[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: error querying AWS EBS volume from 'oc create'



Hello,

you have to provide a token. Without it, you're requesting as an anonymous user:
"If no access token or certificate is presented, the authentication layer assigns the system:anonymous virtual user and the system:unauthenticated virtual group to the request. "


These links could be helpful:

https://docs.openshift.com/enterprise/3.2/architecture/additional_concepts/authentication.html#api-authentication
https://docs.openshift.com/container-platform/latest/rest_api/index.html#rest-api-examples




2017-03-24 19:19 GMT+01:00 David VOGEL <David Vogel raytheon com>:

I’m unable to create a persistent volume because the API fails (403) trying to list the AWS EBS volumes attached to my EC2 host.

 

I’ve installed Openshift Origin 1.5.0 on an EC2 host that has an attached EBS volume. I’m running an all-in-one instance.

 

In the oc cli logged in in as system:admin

 

I can query the top-level of the restful apis with curl, so CURL_CA_BUNDLE is set correctly:

 

            curl -k -v -XGET -H “Accept: application/json, */*" -H “User-Agent: oc/v1.5.0 openshift/cf6a722” https://<ip>:8443/oapi/v1

and https://<ip>:8443/api/v1

 

But I fail when trying to list resources e.g.: http://<ip>:8443/api/v1/persistentvolumes  or policybindings

 

When I try to create a persistent volume with ‘oc create -f aws-pv.yaml’  the failure occurs in Kubernetes code trying to retrieve EBS volumes using an AWS SDK call to a function named like describe-volumes.

 

I successfully list AWS EBS volumes on my EC2 host using the AWS cli:  aws ec2 describe-volumes

AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY environment variables are set. 

 

Here’s the relevant section of the log generate by my ‘oc create’ call:

 

I0324 08:23:17.827082   17537 round_trippers.go:299] curl -k -v -XPOST  -H "Accept: application/json" -H "Content-Type: application/json" -H "User-Agent: oc/v1.4.0+776c994 (linux/amd64) kubernetes/a9e9cf3" https://10.3.1.55:8443/api/v1/persistentvolumes 

I0324 08:23:17.865710   17537 round_trippers.go:318] POST https://10.3.1.55:8443/api/v1/persistentvolumes 403 Forbidden in 38 milliseconds 

I0324 08:23:17.865728   17537 round_trippers.go:324] Response Headers: 

I0324 08:23:17.865738   17537 round_trippers.go:327]     Date: Fri, 24 Mar 2017 15:23:17 GMT 

I0324 08:23:17.865745   17537 round_trippers.go:327]     Content-Length: 435 

I0324 08:23:17.865750   17537 round_trippers.go:327]     Cache-Control: no-store 

I0324 08:23:17.865754   17537 round_trippers.go:327]     Content-Type: application/json 

I0324 08:23:17.865805   17537 request.go:908] Response Body: {"kind":"Status","apiVersion":"v1","metadata":{},"status":"Failure","message":"persistentvolumes \"pv0001\" is forbidden: error querying AWS EBS volume vol-05dffe55de3ac725db: error querying ec2 for volume info: error listing AWS volumes: UnauthorizedOperation: You are not authorized to perform this operation.\n\tstatus code: 403, request id:","reason":"Forbidden","details":{"name":"pv0001","kind":"persistentvolumes"},"code":403} 

I0324 08:23:17.866030   17537 helpers.go:199] server response object: [{ 

  "kind": "Status", 

  "apiVersion": "v1", 

  "metadata": {}, 

  "status": "Failure", 

  "message": "error when creating \"aws-persistent-volume.yaml\": persistentvolumes \"pv0001\" is forbidden: error querying AWS EBS volume vol-05dffe55de3ac725db: error querying ec2 for volume info: error listing AWS volumes: UnauthorizedOperation: You are not authorize\d to perform this operation.\n\tstatus code: 403, request id: ", 

  "reason": "Forbidden", 

  "details": { 

    "name": "pv0001", 

    "kind": "persistentvolumes" 

  }, 

  "code": 403 

}] 



               Thanks in advance,

               David Vogel

 


_______________________________________________
users mailing list
users lists openshift redhat com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users




--
Slava Semushin | OpenShift

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]