I'm unable to create a persistent volume because the API fails (403) trying to
list the AWS EBS volumes attached to my EC2 host.
I've installed Openshift Origin 1.5.0 on an EC2 host that has an attached EBS
volume. I'm running an all-in-one instance.
In the oc cli logged in in as system:admin
I can query the top-level of the restful apis with curl, so CURL_CA_BUNDLE is
set correctly:
curl -k -v -XGET -H "Accept: application/json, */*" -H "User-Agent:
oc/v1.5.0 openshift/cf6a722"
https://<ip>:8443/oapi/v1<https://%3cip%3e:8443/oapi/v1>
and https://<ip>:8443/api/v1<https://%3cip%3e:8443/api/v1>
But I fail when trying to list resources e.g.:
http://<ip>:8443/api/v1/persistentvolumes<http://%3cip%3e:8443/api/v1/persistentvolumes>
or policybindings
When I try to create a persistent volume with 'oc create -f aws-pv.yaml' the
failure occurs in Kubernetes code trying to retrieve EBS volumes using an AWS
SDK call to a function named like describe-volumes.
I successfully list AWS EBS volumes on my EC2 host using the AWS cli: aws ec2
describe-volumes
AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY environment variables are set.
Here's the relevant section of the log generate by my 'oc create' call:
I0324 08:23:17.827082 17537 round_trippers.go:299] curl -k -v -XPOST -H
"Accept: application/json" -H "Content-Type: application/json" -H "User-Agent:
oc/v1.4.0+776c994 (linux/amd64) kubernetes/a9e9cf3"
https://10.3.1.55:8443/api/v1/persistentvolumes
I0324 08:23:17.865710 17537 round_trippers.go:318] POST
https://10.3.1.55:8443/api/v1/persistentvolumes 403 Forbidden in 38 milliseconds
I0324 08:23:17.865728 17537 round_trippers.go:324] Response Headers:
I0324 08:23:17.865738 17537 round_trippers.go:327] Date: Fri, 24 Mar 2017
15:23:17 GMT
I0324 08:23:17.865745 17537 round_trippers.go:327] Content-Length: 435
I0324 08:23:17.865750 17537 round_trippers.go:327] Cache-Control: no-store
I0324 08:23:17.865754 17537 round_trippers.go:327] Content-Type:
application/json
I0324 08:23:17.865805 17537 request.go:908] Response Body:
{"kind":"Status","apiVersion":"v1","metadata":{},"status":"Failure","message":"persistentvolumes
\"pv0001\" is forbidden: error querying AWS EBS volume vol-05dffe55de3ac725db:
error querying ec2 for volume info: error listing AWS volumes:
UnauthorizedOperation: You are not authorized to perform this
operation.\n\tstatus code: 403, request
id:","reason":"Forbidden","details":{"name":"pv0001","kind":"persistentvolumes"},"code":403}
I0324 08:23:17.866030 17537 helpers.go:199] server response object: [{
"kind": "Status",
"apiVersion": "v1",
"metadata": {},
"status": "Failure",
"message": "error when creating \"aws-persistent-volume.yaml\":
persistentvolumes \"pv0001\" is forbidden: error querying AWS EBS volume
vol-05dffe55de3ac725db: error querying ec2 for volume info: error listing AWS
volumes: UnauthorizedOperation: You are not authorize\d to perform this
operation.\n\tstatus code: 403, request id: ",
"reason": "Forbidden",
"details": {
"name": "pv0001",
"kind": "persistentvolumes"
},
"code": 403
}]
Thanks in advance,
David Vogel
_______________________________________________
users mailing list
[email protected]
http://lists.openshift.redhat.com/openshiftmm/listinfo/users
