[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: User "admin" cannot get securitycontextconstraints at the cluster scope



For Minishift I believe you can run:

    oc adm policy add-scc-to-user anyuid -z default -n tomcat8 --as system:admin

So use user impersonation to run as system:admin.

> On 2 Aug 2018, at 6:46 pm, Clayton Coleman <ccoleman redhat com> wrote:
> 
> User “admin” (that’s the user name) must be given real admin
> privileges to perform that action, which the error is telling you you
> don’t have.
> 
> You must run as a cluster admin or other highly privileged user in
> order to modify the security rules.  The only user that has that by
> default is the system:admin user the initial install creates.
> 
>> On Aug 1, 2018, at 9:15 PM, Traiano Welcome <traiano gmail com> wrote:
>> 
>> Hi
>> 
>> I was working through the O'Reilly book "OpenShift for developers" but the example on page 75, where tomcat8 is run fails:
>> 
>> - The container remains in crashloop backoff
>> - The logs show the container is having permission issues:
>> 
>> ----
>> Aug 02, 2018 1:03:47 AM org.apache.catalina.startup.Catalina load
>> WARNING: Unable to load server configuration from [/usr/local/tomcat/conf/server.xml]
>> Aug 02, 2018 1:03:47 AM org.apache.catalina.startup.Catalina load
>> WARNING: Permissions incorrect, read permission is not allowed on the file.
>> Aug 02, 2018 1:03:47 AM org.apache.catalina.startup.Catalina start
>> SEVERE: Cannot start server. Server instance is not configured.
>> ----
>> 
>> - This appears to be due to openshift/minishift not allowing containers to run as root
>> - I try installing the anyuid addon and running this command:
>> - oc adm policy add-scc-to-user anyuid -z default -n tomcat8
>> - However it fails with this error despite the anyuid addon being applied:
>> 
>> ----
>> Error from server (Forbidden): securitycontextconstraints "anyuid" is forbidden: User "admin" cannot get securitycontextconstraints at the cluster scope: User "admin" cannot get securitycontextconstraints at the cluster scope
>> ----
>> 
>> 
>> How do I fix this?
>> 
>> Thanks in advance,
>> Traiano
>> 
>> _______________________________________________
>> users mailing list
>> users lists openshift redhat com
>> http://lists.openshift.redhat.com/openshiftmm/listinfo/users
> 
> _______________________________________________
> users mailing list
> users lists openshift redhat com
> http://lists.openshift.redhat.com/openshiftmm/listinfo/users



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]