[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: User "admin" cannot get securitycontextconstraints at the cluster scope



Hi Graham!


On Thu, Aug 2, 2018 at 10:11 PM, Graham Dumpleton <gdumplet redhat com> wrote:
For Minishift I believe you can run:

    oc adm policy add-scc-to-user anyuid -z default -n tomcat8 --as system:admin

So use user impersonation to run as system:admin.


Thanks, that worked, though I had to break it into two steps as it didn't seem to take effect with "--as system:admin":

```
bash-3.2$  oc login -u system:admin
Logged into "https://192.168.99.101:8443" as "system:admin" using existing credentials.

You have access to the following projects and can switch between them with 'oc project <projectname>':

  * default
    insultapp
    kube-public
    kube-system
    myproject
    openshift
    openshift-infra
    openshift-node
    openshift-web-console
    parksapp
    tomcat8
    wfproject

Using project "default".
bash-3.2$ oc adm policy add-scc-to-user anyuid -z default -n tomcat8
```



 
> On 2 Aug 2018, at 6:46 pm, Clayton Coleman <ccoleman redhat com> wrote:
>
> User “admin” (that’s the user name) must be given real admin
> privileges to perform that action, which the error is telling you you
> don’t have.
>
> You must run as a cluster admin or other highly privileged user in
> order to modify the security rules.  The only user that has that by
> default is the system:admin user the initial install creates.
>
>> On Aug 1, 2018, at 9:15 PM, Traiano Welcome <traiano gmail com> wrote:
>>
>> Hi
>>
>> I was working through the O'Reilly book "OpenShift for developers" but the example on page 75, where tomcat8 is run fails:
>>
>> - The container remains in crashloop backoff
>> - The logs show the container is having permission issues:
>>
>> ----
>> Aug 02, 2018 1:03:47 AM org.apache.catalina.startup.Catalina load
>> WARNING: Unable to load server configuration from [/usr/local/tomcat/conf/server.xml]
>> Aug 02, 2018 1:03:47 AM org.apache.catalina.startup.Catalina load
>> WARNING: Permissions incorrect, read permission is not allowed on the file.
>> Aug 02, 2018 1:03:47 AM org.apache.catalina.startup.Catalina start
>> SEVERE: Cannot start server. Server instance is not configured.
>> ----
>>
>> - This appears to be due to openshift/minishift not allowing containers to run as root
>> - I try installing the anyuid addon and running this command:
>> - oc adm policy add-scc-to-user anyuid -z default -n tomcat8
>> - However it fails with this error despite the anyuid addon being applied:
>>
>> ----
>> Error from server (Forbidden): securitycontextconstraints "anyuid" is forbidden: User "admin" cannot get securitycontextconstraints at the cluster scope: User "admin" cannot get securitycontextconstraints at the cluster scope
>> ----
>>
>>
>> How do I fix this?
>>
>> Thanks in advance,
>> Traiano
>>
>> _______________________________________________
>> users mailing list
>> users lists openshift redhat com
>> http://lists.openshift.redhat.com/openshiftmm/listinfo/users
>
> _______________________________________________
> users mailing list
> users lists openshift redhat com
> http://lists.openshift.redhat.com/openshiftmm/listinfo/users



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]