system:anonymous \
    --additive- \
    --confirm

_______________________________________________
users mailing list
users lists openshift redhat com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]