[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Dynamic storage - openshift origin 3.6 with AWS as cloudprovider



Thanks for pointing it out. 

So in the file: 

$> cat origin-master-controllers
OPTIONS=--loglevel=2 --listen=https://0.0.0.0:8444
CONFIG_FILE=/etc/origin/master/master-config.yaml
OPENSHIFT_DEFAULT_REGISTRY=docker-registry.default.svc:5000

AWS_ACCESS_KEY_ID=
AWS_SECRET_ACCESS_KEY=

# Proxy configuration
# See https://docs.openshift.com/enterprise/latest/install_config/install/advanced_install.html#configuring-global-proxy

Is my understanding incorrect that during install, if i provided key/secret key as environment variables, those values will not be captured here? Do i need to hardcode the key/secretkey here and restart master service?



On Wed, Nov 15, 2017 at 8:11 PM, Hemant Kumar <hekumar redhat com> wrote:
The AWS access key and secret key should be accessible to openshift controller manager [usually] via environment variables. Can you double check if - /etc/sysconfig/atomic-openshift-* has those keys and secrets listed?

If inventory and openshift-ansible had access to those keys during cluster creation then those keys should be correctly placed in /etc/sysconfig/atomic-openshift-* files.





On Wed, Nov 15, 2017 at 9:17 AM, Md Faizan Ali <mdfaizanali82 gmail com> wrote:
I am running openshift origin 3.6 ( kube v1.6.1+5115d708d7) in AWS. Ansible inventory contains cloud provider configuration and I can see the config files on the master nodes. 


       # From inventory
       # AWS
       openshift_cloudprovider_kind=aws
       openshift_cloudprovider_aws_access_key="{{ lookup('env','AWS_ACCESS_KEY_ID') }}"
       openshift_cloudprovider_aws_secret_key="{{ lookup('env','AWS_SECRET_ACCESS_KEY') }}"

I have also provisioned a storageclass 
                                   
       # oc get storageclass
       NAME             TYPE
       fast (default)   kubernetes.io/aws-ebs
However, when i try to create a pvc:

        kind: "PersistentVolumeClaim"
        apiVersion: "v1"
        metadata:
          name: "testclaim"
          namespace: testns
        spec:
          accessModes:
            - "ReadWriteOnce"
          resources:
            requests:
              storage: "3Gi"
          storageClassName: fast
It just goes in infinite loop trying to get the pvc created. Events show me this error:

       (combined from similar events): Failed to provision volume with StorageClass "fast": UnauthorizedOperation: You are not authorized to perform this operation. Encoded authorization failure message: $(encoded-message) status code: 403, request id: d0742e84-a2e1-4bfd-b642-c6f1a61ddc1b

Unfortunately I cannot decode the encoded message using aws cli as it gives error. 

       aws sts decode-authorization-message -–encoded-message $(encoded-message) 
       Error: UnicodeWarning: Unicode equal comparison failed to convert both arguments to Unicode - interpreting them as being unequal

I have now also tried pv+pvc and using that in a pod. Everything gets created and I can see the claim. However when I try to mount it, I see similar errors with permission denied. Any pointers please.



So far I have been able to deploy pods, services etc and they seem to be working fine. 

_______________________________________________
users mailing list
users lists openshift redhat com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]