[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Azure install not spinning up workers?



Seeing no responded here, I dug into the must-gather - I think I found
the root of the problem, but I was unsure how to fix it (but am now,
see below - just sending this email for posterity's sake in the event
someone runs into a similar issue.

2019-10-07T22:41:57.21894Z time="2019-10-07T22:41:57Z" level=error
msg="error syncing creds in mint-mode" actuator=azure
cr=openshift-cloud-credential-operator/openshift-image-registry-azure
error="unable to list AAD applications:
graphrbac.ApplicationsClient#List: Failure responding to request:
StatusCode=403 -- Original Error: autorest/azure: Service returned an
error. Status=403 Code=\"Unknown\" Message=\"Unknown service error\"
Details=[{\"odata.error\":{\"code\":\"Authorization_RequestDenied\",\"date\":\"2019-10-07T22:41:57\",\"message\":{\"lang\":\"en\",\"value\":\"Insufficient
privileges to complete the
operation.\"},\"requestId\":\"0db2a025-037b-4dbb-9e34-ae51fa7a8c7e\"}}]"

(from namespaces/openshift-cloud-credential-operator/pods/cloud-credential-operator-6df4864f96-xprcq/manager/manager/logs/current.log

This would seem to indicate to me that the AAD permission grant was
somehow not successful - but the CLI said that they were. I finally
found where to look in the Azure portal, and found for some reason
that the grant wasn't effective. I was able to grant admin consent,
and voila everything worked.

Amazing what happens when things are configured correctly! :)

On Tue, Oct 8, 2019 at 12:21 AM Jon Stanley <jonstanley gmail com> wrote:
>
> On my Azure install, I don't see any worker nodes being spun up in the
> cloud, hence the installation cannot complete  -very similar to the
> person that was installing on GCP, but there aren't unapproved CSR's
> hanging out, and I don't see the resources in the Azure portal.
>
> FATAL failed to initialize the cluster: Some cluster operators are
> still updating: authentication, console, image-registry, ingress,
> monitoring
>
> I've captured an 'oc adm must-gather' and will attach it (hence
> copying Trevor so someone will receive it :D)


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]