[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Dynamic storage - openshift origin 3.6 with AWS as cloudprovider



Have you tried hardcoding key and secret in inventory file rather than having it look up from environment variable? 

On Wed, Nov 15, 2017 at 10:20 AM, Md Faizan Ali <mdfaizanali82 gmail com> wrote:
Thanks for pointing it out. 

So in the file: 

$> cat origin-master-controllers
OPTIONS=--loglevel=2 --listen=https://0.0.0.0:8444
CONFIG_FILE=/etc/origin/master/master-config.yaml
OPENSHIFT_DEFAULT_REGISTRY=docker-registry.default.svc:5000

AWS_ACCESS_KEY_ID=
AWS_SECRET_ACCESS_KEY=

# Proxy configuration

Is my understanding incorrect that during install, if i provided key/secret key as environment variables, those values will not be captured here? Do i need to hardcode the key/secretkey here and restart master service?



On Wed, Nov 15, 2017 at 8:11 PM, Hemant Kumar <hekumar redhat com> wrote:
The AWS access key and secret key should be accessible to openshift controller manager [usually] via environment variables. Can you double check if - /etc/sysconfig/atomic-openshift-* has those keys and secrets listed?

If inventory and openshift-ansible had access to those keys during cluster creation then those keys should be correctly placed in /etc/sysconfig/atomic-openshift-* files.





On Wed, Nov 15, 2017 at 9:17 AM, Md Faizan Ali <mdfaizanali82 gmail com> wrote:
I am running openshift origin 3.6 ( kube v1.6.1+5115d708d7) in AWS. Ansible inventory contains cloud provider configuration and I can see the config files on the master nodes. 


       # From inventory
       # AWS
       openshift_cloudprovider_kind=aws
       openshift_cloudprovider_aws_access_key="{{ lookup('env','AWS_ACCESS_KEY_ID') }}"
       openshift_cloudprovider_aws_secret_key="{{ lookup('env','AWS_SECRET_ACCESS_KEY') }}"

I have also provisioned a storageclass 
                                   
       # oc get storageclass
       NAME             TYPE
       fast (default)   kubernetes.io/aws-ebs
However, when i try to create a pvc:

        kind: "PersistentVolumeClaim"
        apiVersion: "v1"
        metadata:
          name: "testclaim"
          namespace: testns
        spec:
          accessModes:
            - "ReadWriteOnce"
          resources:
            requests:
              storage: "3Gi"
          storageClassName: fast
It just goes in infinite loop trying to get the pvc created. Events show me this error:

       (combined from similar events): Failed to provision volume with StorageClass "fast": UnauthorizedOperation: You are not authorized to perform this operation. Encoded authorization failure message: $(encoded-message) status code: 403, request id: d0742e84-a2e1-4bfd-b642-c6f1a61ddc1b

Unfortunately I cannot decode the encoded message using aws cli as it gives error. 

       aws sts decode-authorization-message -–encoded-message $(encoded-message) 
       Error: UnicodeWarning: Unicode equal comparison failed to convert both arguments to Unicode - interpreting them as being unequal

I have now also tried pv+pvc and using that in a pod. Everything gets created and I can see the claim. However when I try to mount it, I see similar errors with permission denied. Any pointers please.



So far I have been able to deploy pods, services etc and they seem to be working fine. 

_______________________________________________
users mailing list
users lists openshift redhat com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]